1. 3815950 selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling by Paul Moore · 4 years ago
  2. c00fcec selinux: fix error initialization in inode_doinit_with_dentry() by Tianyue Ren · 4 years, 1 month ago
  3. 4ec11eb selinux: Convert isec->lock into a spinlock by Andreas Gruenbacher · 8 years ago
  4. ac17e88 selinux: Clean up initialization of isec->sclass by Andreas Gruenbacher · 8 years ago
  5. 891160f proc: Pass file mode to proc_pid_make_inode by Andreas Gruenbacher · 8 years ago
  6. 81000b6 selinux: Minor cleanups by Andreas Gruenbacher · 8 years ago
  7. ab83798 security,selinux,smack: kill security_task_wait hook by Stephen Smalley · 8 years ago
  8. 8c62a90 Fix incorrect type in assignment of ipv6 port for audit by Casey Schaufler · 2 years, 9 months ago
  9. 6f7fad6 selinux: use correct type for context length by Christian Göttsche · 2 years, 9 months ago
  10. 387a8f0 TOMOYO: fix __setup handlers return values by Randy Dunlap · 2 years, 9 months ago
  11. dd84205 ima: Remove ima_policy file before directory by Stefan Berger · 2 years, 10 months ago
  12. 9d75b88 integrity: check the return value of audit_log_start() by Xiaoke Wang · 2 years, 10 months ago
  13. 120fb31 selinux: initialize proto variable in selinux_ip_postroute_compat() by Tom Rix · 2 years, 11 months ago
  14. a269586 smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi by Tetsuo Handa · 3 years, 1 month ago
  15. 5e44e73 smackfs: use __GFP_NOFAIL for smk_cipso_doi() by Tetsuo Handa · 3 years, 1 month ago
  16. 7e175e3 smackfs: Fix use-after-free in netlbl_catmap_walk() by Pawan Gupta · 3 years, 3 months ago
  17. a5907f3 evm: mark evm_fixmode as __ro_after_init by Austin Kim · 3 years, 1 month ago
  18. 22d4a6d binder: use cred instead of task for selinux checks by Todd Kjos · 3 years, 1 month ago
  19. 687a0bf Smack: Fix wrong semantics in smk_access_entry() by Tianjia Zhang · 3 years, 4 months ago
  20. 749e646 IMA: remove -Wmissing-prototypes warning by Austin Kim · 3 years, 5 months ago
  21. 5f988040 smackfs: restrict bytes count in smk_set_cipso() by Tetsuo Handa · 3 years, 7 months ago
  22. a6414f9 selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC by Minchan Kim · 3 years, 5 months ago
  23. db89bac smackfs: restrict bytes count in smackfs write functions by Sabyrzhan Tasbolatov · 3 years, 10 months ago
  24. 22ac48d KEYS: trusted: Fix migratable=1 failing by Jarkko Sakkinen · 3 years, 10 months ago
  25. e8fbf06 dump_common_audit_data(): fix racy accesses to ->d_name by Al Viro · 3 years, 10 months ago
  26. ff0ad9d ima: Don't ignore errors from crypto_shash_update() by Roberto Sassu · 4 years, 2 months ago
  27. 51d729d selinux: sel_avc_get_stat_idx should increase position index by Vasily Averin · 4 years, 10 months ago
  28. 0433926 Smack: prevent underflow in smk_set_cipso() by Dan Carpenter · 4 years, 4 months ago
  29. 5edf79a Smack: fix another vsscanf out of bounds by Dan Carpenter · 4 years, 4 months ago
  30. 698080a Smack: fix use-after-free in smk_write_relabel_self() by Eric Biggers · 4 years, 4 months ago
  31. 3062787 selinux: fix double free by Tom Rix · 4 years, 5 months ago
  32. 4b9d238 evm: Fix possible memory leak in evm_calc_hmac_or_hash() by Roberto Sassu · 4 years, 7 months ago
  33. 63125a4 ima: Directly assign the ima_default_policy pointer to ima_rules by Roberto Sassu · 4 years, 5 months ago
  34. 446e391 ima: Fix ima digest hash table key calculation by Krzysztof Struczynski · 4 years, 7 months ago
  35. d901002 Smack: slab-out-of-bounds in vsscanf by Casey Schaufler · 4 years, 7 months ago
  36. 8a093d4 exec: Always set cap_ambient in cap_bprm_set_creds by Eric W. Biederman · 4 years, 6 months ago
  37. d8d4da8 ima: Fix return value of ima_write_policy() by Roberto Sassu · 4 years, 7 months ago
  38. ab97e5a evm: Check also if *tfm is an error pointer in init_desc() by Roberto Sassu · 4 years, 7 months ago
  39. 6affa87 selinux: properly handle multiple messages in selinux_netlink_send() by Paul Moore · 4 years, 7 months ago
  40. e7681c2 KEYS: reaching the keys quotas correctly by Yang Xu · 4 years, 9 months ago
  41. 23a0b5a selinux: ensure we cleanup the internal AVC counters on error in avc_update() by Jaihind Yadav · 5 years ago
  42. a9b6e55 keys: Timestamp new keys by David Howells · 6 years ago
  43. 1e42dec ima: always return negative code for error by Sascha Hauer · 5 years ago
  44. 1e4c7ce smack: use GFP_NOFS while holding inode_smack::smk_lock by Eric Biggers · 5 years ago
  45. 128373c Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set by Jann Horn · 5 years ago
  46. 5f0b9f0 security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() by Jia-Ju Bai · 5 years ago
  47. b94178b keys: Fix missing null pointer check in request_key_auth_describe() by Hillf Danton · 5 years ago
  48. ae190f0 selinux: fix memory leak in policydb_init() by Ondrej Mosnacek · 5 years ago
  49. 4a60589 apparmor: enforce nullbyte at end of tag string by Jann Horn · 5 years ago
  50. 869d1e4 selinux: never allow relabeling on context mounts by Ondrej Mosnacek · 6 years ago
  51. b2b2862 device_cgroup: fix RCU imbalance in error case by Jann Horn · 6 years ago
  52. 992baf5 selinux: do not override context on context mounts by Ondrej Mosnacek · 6 years ago
  53. 713b91c missing barriers in some of unix_sock ->addr and ->path accesses by Al Viro · 6 years ago
  54. ccc2aae KEYS: restrict /proc/keys by credentials at open time by Eric Biggers · 7 years ago
  55. dc070cd KEYS: always initialize keyring_index_key::desc_len by Eric Biggers · 6 years ago
  56. 6704b9d KEYS: allow reaching the keys quotas exactly by Eric Biggers · 6 years ago
  57. f096ede smack: fix access permissions for keyring by Zoran Markovic · 6 years ago
  58. 62044cb selinux: always allow mounting submounts by Ondrej Mosnacek · 6 years ago
  59. aedbb45 selinux: fix GPF on invalid policy by Stephen Smalley · 6 years ago
  60. a017e39 LSM: Check for NULL cred-security on free by James Morris · 6 years ago
  61. 4fd72a1 Yama: Check for pid death before checking ancestry by Kees Cook · 6 years ago
  62. 1f89834 ima: re-initialize iint->atomic_flags by Mimi Zohar · 7 years ago
  63. 166f454 ima: re-introduce own integrity cache lock by Dmitry Kasatkin · 7 years ago
  64. 87043e4 EVM: Add support for portable signature format by Matthew Garrett · 7 years ago
  65. 5f9fb1a ima: always measure and audit files in policy by Mimi Zohar · 7 years ago
  66. 5fed1ff Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" by Eric W. Biederman · 8 years ago
  67. 47ff762 selinux: Add __GFP_NOWARN to allocation at str_read() by Tetsuo Handa · 6 years ago
  68. 53de32d ima: fix showing large 'violations' or 'runtime_measurements_count' by Eric Biggers · 6 years ago
  69. eddbab1 evm: Don't deadlock if a crypto algorithm is unavailable by Matthew Garrett · 6 years ago
  70. a64fa27 Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets by Piotr Sawicki · 6 years ago
  71. d1f534f selinux: use GFP_NOWAIT in the AVC kmem_caches by Michal Hocko · 7 years ago
  72. ebc6dcb Smack: Mark inode instant in smack_task_to_inode by Casey Schaufler · 6 years ago
  73. 81be552 ima: based on policy verify firmware signatures (pre-allocated buffer) by Mimi Zohar · 7 years ago
  74. c738c80 selinux: KASAN: slab-out-of-bounds in xattr_getsecurity by Sachin Grover · 6 years ago
  75. 28fffa9 Revert "ima: limit file hash setting by user to fix and log modes" by Mimi Zohar · 8 years ago
  76. 99d8240 ima: Fallback to the builtin hash algorithm by Petr Vorel · 7 years ago
  77. 8a5a436 integrity/security: fix digsig.c build error with header file by Randy Dunlap · 7 years ago
  78. b983b2a selinux: do not check open permission on sockets by Stephen Smalley · 8 years ago
  79. 1978d82 selinux: Remove redundant check for unknown labeling behavior by Matthias Kaehlcke · 7 years ago
  80. 00972ac selinux: Remove unnecessary check of array base in selinux_set_mapping() by Matthias Kaehlcke · 8 years ago
  81. 27a0856 ima: relax requiring a file signature for new files with zero length by Mimi Zohar · 7 years ago
  82. d55a55b apparmor: Make path_max parameter readonly by John Johansen · 8 years ago
  83. b243aa8 selinux: check for address length in selinux_socket_bind() by Alexander Potapenko · 8 years ago
  84. 077463b security/keys: BIG_KEY requires CONFIG_CRYPTO by Arnd Bergmann · 7 years ago
  85. 5e6f51a selinux: skip bounded transition processing if the policy isn't loaded by Paul Moore · 7 years ago
  86. fe1cb58 selinux: ensure the context is NUL terminated in security_context_to_sid_core() by Paul Moore · 7 years ago
  87. 9692602 KEYS: encrypted: fix buffer overread in valid_master_desc() by Eric Biggers · 7 years ago
  88. e71fac0 KPTI: Rename to PAGE_TABLE_ISOLATION by Kees Cook · 7 years ago
  89. 2c27217 x86/kaiser: Reenable PARAVIRT by Borislav Petkov · 7 years ago
  90. 1ce27de kaiser: delete KAISER_REAL_SWITCH option by Hugh Dickins · 7 years ago
  91. 639c005 kaiser: KAISER depends on SMP by Hugh Dickins · 7 years ago
  92. 8f0baad kaiser: merged update by Dave Hansen · 7 years ago
  93. 13be448 KAISER: Kernel Address Isolation by Richard Fellner · 8 years ago
  94. 982707e KEYS: add missing permission check for request_key() destination by Eric Biggers · 7 years ago
  95. b0a4608 ima: fix hash algorithm initialization by Boshi Wang · 7 years ago
  96. 2cfbb32 ima: do not update security.ima if appraisal status is not INTEGRITY_PASS by Roberto Sassu · 7 years ago
  97. 31c8c49 security/keys: add CONFIG_KEYS_COMPAT to Kconfig by Bilal Amarni · 7 years ago
  98. 419ec34 KEYS: trusted: fix writing past end of buffer in trusted_read() by Eric Biggers · 7 years ago
  99. 64a2345 KEYS: trusted: sanitize all key material by Eric Biggers · 7 years ago
  100. ab71bee apparmor: fix undefined reference to `aa_g_hash_policy' by John Johansen · 8 years ago