summaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2017-02-07selinux: fix off-by-one in setprocattrStephen Smalley1-1/+1
2017-01-27ima: allow to check MAY_APPENDLans Zhang2-4/+5
2017-01-27ima: fix ima_d_path() possible race with renameMimi Zohar3-6/+24
2017-01-27Merge branch 'smack-for-4.11' of git://github.com/cschaufler/smack-next into ...James Morris3-27/+95
2017-01-24Introduce a sysctl that modifies the value of PROT_SOCK.Krister Johansen1-1/+2
2017-01-24exec: Remove LSM_UNSAFE_PTRACE_CAPEric W. Biederman4-5/+4
2017-01-24exec: Test the ptracer's saved cred to see if the tracee can gain capsEric W. Biederman1-1/+2
2017-01-24exec: Don't reset euid and egid when the tracee has CAP_SETUIDEric W. Biederman1-1/+1
2017-01-19Introduce STATIC_USERMODEHELPER to mediate call_usermodehelper()Greg Kroah-Hartman1-0/+35
2017-01-19Make static usermode helper binaries constantGreg Kroah-Hartman1-3/+4
2017-01-19LSM: Add /sys/kernel/security/lsmCasey Schaufler9-9/+71
2017-01-16apparmor: fix undefined reference to `aa_g_hash_policy'John Johansen1-1/+1
2017-01-16apparmor: replace remaining BUG_ON() asserts with AA_BUG()John Johansen4-5/+5
2017-01-16apparmor: fix restricted endian type warnings for policy unpackJohn Johansen1-6/+6
2017-01-16apparmor: fix restricted endian type warnings for dfa unpackJohn Johansen2-12/+12
2017-01-16apparmor: add check for apparmor enabled in module parameters missing itJohn Johansen1-0/+10
2017-01-16apparmor: add per cpu work buffers to avoid allocating buffers at every hookJohn Johansen2-1/+103
2017-01-16apparmor: sysctl to enable unprivileged user ns AppArmor policy loadingTyler Hicks2-1/+47
2017-01-16apparmor: support querying extended trusted helper extra dataWilliam Hua5-0/+245
2017-01-16apparmor: update cap audit to check SECURITY_CAP_NOAUDITJohn Johansen1-6/+10
2017-01-16apparmor: make computing policy hashes conditional on kernel parameterJohn Johansen2-29/+32
2017-01-16apparmor: convert change_profile to use fqname later to give better controlJohn Johansen5-66/+28
2017-01-16apparmor: fix change_hat debug outputJohn Johansen1-4/+5
2017-01-16apparmor: remove unused op parameter from simple_write_to_buffer()John Johansen1-6/+3
2017-01-16apparmor: change aad apparmor_audit_data macro to a fn macroJohn Johansen12-161/+155
2017-01-16apparmor: change op from int to const char *John Johansen10-134/+84
2017-01-16apparmor: rename context abreviation cxt to the more standard ctxJohn Johansen5-144/+150
2017-01-16apparmor: fail task profile update if current_cred isn't real_credJohn Johansen1-0/+3
2017-01-16apparmor: add per policy ns .load, .replace, .remove interface filesJohn Johansen2-22/+130
2017-01-16apparmor: pass the subject profile into profile replace/removeJohn Johansen3-16/+21
2017-01-16apparmor: audit policy ns specified in policy loadJohn Johansen3-24/+77
2017-01-16apparmor: allow introspecting the loaded policy pre internal transformJohn Johansen8-58/+278
2017-01-16apparmor: add ns name to the audit data for policy loadsJohn Johansen2-10/+25
2017-01-16apparmor: add profile and ns params to aa_may_manage_policy()John Johansen3-14/+12
2017-01-16apparmor: add ns being viewed as a param to policy_admin_capable()John Johansen3-10/+16
2017-01-16apparmor: add ns being viewed as a param to policy_view_capable()John Johansen4-8/+35
2017-01-16apparmor: allow specifying the profile doing the managementJohn Johansen1-11/+21
2017-01-16apparmor: allow introspecting the policy namespace nameJohn Johansen1-0/+24
2017-01-16apparmor: Make aa_remove_profile() callable from a different viewJohn Johansen3-5/+7
2017-01-16apparmor: track ns level so it can be used to help in view checksJohn Johansen1-0/+1
2017-01-16apparmor: add special .null file used to "close" fds at execJohn Johansen3-1/+81
2017-01-16apparmor: provide userspace flag indicating binfmt_elf_mmap changeJohn Johansen1-0/+1
2017-01-16apparmor: add a default null dfaJohn Johansen6-2/+46
2017-01-16apparmor: allow policydb to be used as the file dfaJohn Johansen1-4/+8
2017-01-16apparmor: add get_dfa() fnJohn Johansen1-0/+15
2017-01-16apparmor: prepare to support newer versions of policyJohn Johansen2-10/+25
2017-01-16apparmor: add support for force complain flag to support learning modeJohn Johansen1-1/+3
2017-01-16apparmor: remove paranoid load switchJohn Johansen2-16/+10
2017-01-16apparmor: name null-XXX profiles after the executableJohn Johansen3-17/+47
2017-01-16apparmor: pass gfp_t parameter into profile allocationJohn Johansen4-8/+9