summaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2019-11-11Merge tag 'v5.4-rc7' into perf/core, to pick up fixesIngo Molnar1-0/+1
2019-10-31efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMINJavier Martinez Canillas1-0/+1
2019-10-17perf_event: Add support for LSM and SELinux checksJoel Fernandes (Google)4-1/+103
2019-10-08Merge tag 'selinux-pr-20191007' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+8
2019-10-05integrity: remove pointless subdir-$(CONFIG_...)Masahiro Yamada1-2/+0
2019-10-05integrity: remove unneeded, broken attempt to add -fshort-wcharMasahiro Yamada1-1/+0
2019-10-03selinux: fix context string corruption in convert_context()Ondrej Mosnacek1-1/+8
2019-09-28Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds10-16/+350
2019-09-27Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds15-105/+627
2019-09-25KEYS: trusted: correctly initialize digests and fix locking issueRoberto Sassu1-0/+5
2019-09-23Merge tag 'smack-for-5.4-rc1' of git://github.com/cschaufler/smack-nextLinus Torvalds2-23/+23
2019-09-23Merge tag 'safesetid-bugfix-5.4' of git://github.com/micah-morton/linuxLinus Torvalds1-1/+2
2019-09-23Merge tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds12-296/+346
2019-09-17LSM: SafeSetID: Stop releasing uninitialized rulesetMicah Morton1-1/+2
2019-09-10security: constify some arrays in lockdown LSMMatthew Garrett1-2/+2
2019-09-05keys: Fix missing null pointer check in request_key_auth_describe()Hillf Danton1-0/+6
2019-09-04selinux: fix residual uses of current_security() for the SELinux blobStephen Smalley2-11/+11
2019-09-04smack: use GFP_NOFS while holding inode_smack::smk_lockEric Biggers2-4/+4
2019-09-04security: smack: Fix possible null-pointer dereferences in smack_socket_sock_...Jia-Ju Bai1-0/+2
2019-09-04smack: fix some kernel-doc notationsluanshi1-18/+15
2019-09-04Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is setJann Horn1-1/+2
2019-08-30keys: ensure that ->match_free() is called in request_key_and_link()Eric Biggers1-1/+1
2019-08-29ima: ima_api: Use struct_size() in kzalloc()Gustavo A. R. Silva1-2/+2
2019-08-29ima: use struct_size() in kzalloc()Gustavo A. R. Silva1-3/+2
2019-08-28ima: Fix use after free in ima_read_modsig()Thiago Jung Bauermann1-1/+2
2019-08-27selinux: avoid atomic_t usage in sidtabOndrej Mosnacek2-32/+35
2019-08-19lockdown: Print current->comm in restriction messagesMatthew Garrett1-2/+6
2019-08-19tracefs: Restrict tracefs when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19debugfs: Restrict debugfs when the kernel is locked downDavid Howells1-0/+1
2019-08-19kexec: Allow kexec_file() with appropriate IMA policy when locked downMatthew Garrett3-1/+53
2019-08-19lockdown: Lock down perf when in confidentiality modeDavid Howells1-0/+1
2019-08-19bpf: Restrict bpf when kernel lockdown is in confidentiality modeDavid Howells1-0/+1
2019-08-19lockdown: Lock down tracing and perf kprobes when in confidentiality modeDavid Howells1-0/+1
2019-08-19lockdown: Lock down /proc/kcoreDavid Howells1-0/+1
2019-08-19x86/mmiotrace: Lock down the testmmiotrace moduleDavid Howells1-0/+1
2019-08-19lockdown: Lock down module params that specify hardware parameters (eg. ioport)David Howells1-0/+1
2019-08-19lockdown: Lock down TIOCSSERIALDavid Howells1-0/+1
2019-08-19lockdown: Prohibit PCMCIA CIS storage when the kernel is locked downDavid Howells1-0/+1
2019-08-19ACPI: Limit access to custom_method when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19x86/msr: Restrict MSR access when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19x86: Lock down IO port access when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19PCI: Lock down BAR access when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19hibernate: Disable when the kernel is locked downJosh Boyer1-0/+1
2019-08-19kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCEJiri Bohac2-2/+2
2019-08-19kexec_load: Disable at runtime if the kernel is locked downMatthew Garrett1-0/+1
2019-08-19lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19lockdown: Enforce module signatures if the kernel is locked downDavid Howells2-0/+2
2019-08-19security: Add a static lockdown policy LSMMatthew Garrett5-5/+224
2019-08-19security: Add a "locked down" LSM hookMatthew Garrett1-0/+6
2019-08-19security: Support early LSMsMatthew Garrett1-8/+42