summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2016-07-20qstr: constify dentry_init_securityAl Viro2-2/+2
2016-07-12apparmor: fix arg_size computation for when setprocattr is null terminatedJohn Johansen1-1/+1
2016-07-12apparmor: fix oops, validate buffer size in apparmor_setprocattr()Vegard Nossum1-17/+19
2016-07-12apparmor: do not expose kernel stackHeinrich Schuchardt1-1/+3
2016-07-12apparmor: fix module parameters can be changed after policy is lockedJohn Johansen3-13/+29
2016-07-12apparmor: fix oops in profile_unpack() when policy_db is not presentJohn Johansen1-0/+3
2016-07-12apparmor: don't check for vmalloc_addr if kvzalloc() failedJohn Johansen1-5/+5
2016-07-12apparmor: add missing id bounds check on dfa verificationJohn Johansen2-0/+3
2016-07-12apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another taskJeff Mahoney1-2/+4
2016-07-12apparmor: use list_next_entry instead of list_entry_nextGeliang Tang1-5/+3
2016-07-12apparmor: fix refcount race when finding a child profileJohn Johansen1-1/+3
2016-07-12apparmor: fix ref count leak when profile sha1 hash is readJohn Johansen1-0/+1
2016-07-12apparmor: check that xindex is in trans_table boundsJohn Johansen1-1/+1
2016-07-12apparmor: ensure the target profile name is always auditedJohn Johansen1-11/+9
2016-07-12apparmor: fix audit full profile hname on successful loadJohn Johansen1-1/+1
2016-07-12apparmor: fix log failures for all profiles in a setJohn Johansen1-10/+19
2016-07-12apparmor: fix put() parent ref after updating the active refJohn Johansen1-1/+1
2016-07-12apparmor: add parameter to control whether policy hashing is usedJohn Johansen4-6/+25
2016-07-12apparmor: internal paths should be treated as disconnectedJohn Johansen1-28/+36
2016-07-12apparmor: fix disconnected bind mnts reconnectionJohn Johansen1-1/+4
2016-07-12apparmor: fix update the mtime of the profile file on replacementJohn Johansen1-0/+2
2016-07-12apparmor: exec should not be returning ENOENT when it deniesJohn Johansen1-1/+1
2016-07-12apparmor: fix uninitialized lsm_audit memberJohn Johansen2-2/+4
2016-07-12apparmor: fix replacement bug that adds new child to old parentJohn Johansen1-1/+1
2016-07-12apparmor: fix refcount bug in profile replacementJohn Johansen1-2/+2
2016-07-09Merge tag 'keys-misc-20160708' of git://git.kernel.org/pub/scm/linux/kernel/g...James Morris2-2/+2
2016-07-08Merge branch 'smack-for-4.8' of https://github.com/cschaufler/smack-next into...James Morris1-0/+3
2016-07-08apparmor: fix oops, validate buffer size in apparmor_setprocattr()Vegard Nossum1-17/+19
2016-07-07Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/selinux in...James Morris7-64/+73
2016-07-05evm: Translate user/group ids relative to s_user_ns when computing HMACSeth Forshee1-2/+2
2016-06-30Merge branch 'd_real' of git://git.kernel.org/pub/scm/linux/kernel/git/mszere...Al Viro5-7/+14
2016-06-30ima: extend the measurement entry specific pcrEric Richter1-3/+3
2016-06-30ima: change integrity cache to store measured pcrEric Richter3-3/+11
2016-06-30ima: redefine duplicate template entriesEric Richter1-3/+4
2016-06-30ima: change ima_measurements_show() to display the entry specific pcrEric Richter1-5/+4
2016-06-30ima: include pcr for each measurement log entryEric Richter4-8/+13
2016-06-30ima: extend ima_get_action() to return the policy pcrEric Richter5-7/+14
2016-06-30ima: add policy support for extending different pcrsEric Richter1-1/+28
2016-06-30integrity: add measured_pcrs field to integrity cacheEric Richter2-0/+3
2016-06-27calipso: Add a label cache.Huw Davies1-3/+6
2016-06-27netlabel: Pass a family parameter to netlbl_skbuff_err().Huw Davies4-8/+10
2016-06-27calipso: Allow the lsm to label the skbuff directly.Huw Davies1-0/+15
2016-06-27calipso: Allow request sockets to be relabelled by the lsm.Huw Davies1-1/+1
2016-06-27netlabel: Prevent setsockopt() from changing the hop-by-hop option.Huw Davies1-1/+16
2016-06-27calipso: Set the calipso socket label to match the secattr.Huw Davies1-1/+1
2016-06-24selinux: Add support for unprivileged mounts from user namespacesSeth Forshee1-0/+23
2016-06-24Smack: Handle labels consistently in untrusted mountsSeth Forshee1-10/+19
2016-06-24Smack: Add support for unprivileged mounts from user namespacesSeth Forshee2-12/+37
2016-06-24fs: Treat foreign mounts as nosuidAndy Lutomirski2-2/+8
2016-06-24fs: Limit file caps to the user namespace of the super blockSeth Forshee1-0/+2