- e4a281c KEYS: Avoid false positive ENOMEM error on key read by Waiman Long · 4 years, 7 months ago
- 18779ea KEYS: Don't write out to userspace while holding key semaphore by Waiman Long · 4 years, 7 months ago
- 0aadc67 keys: Fix proc_keys_next to increase position index by Vasily Averin · 4 years, 6 months ago
- 14b9635 KEYS: reaching the keys quotas correctly by Yang Xu · 4 years, 8 months ago
- 7742c3e selinux: ensure we cleanup the internal AVC counters on error in avc_update() by Jaihind Yadav · 4 years, 10 months ago
- c0d7b3f selinux: ensure we cleanup the internal AVC counters on error in avc_insert() by Paul Moore · 4 years, 11 months ago
- efd5ce8 selinux: fall back to ref-walk if audit is required by Stephen Smalley · 5 years ago
- 8f1c7fe tomoyo: Use atomic_t for statistics counter by Tetsuo Handa · 4 years, 10 months ago
- 0abc0d5 keys: Timestamp new keys by David Howells · 6 years ago
- e58f543 apparmor: don't try to replace stale label in ptrace access check by Jann Horn · 6 years ago
- 451830a apparmor: Fix network performance issue in aa_label_sk_perm by Tony Jones · 6 years ago
- 87ca9aa LSM: generalize flag passing to security_capable by Micah Morton · 6 years ago
- f3248d6 apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock by John Johansen · 4 years, 10 months ago
- 79a1eae apparmor: fix unsigned len comparison with less than zero by Colin Ian King · 5 years ago
- d8a89c3 apparmor: delete the dentry in aafs_remove() to avoid a leak by Chris Coulson · 6 years ago
- 4753e7a ima: fix freeing ongoing ahash_request by Sascha Hauer · 5 years ago
- b69c308 ima: always return negative code for error by Sascha Hauer · 5 years ago
- 1b42503 smack: use GFP_NOFS while holding inode_smack::smk_lock by Eric Biggers · 5 years ago
- ef9744a Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set by Jann Horn · 5 years ago
- 9a87ab2 security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() by Jia-Ju Bai · 5 years ago
- ca77acd keys: Fix missing null pointer check in request_key_auth_describe() by Hillf Danton · 5 years ago
- 1711103 apparmor: reset pos on failure to unpack for various functions by Mike Salvatore · 5 years ago
- 46650ac selinux: fix memory leak in policydb_init() by Ondrej Mosnacek · 5 years ago
- 914026d selinux: fix empty write to keycreate file by Ondrej Mosnacek · 5 years ago
- 31c9958 apparmor: enforce nullbyte at end of tag string by Jann Horn · 5 years ago
- eb2b0bf apparmor: fix PROFILE_MEDIATES for untrusted input by John Johansen · 5 years ago
- 6e322a9 evm: check hash algorithm passed to init_desc() by Roberto Sassu · 5 years ago
- f85b87a ima: show rules with IMA_INMASK correctly by Roberto Sassu · 5 years ago
- a2ace9b selinux: avoid uninitialized variable warning by Arnd Bergmann · 6 years ago
- b21ca27 apparmorfs: fix use-after-free on symlink traversal by Al Viro · 6 years ago
- 9a0467e securityfs: fix use-after-free on symlink traversal by Al Viro · 6 years ago
- dfdfad3 selinux: do not report error on connect(AF_UNSPEC) by Paolo Abeni · 5 years ago
- 574be22 selinux: never allow relabeling on context mounts by Ondrej Mosnacek · 6 years ago
- 6b13ae5 selinux: avoid silent denials in permissive mode under RCU walk by Stephen Smalley · 6 years ago
- 145f6a7 selinux: use kernel linux/socket.h for genheaders and mdp by Paulo Alcantara · 6 years ago
- 628c99a8 device_cgroup: fix RCU imbalance in error case by Jann Horn · 6 years ago
- e30e0b0 selinux: do not override context on context mounts by Ondrej Mosnacek · 6 years ago
- c7dad09 security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock by J. Bruce Fields · 6 years ago
- e4f6f82 selinux: add the missing walk_size + len check in selinux_sctp_bind_connect by Xin Long · 6 years ago
- 7268328 keys: Fix dependency loop between construction record and auth key by David Howells · 6 years ago
- 345af5a missing barriers in some of unix_sock ->addr and ->path accesses by Al Viro · 6 years ago
- d7807b6 apparmor: Fix aa_label_build() error handling for failed merges by John Johansen · 6 years ago
- 8b4b1d7 KEYS: always initialize keyring_index_key::desc_len by Eric Biggers · 6 years ago
- f812bec KEYS: allow reaching the keys quotas exactly by Eric Biggers · 6 years ago
- 54e71cb smack: fix access permissions for keyring by Zoran Markovic · 6 years ago
- 34ea589 selinux: always allow mounting submounts by Ondrej Mosnacek · 6 years ago
- 5a79e71 selinux: fix GPF on invalid policy by Stephen Smalley · 6 years ago
- a19aedf LSM: Check for NULL cred-security on free by James Morris · 6 years ago
- b955a2c Yama: Check for pid death before checking ancestry by Kees Cook · 6 years ago
- b37fdd9 selinux: policydb - fix byte order and alignment issues by Ondrej Mosnacek · 6 years ago
- 4c202ad selinux: add support for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN by Paul Moore · 6 years ago
- 3962e78 selinux: Add __GFP_NOWARN to allocation at str_read() by Tetsuo Handa · 6 years ago
- c8a1685 apparmor: Fix uninitialized value in aa_split_fqname by Zubin Mithra · 6 years ago
- c75e3cb selinux: check length properly in SCTP bind hook by Ondrej Mosnacek · 6 years ago
- 8b259b9 ima: open a new file instance if no read permissions by Goldwyn Rodrigues · 6 years ago
- 13d3c98 ima: fix showing large 'violations' or 'runtime_measurements_count' by Eric Biggers · 6 years ago
- f77c846 selinux: fix mounting of cgroup2 under older policies by Stephen Smalley · 6 years ago
- 7a47855 Smack: ptrace capability use fixes by Casey Schaufler · 6 years ago
- 8c0f9f5 Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name" by Lubomir Rintel · 6 years ago
- 61a6bd8 Revert "x86/mm/legacy: Populate the user page-table with user pgd's" by Joerg Roedel · 6 years ago
- db44bf4 Merge tag 'apparmor-pr-2018-09-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor by Linus Torvalds · 6 years ago
- 8a2336e uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name by Randy Dunlap · 6 years ago
- edf4e7b apparmor: fix bad debug check in apparmor_secid_to_secctx() by John Johansen · 6 years ago
- 57bb8e3 Merge tag 'apparmor-pr-2018-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor by Linus Torvalds · 6 years ago
- 4def196 Merge branch 'userns-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace by Linus Torvalds · 6 years ago
- c037bd6 apparmor: remove no-op permission check in policy_unpack by John Johansen · 6 years ago
- 1b1eeca init: allow initcall tables to be emitted using relative references by Ard Biesheuvel · 6 years ago
- 0a6b292 apparmor: fix an error code in __aa_create_ns() by Dan Carpenter · 6 years ago
- f91e654 Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 6 years ago
- c715ebe Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 6 years ago
- 04743f8 Merge branch 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 6 years ago
- dafa5f6 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 by Linus Torvalds · 6 years ago
- 9a76aba Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next by Linus Torvalds · 6 years ago
- e026bcc Merge tag 'kbuild-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild by Linus Torvalds · 6 years ago
- 6f7dac1 Merge tag 'selinux-pr-20180814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux by Linus Torvalds · 6 years ago
- 92d4a03 Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 6 years ago
- 8c479c2 Merge tag 'hardened-usercopy-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux by Linus Torvalds · 6 years ago
- a66b4cd Merge branch 'work.open3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs by Linus Torvalds · 6 years ago
- 355139a cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() by Eddie.Horng · 6 years ago
- 7e4237f selinux: cleanup dentry and inodes on error in selinuxfs by nixiaoming · 6 years ago
- c5f5aee Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux by Herbert Xu · 6 years ago
- df6b4e6 Merge branch 'smack-for-4.19-a' of https://github.com/cschaufler/next-smack into next-smack by James Morris · 6 years ago
- ec403d8 ima: Get rid of ima_used_chip and use ima_tpm_chip != NULL instead by Stefan Berger · 6 years ago
- 5c2a640 ima: Use tpm_default_chip() and call TPM functions with a tpm_chip by Stefan Berger · 6 years ago
- 32a4f5e net: sched: introduce chain object to uapi by Jiri Pirko · 6 years ago
- d66a8ac Smack: Inform peer that IPv6 traffic has been blocked by Piotr Sawicki · 6 years ago
- a07ef95 Smack: Check UDP-Lite and DCCP protocols during IPv6 handling by Piotr Sawicki · 6 years ago
- 129a998 Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets by Piotr Sawicki · 6 years ago
- 3dd0f18 EVM: fix return value check in evm_write_xattrs() by Wei Yongjun · 6 years ago
- 24b87a1 apparmor: Fix failure to audit context info in build_change_hat by John Johansen · 6 years ago
- f4585bc apparmor: Fully initialize aa_perms struct when answering userspace query by Tyler Hicks · 6 years ago
- 7f3ebcf apparmor: Check buffer bounds when mapping permissions mask by Tyler Hicks · 6 years ago
- 7757d60 x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 by Joerg Roedel · 6 years ago
- 6eb864c integrity: prevent deadlock during digsig verification. by Mikhail Kurinnoi · 6 years ago
- 5feeb61 evm: Allow non-SHA1 digital signatures by Matthew Garrett · 6 years ago
- e2861fa evm: Don't deadlock if a crypto algorithm is unavailable by Matthew Garrett · 6 years ago
- ac2409a integrity: silence warning when CONFIG_SECURITYFS is not enabled by Sudeep Holla · 6 years ago
- dba31ee ima: Differentiate auditing policy rules from "audit" actions by Stefan Berger · 6 years ago
- 2afd020 ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set by Stefan Berger · 6 years ago
- 3d2859d ima: Use audit_log_format() rather than audit_log_string() by Stefan Berger · 6 years ago