- c470dc5 ima: Don't ignore errors from crypto_shash_update() by Roberto Sassu · 4 years, 2 months ago
- 64e0f9e selinux: sel_avc_get_stat_idx should increase position index by Vasily Averin · 4 years, 9 months ago
- 1904f6d selinux: allow labeling before policy is loaded by Jonathan Lebon · 5 years ago
- adef6d2 Smack: prevent underflow in smk_set_cipso() by Dan Carpenter · 4 years, 3 months ago
- 820defe Smack: fix another vsscanf out of bounds by Dan Carpenter · 4 years, 3 months ago
- 67b4be3 Smack: fix use-after-free in smk_write_relabel_self() by Eric Biggers · 4 years, 4 months ago
- fe1219a apparmor: ensure that dfa state tables have entries by John Johansen · 4 years, 7 months ago
- 3f9a54c apparmor: don't try to replace stale label in ptraceme check by Jann Horn · 6 years ago
- cd80735 selinux: fix double free by Tom Rix · 4 years, 5 months ago
- 3cc2aec apparmor: fix nnp subset test for unconfined by John Johansen · 5 years ago
- 70fa599 apparmor: check/put label on apparmor_sk_clone_security() by Mauricio Faria de Oliveira · 4 years, 5 months ago
- 86396a4 apparmor: fix introspection of of task mode for unconfined tasks by John Johansen · 4 years, 5 months ago
- fcb067c ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() by Roberto Sassu · 4 years, 5 months ago
- 3815f65 evm: Fix possible memory leak in evm_calc_hmac_or_hash() by Roberto Sassu · 4 years, 7 months ago
- d52a190 ima: Directly assign the ima_default_policy pointer to ima_rules by Roberto Sassu · 4 years, 5 months ago
- 71381da ima: Fix ima digest hash table key calculation by Krzysztof Struczynski · 4 years, 6 months ago
- 8498142 Smack: slab-out-of-bounds in vsscanf by Casey Schaufler · 4 years, 7 months ago
- cdfd1ec mm: add kvfree_sensitive() for freeing sensitive data objects by Waiman Long · 4 years, 5 months ago
- a000647 evm: Fix RCU list related warnings by Madhuparna Bhowmik · 4 years, 6 months ago
- 6c45ea1 exec: Always set cap_ambient in cap_bprm_set_creds by Eric W. Biederman · 4 years, 5 months ago
- c701849 apparmor: Fix aa_label refcnt leak in policy_update by Xiyu Yang · 4 years, 7 months ago
- dd73adb apparmor: fix potential label refcnt leak in aa_change_profile by Xiyu Yang · 4 years, 7 months ago
- f1738ae apparmor: Fix use-after-free in aa_audit_rule_init by Navid Emamdoost · 5 years ago
- 657a03f ima: Fix return value of ima_write_policy() by Roberto Sassu · 4 years, 6 months ago
- 4c7a2e7 evm: Check also if *tfm is an error pointer in init_desc() by Roberto Sassu · 4 years, 6 months ago
- 904de13 ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash() by Roberto Sassu · 4 years, 6 months ago
- 2307585 selinux: properly handle multiple messages in selinux_netlink_send() by Paul Moore · 4 years, 6 months ago
- e4a281c KEYS: Avoid false positive ENOMEM error on key read by Waiman Long · 4 years, 8 months ago
- 18779ea KEYS: Don't write out to userspace while holding key semaphore by Waiman Long · 4 years, 8 months ago
- 0aadc67 keys: Fix proc_keys_next to increase position index by Vasily Averin · 4 years, 7 months ago
- 14b9635 KEYS: reaching the keys quotas correctly by Yang Xu · 4 years, 8 months ago
- 7742c3e selinux: ensure we cleanup the internal AVC counters on error in avc_update() by Jaihind Yadav · 4 years, 11 months ago
- c0d7b3f selinux: ensure we cleanup the internal AVC counters on error in avc_insert() by Paul Moore · 5 years ago
- efd5ce8 selinux: fall back to ref-walk if audit is required by Stephen Smalley · 5 years ago
- 8f1c7fe tomoyo: Use atomic_t for statistics counter by Tetsuo Handa · 4 years, 10 months ago
- 0abc0d5 keys: Timestamp new keys by David Howells · 6 years ago
- e58f543 apparmor: don't try to replace stale label in ptrace access check by Jann Horn · 6 years ago
- 451830a apparmor: Fix network performance issue in aa_label_sk_perm by Tony Jones · 6 years ago
- 87ca9aa LSM: generalize flag passing to security_capable by Micah Morton · 6 years ago
- f3248d6 apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock by John Johansen · 4 years, 10 months ago
- 79a1eae apparmor: fix unsigned len comparison with less than zero by Colin Ian King · 5 years ago
- d8a89c3 apparmor: delete the dentry in aafs_remove() to avoid a leak by Chris Coulson · 6 years ago
- 4753e7a ima: fix freeing ongoing ahash_request by Sascha Hauer · 5 years ago
- b69c308 ima: always return negative code for error by Sascha Hauer · 5 years ago
- 1b42503 smack: use GFP_NOFS while holding inode_smack::smk_lock by Eric Biggers · 5 years ago
- ef9744a Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set by Jann Horn · 5 years ago
- 9a87ab2 security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() by Jia-Ju Bai · 5 years ago
- ca77acd keys: Fix missing null pointer check in request_key_auth_describe() by Hillf Danton · 5 years ago
- 1711103 apparmor: reset pos on failure to unpack for various functions by Mike Salvatore · 5 years ago
- 46650ac selinux: fix memory leak in policydb_init() by Ondrej Mosnacek · 5 years ago
- 914026d selinux: fix empty write to keycreate file by Ondrej Mosnacek · 5 years ago
- 31c9958 apparmor: enforce nullbyte at end of tag string by Jann Horn · 5 years ago
- eb2b0bf apparmor: fix PROFILE_MEDIATES for untrusted input by John Johansen · 5 years ago
- 6e322a9 evm: check hash algorithm passed to init_desc() by Roberto Sassu · 5 years ago
- f85b87a ima: show rules with IMA_INMASK correctly by Roberto Sassu · 5 years ago
- a2ace9b selinux: avoid uninitialized variable warning by Arnd Bergmann · 6 years ago
- b21ca27 apparmorfs: fix use-after-free on symlink traversal by Al Viro · 6 years ago
- 9a0467e securityfs: fix use-after-free on symlink traversal by Al Viro · 6 years ago
- dfdfad3 selinux: do not report error on connect(AF_UNSPEC) by Paolo Abeni · 5 years ago
- 574be22 selinux: never allow relabeling on context mounts by Ondrej Mosnacek · 6 years ago
- 6b13ae5 selinux: avoid silent denials in permissive mode under RCU walk by Stephen Smalley · 6 years ago
- 145f6a7 selinux: use kernel linux/socket.h for genheaders and mdp by Paulo Alcantara · 6 years ago
- 628c99a8 device_cgroup: fix RCU imbalance in error case by Jann Horn · 6 years ago
- e30e0b0 selinux: do not override context on context mounts by Ondrej Mosnacek · 6 years ago
- c7dad09 security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock by J. Bruce Fields · 6 years ago
- e4f6f82 selinux: add the missing walk_size + len check in selinux_sctp_bind_connect by Xin Long · 6 years ago
- 7268328 keys: Fix dependency loop between construction record and auth key by David Howells · 6 years ago
- 345af5a missing barriers in some of unix_sock ->addr and ->path accesses by Al Viro · 6 years ago
- d7807b6 apparmor: Fix aa_label_build() error handling for failed merges by John Johansen · 6 years ago
- 8b4b1d7 KEYS: always initialize keyring_index_key::desc_len by Eric Biggers · 6 years ago
- f812bec KEYS: allow reaching the keys quotas exactly by Eric Biggers · 6 years ago
- 54e71cb smack: fix access permissions for keyring by Zoran Markovic · 6 years ago
- 34ea589 selinux: always allow mounting submounts by Ondrej Mosnacek · 6 years ago
- 5a79e71 selinux: fix GPF on invalid policy by Stephen Smalley · 6 years ago
- a19aedf LSM: Check for NULL cred-security on free by James Morris · 6 years ago
- b955a2c Yama: Check for pid death before checking ancestry by Kees Cook · 6 years ago
- b37fdd9 selinux: policydb - fix byte order and alignment issues by Ondrej Mosnacek · 6 years ago
- 4c202ad selinux: add support for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN by Paul Moore · 6 years ago
- 3962e78 selinux: Add __GFP_NOWARN to allocation at str_read() by Tetsuo Handa · 6 years ago
- c8a1685 apparmor: Fix uninitialized value in aa_split_fqname by Zubin Mithra · 6 years ago
- c75e3cb selinux: check length properly in SCTP bind hook by Ondrej Mosnacek · 6 years ago
- 8b259b9 ima: open a new file instance if no read permissions by Goldwyn Rodrigues · 6 years ago
- 13d3c98 ima: fix showing large 'violations' or 'runtime_measurements_count' by Eric Biggers · 6 years ago
- f77c846 selinux: fix mounting of cgroup2 under older policies by Stephen Smalley · 6 years ago
- 7a47855 Smack: ptrace capability use fixes by Casey Schaufler · 6 years ago
- 8c0f9f5 Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name" by Lubomir Rintel · 6 years ago
- 61a6bd8 Revert "x86/mm/legacy: Populate the user page-table with user pgd's" by Joerg Roedel · 6 years ago
- db44bf4 Merge tag 'apparmor-pr-2018-09-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor by Linus Torvalds · 6 years ago
- 8a2336e uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name by Randy Dunlap · 6 years ago
- edf4e7b apparmor: fix bad debug check in apparmor_secid_to_secctx() by John Johansen · 6 years ago
- 57bb8e3 Merge tag 'apparmor-pr-2018-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor by Linus Torvalds · 6 years ago
- 4def196 Merge branch 'userns-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace by Linus Torvalds · 6 years ago
- c037bd6 apparmor: remove no-op permission check in policy_unpack by John Johansen · 6 years ago
- 1b1eeca init: allow initcall tables to be emitted using relative references by Ard Biesheuvel · 6 years ago
- 0a6b292 apparmor: fix an error code in __aa_create_ns() by Dan Carpenter · 6 years ago
- f91e654 Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 6 years ago
- c715ebe Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 6 years ago
- 04743f8 Merge branch 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 6 years ago
- dafa5f6 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 by Linus Torvalds · 6 years ago
- 9a76aba Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next by Linus Torvalds · 6 years ago