Security Enhanced Linux (SELINUX)

Date Index

[Prev Page][Next Page]

[PATCH] selinux: always check the file label in selinux_kernel_read_file(), Paul Moore
- Re: [PATCH] selinux: always check the file label in selinux_kernel_read_file(), Paul Moore
[PATCH testsuite] policy,tests: add tests for new permissions for loading files/data, kippndavis . work
[PATCH] selinux: add permission checks for loading other kinds of kernel files, kippndavis . work
- Re: [PATCH] selinux: add permission checks for loading other kinds of kernel files, Paul Moore
[PATCH 1/4] libselinux: constify global strings, Christian Göttsche
- [PATCH 4/4] libselinux: limit fcontext regex path length, Christian Göttsche
- [PATCH 3/4] libselinux: initialize regex arch string in a thread safe way, Christian Göttsche
- [PATCH 2/4] libselinux: use local instead of global error buffer, Christian Göttsche
[PATCH testsuite] tests/inet_socket: enable MPTCP if it's disabled via sysctl, Ondrej Mosnacek
- Re: [PATCH testsuite] tests/inet_socket: enable MPTCP if it's disabled via sysctl, Ondrej Mosnacek
ANN: SELinux userspace 3.8, Petr Lautrbach
[PATCH v5 0/3] mount notification, Miklos Szeredi
- [PATCH v5 1/3] fsnotify: add mount notification infrastructure, Miklos Szeredi
- [PATCH v5 2/3] fanotify: notify on mount attach and detach, Miklos Szeredi
  - Re: [PATCH v5 2/3] fanotify: notify on mount attach and detach, Paul Moore
    - Re: [PATCH v5 2/3] fanotify: notify on mount attach and detach, Miklos Szeredi
      - Re: [PATCH v5 2/3] fanotify: notify on mount attach and detach, Paul Moore
        
        Re: [PATCH v5 2/3] fanotify: notify on mount attach and detach, Christian Brauner
      - Re: [PATCH v5 2/3] fanotify: notify on mount attach and detach, Christian Brauner
    - Re: [PATCH v5 2/3] fanotify: notify on mount attach and detach, Christian Brauner
      - Re: [PATCH v5 2/3] fanotify: notify on mount attach and detach, Paul Moore
        
        Re: [PATCH v5 2/3] fanotify: notify on mount attach and detach, Christian Brauner
        
        Re: [PATCH v5 2/3] fanotify: notify on mount attach and detach, Paul Moore
- [PATCH v5 3/3] vfs: add notifications for mount attach and detach, Miklos Szeredi
- Re: [PATCH v5 0/3] mount notification, Christian Brauner
ls from coreutils 9.6 doesn't show labels of some files, Ondrej Mosnacek
- Re: ls from coreutils 9.6 doesn't show labels of some files, Stephen Smalley
  - Re: ls from coreutils 9.6 doesn't show labels of some files, Paul Moore
[PATCH v3 1/2] io_uring: refactor io_uring_allowed(), Hamza Mahfooz
- [PATCH v3 2/2] lsm,io_uring: add LSM hooks for io_uring_setup(), Hamza Mahfooz
  - Re: [PATCH v3 2/2] lsm,io_uring: add LSM hooks for io_uring_setup(), Casey Schaufler
    - Re: [PATCH v3 2/2] lsm,io_uring: add LSM hooks for io_uring_setup(), Paul Moore
      - Re: [PATCH v3 2/2] lsm,io_uring: add LSM hooks for io_uring_setup(), Casey Schaufler
        
        Re: [PATCH v3 2/2] lsm,io_uring: add LSM hooks for io_uring_setup(), Paul Moore
        
        Re: [PATCH v3 2/2] lsm,io_uring: add LSM hooks for io_uring_setup(), Casey Schaufler
        
        Re: [PATCH v3 2/2] lsm,io_uring: add LSM hooks for io_uring_setup(), Paul Moore
  - Re: [PATCH v3 2/2] lsm,io_uring: add LSM hooks for io_uring_setup(), Paul Moore
    - Re: [PATCH v3 2/2] lsm,io_uring: add LSM hooks for io_uring_setup(), Hamza Mahfooz
- Re: [PATCH v3 1/2] io_uring: refactor io_uring_allowed(), Paul Moore
  - Re: [PATCH v3 1/2] io_uring: refactor io_uring_allowed(), Jens Axboe
    - Re: [PATCH v3 1/2] io_uring: refactor io_uring_allowed(), Paul Moore
Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Ondrej Mosnacek
- Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), stsp
  - Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Willem de Bruijn
    - Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), stsp
    - Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Ondrej Mosnacek
      - Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), stsp
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), stsp
      - Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Willem de Bruijn
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), stsp
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Willem de Bruijn
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), stsp
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Willem de Bruijn
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), stsp
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Willem de Bruijn
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Paul Moore
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Ondrej Mosnacek
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Paul Moore
        
        Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Willem de Bruijn
      - Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check"), Willem de Bruijn
Re: [PATCH v4 2/4] fanotify: notify on mount attach and detach, Paul Moore
- Re: [PATCH v4 2/4] fanotify: notify on mount attach and detach, Russell Coker
  - Re: [PATCH v4 2/4] fanotify: notify on mount attach and detach, Miklos Szeredi
    - Re: [PATCH v4 2/4] fanotify: notify on mount attach and detach, Miklos Szeredi
- Re: [PATCH v4 2/4] fanotify: notify on mount attach and detach, Daniel Burgener
[PATCH] selinux: fix spelling error, Tanya Agarwal
- Re: [PATCH] selinux: fix spelling error, Paul Moore
3.8 postponed to the next week, Petr Lautrbach
[RFC PATCH 0/2] Possible solution to possible regression, James Carter
- [RFC PATCH 1/2] libselinux: Close old selabel handle when setting a new one, James Carter
- [RFC PATCH 2/2] libsemanage: Set new restorecon handle before doing restorecon, James Carter
- <Possible follow-ups>
- Re: [RFC PATCH 0/2] Possible solution to possible regression, Petr Lautrbach
  - Re: [RFC PATCH 0/2] Possible solution to possible regression, James Carter
[GIT PULL] selinux/selinux-pr-20250121, Paul Moore
- Re: [GIT PULL] selinux/selinux-pr-20250121, pr-tracker-bot
Possible regression by commit d96f27bf7cb9 ("libsemanage: Preserve file context and ownership in policy store"), Petr Lautrbach
[PATCH] selinux: Handle NULL return from selinux_inode in inode_security_rcu, Ingyu Jang
- Re: [PATCH] selinux: Handle NULL return from selinux_inode in inode_security_rcu, Stephen Smalley
[PATCH userspace] README: fix broken testsuite run status badge, Ondrej Mosnacek
- Re: [PATCH userspace] README: fix broken testsuite run status badge, Petr Lautrbach
[PATCH v2] libselinux: limit node depth while parsing compiled fcontexts, Christian Göttsche
ANN: SELinux userspace 3.8-rc4 release, Petr Lautrbach
[PATCH 2/5] checkpolicy: check identifier before copying, Christian Göttsche
- [PATCH 5/5] checkpolicy: clear queue between parser passes, Christian Göttsche
- [PATCH 3/5] checkpolicy: remove unneeded queue_head(), Christian Göttsche
- [PATCH 4/5] checkpolicy: do not consume unmatched identifiers, Christian Göttsche
- [PATCH 1/5] libselinux: set errno in failure case, Christian Göttsche
  - Re: [PATCH 1/5] libselinux: set errno in failure case, James Carter
    - Re: [PATCH 1/5] libselinux: set errno in failure case, Petr Lautrbach
[PATCH v2] semanage: improve -e documentation and fix delete operation, Christian Göttsche
[PATCH] CONTRIBUTING.md: Drop dependency and build instructions, Daniel Burgener
- Re: [PATCH] CONTRIBUTING.md: Drop dependency and build instructions, James Carter
  - Re: [PATCH] CONTRIBUTING.md: Drop dependency and build instructions, Petr Lautrbach
[PATCH] libselinux: limit node depth while parsing compiled fcontexts, Christian Göttsche
- Re: [PATCH] libselinux: limit node depth while parsing compiled fcontexts, James Carter
[PATCH] selinux: map RTM_DELNSID to nlmsg_write, Thiébaud Weksteen
- Re: [PATCH] selinux: map RTM_DELNSID to nlmsg_write, Nicolas Dichtel
  - Re: [PATCH] selinux: map RTM_DELNSID to nlmsg_write, Paul Moore
    - Re: [PATCH] selinux: map RTM_DELNSID to nlmsg_write, Thiébaud Weksteen
3.8-rc4 or 3.8 release next week, Petr Lautrbach
- Re: 3.8-rc4 or 3.8 release next week, James Carter
  - Re: 3.8-rc4 or 3.8 release next week, James Carter
    - Re: 3.8-rc4 or 3.8 release next week, Petr Lautrbach
[PATCH 2/2] libselinux/fuzz: handle inputs with trailing data, Christian Göttsche
- [PATCH 1/2] libsepol/cil: free nlmsg hashtable on error, Christian Göttsche
  - Re: [PATCH 1/2] libsepol/cil: free nlmsg hashtable on error, James Carter
    - Re: [PATCH 1/2] libsepol/cil: free nlmsg hashtable on error, Petr Lautrbach
selinux: error: ‘NETLINK_ROUTE_SOCKET__NLMSG’ undeclared, Sebastian Andrzej Siewior
- Re: selinux: error: ‘NETLINK_ROUTE_SOCKET__NLMSG’ undeclared, Thiébaud Weksteen
  - Re: selinux: error: ‘NETLINK_ROUTE_SOCKET__NLMSG’ undeclared, Sebastian Andrzej Siewior
    - Re: selinux: error: ‘NETLINK_ROUTE_SOCKET__NLMSG’ undeclared, Jeff Johnson
      - Re: selinux: error: ‘NETLINK_ROUTE_SOCKET__NLMSG’ undeclared, Paul Moore
[GIT PULL] selinux/selinux-pr-20250107, Paul Moore
- Re: [GIT PULL] selinux/selinux-pr-20250107, pr-tracker-bot
[RFC PATCH v2 01/17] Fix typos, Christian Göttsche
- [RFC PATCH v2 09/17] tests/extended_socket_class: work with CONFIG_CRYPTO_USER_API disabled, Christian Göttsche
- [RFC PATCH v2 15/17] tests: test code tweaks, Christian Göttsche
- [RFC PATCH v2 07/17] test: overlayfs related tweaks, Christian Göttsche
- [RFC PATCH v2 06/17] Makefile: add PHONY targets, Christian Göttsche
- [RFC PATCH v2 10/17] tests/tun_tap: skip if not supported, Christian Göttsche
- [RFC PATCH v2 11/17] tests/inet_socket: skip mptcp if not supported, Christian Göttsche
- [RFC PATCH v2 08/17] tests/notify: work with CONFIG_FANOTIFY disabled, Christian Göttsche
- [RFC PATCH v2 12/17] tests/filesystem: improve fsnotify check and preload loop module, Christian Göttsche
- [RFC PATCH v2 13/17] defconfig: enable CONFIG_XFRM_USER, Christian Göttsche
- [RFC PATCH v2 16/17] tests: fail on compiler warnings and enable Wextra, Christian Göttsche
- [RFC PATCH v2 14/17] defconfig: enable CONFIG_NETFILTER_NETLINK_LOG, Christian Göttsche
- [RFC PATCH v2 17/17] tests: drop headers from Makefile dependencies, Christian Göttsche
- [RFC PATCH v2 00/17] testsuite: misc fixes and virtme-ng support, Christian Göttsche
- [RFC PATCH v2 03/17] tools: quote command to prevent word splitting, Christian Göttsche
- [RFC PATCH v2 05/17] tests: enable strictness for perl scripts, Christian Göttsche
- [RFC PATCH v2 04/17] tests: port scripts to sh and please shellcheck, Christian Göttsche
- [RFC PATCH v2 02/17] Makefile: use $(MAKE) to pass options, Christian Göttsche
[PATCH userspace 0/4] ci: fix and migrate the testsuite part to Testing Farm, Ondrej Mosnacek
- [PATCH userspace 2/4] ci: update Python versions, Ondrej Mosnacek
- [PATCH userspace 1/4] ci: use Testing Farm for running the testsuite, Ondrej Mosnacek
  - Re: [PATCH userspace 1/4] ci: use Testing Farm for running the testsuite, James Carter
    - Re: [PATCH userspace 1/4] ci: use Testing Farm for running the testsuite, Petr Lautrbach
- [PATCH userspace 3/4] ci: add missing libbz2-dev dependency, Ondrej Mosnacek
- [PATCH userspace 4/4] ci: fix pypy conditional, Ondrej Mosnacek
[no subject], Unknown
[RFC PATCH 00/44] SELinux namespace support, Stephen Smalley
- [RFC PATCH 05/44] netstate,selinux: create the selinux netlink socket per network namespace, Stephen Smalley
  - Re: [RFC PATCH 05/44] netstate,selinux: create the selinux netlink socket per network namespace, sergeh
    - Re: [RFC PATCH 05/44] netstate,selinux: create the selinux netlink socket per network namespace, Stephen Smalley
- [RFC PATCH 04/44] selinux: dynamically allocate selinux namespace, Stephen Smalley
- [RFC PATCH 03/44] selinux: support multiple selinuxfs instances, Stephen Smalley
- [RFC PATCH 06/44] selinux: support per-task/cred selinux namespace, Stephen Smalley
  - Re: [RFC PATCH 06/44] selinux: support per-task/cred selinux namespace, sergeh
    - Re: [RFC PATCH 06/44] selinux: support per-task/cred selinux namespace, Stephen Smalley
- [RFC PATCH 08/44] selinux: add a selinuxfs interface to unshare selinux namespace, Stephen Smalley
- [RFC PATCH 02/44] selinux: introduce current_selinux_state, Stephen Smalley
- [RFC PATCH 09/44] selinuxfs: restrict write operations to the same selinux namespace, Stephen Smalley
- [RFC PATCH 07/44] selinux: introduce cred_selinux_state() and use it, Stephen Smalley
- [RFC PATCH 01/44] selinux: restore passing of selinux_state, Stephen Smalley
- [RFC PATCH 14/44] selinux: introduce cred_has_extended_perms(), Stephen Smalley
- [RFC PATCH 12/44] selinux: update hook functions to use correct selinux namespace, Stephen Smalley
- [RFC PATCH 17/44] selinux: introduce cred_ssid_has_perm() and cred_other_has_perm(), Stephen Smalley
- [RFC PATCH 15/44] selinux: introduce cred_self_has_perm(), Stephen Smalley
- [RFC PATCH 10/44] selinux: introduce a global SID table, Stephen Smalley
- [RFC PATCH 18/44] selinux: introduce task_obj_perm(), Stephen Smalley
- [RFC PATCH 13/44] selinux: introduce cred_task_has_perm(), Stephen Smalley
- [RFC PATCH 19/44] selinux: fix selinux_lsm_getattr() check, Stephen Smalley
- [RFC PATCH 20/44] selinux: update bprm hooks for selinux namespaces, Stephen Smalley
- [RFC PATCH 16/44] selinux: introduce cred_has_perm(), Stephen Smalley
- [RFC PATCH 11/44] selinux: wrap security server interfaces to use the global SID table, Stephen Smalley
- [RFC PATCH 22/44] selinux: convert selinux_file_send_sigiotask() to namespace-aware helper, Stephen Smalley
- [RFC PATCH 21/44] selinux: add kerneldoc to new permission checking functions, Stephen Smalley
- [RFC PATCH 26/44] selinux: annotate selinuxfs permission checks, Stephen Smalley
- [RFC PATCH 24/44] selinux: convert additional checks to cred_ssid_has_perm(), Stephen Smalley
- [RFC PATCH 23/44] selinux: rename cred_has_perm*() to cred_tsid_has_perm*(), Stephen Smalley
- [RFC PATCH 27/44] selinux: annotate process transition permission checks, Stephen Smalley
- [RFC PATCH 29/44] selinux: switch selinux_lsm_setattr() checks to current namespace, Stephen Smalley
- [RFC PATCH 31/44] selinux: fix namespace creation, Stephen Smalley
- [RFC PATCH 28/44] selinux: convert xfrm and netlabel permission checks, Stephen Smalley
- [RFC PATCH 25/44] selinux: introduce selinux_state_has_perm(), Stephen Smalley
- [RFC PATCH 30/44] selinux: add limits for SELinux namespaces, Stephen Smalley
- [RFC PATCH 32/44] selinux: limit selinux netlink notifications to init namespace, Stephen Smalley
- [RFC PATCH 33/44] selinux: refactor selinux_state_create(), Stephen Smalley
- [RFC PATCH 37/44] selinux: disallow writes to /sys/fs/selinux/user in non-init namespaces, Stephen Smalley
- [RFC PATCH 36/44] selinux: set initial SID context for init to "kernel" in global SID table, Stephen Smalley
- [RFC PATCH 38/44] selinux: convert nlmsg_sock_has_extended_perms() to namespace-aware, Stephen Smalley
- [RFC PATCH 34/44] selinux: make open_perms namespace-aware, Stephen Smalley
- [RFC PATCH 35/44] selinux: split cred_ssid_has_perm() into two cases, Stephen Smalley
- [RFC PATCH 39/44] selinux: defer inode init on current selinux state, Stephen Smalley
- [RFC PATCH 41/44] selinux: allow userspace to detect non-init SELinux namespace, Stephen Smalley
- [RFC PATCH 40/44] selinux: init inode from nearest initialized namespace, Stephen Smalley
- [RFC PATCH 42/44] selinux: exempt creation of init SELinux namespace from limits, Stephen Smalley
- [RFC PATCH 43/44] selinux: introduce a Kconfig option for SELinux namespaces, Stephen Smalley
- [RFC PATCH 44/44] selinux: fix inode initialization when no namespace is initialized, Stephen Smalley
  - Re: [RFC PATCH 44/44] selinux: fix inode initialization when no namespace is initialized, Stephen Smalley
- Re: [RFC PATCH 00/44] SELinux namespace support, Stephen Smalley
  - Re: [RFC PATCH 00/44] SELinux namespace support, Paul Moore
[PATCH 2/2] python: fix typos, Christian Göttsche
- [PATCH 1/2] libsepol: fix typos, Christian Göttsche
  - Re: [PATCH 1/2] libsepol: fix typos, James Carter
    - Re: [PATCH 1/2] libsepol: fix typos, Petr Lautrbach
[PATCH] libselinux: avoid quadratic complexity for many regex specs validation, Christian Göttsche
- Re: [PATCH] libselinux: avoid quadratic complexity for many regex specs validation, James Carter
  - Re: [PATCH] libselinux: avoid quadratic complexity for many regex specs validation, Christian Göttsche
[PATCH] semanage: improve -e documentation and fix delete operation, Christian Göttsche
- Re: [PATCH] semanage: improve -e documentation and fix delete operation, Petr Lautrbach
  - Re: [PATCH] semanage: improve -e documentation and fix delete operation, Christian Göttsche
[PATCH] libselinux: update max node depth, Christian Göttsche
- Re: [PATCH] libselinux: update max node depth, James Carter
  - Re: [PATCH] libselinux: update max node depth, Christian Göttsche
[PATCH linux-next 0/2] Fix perf security check problem, Luo Gengkun
- [PATCH linux-next 1/2] perf: Remove unnecessary parameter of security check, Luo Gengkun
  - Re: [PATCH linux-next 1/2] perf: Remove unnecessary parameter of security check, Paul Moore
    - Re: [PATCH linux-next 1/2] perf: Remove unnecessary parameter of security check, Luo Gengkun
- [PATCH linux-next 2/2] perf: Return EACCESS when need perfmon capability, Luo Gengkun
  - Re: [PATCH linux-next 2/2] perf: Return EACCESS when need perfmon capability, James Clark
    - Re: [PATCH linux-next 2/2] perf: Return EACCESS when need perfmon capability, Luo Gengkun
[PATCH v2] selinux: match extended permissions to their base permissions, Thiébaud Weksteen
- Re: [PATCH v2] selinux: match extended permissions to their base permissions, Paul Moore
[PATCH 1/2] lsm: add LSM hooks for io_uring_setup(), Hamza Mahfooz
[PATCH] lsm,io_uring: add LSM hooks for io_uring_setup(), Hamza Mahfooz
- Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup(), Jens Axboe
- Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup(), Casey Schaufler
  - Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup(), Paul Moore
selinux@xxxxxxxxxxxxxxx CDIF Comprobante 15:02, pago214
ANN: SELinux userspace 3.8-rc3 release, Petr Lautrbach
[GIT PULL] selinux/selinux-pr-20241217, Paul Moore
- Re: [GIT PULL] selinux/selinux-pr-20241217, pr-tracker-bot
[PATCH 0/6] Audit: Records for multiple security contexts, Casey Schaufler
- [PATCH 3/6] LSM: security_lsmblob_to_secctx module selection, Casey Schaufler
- [PATCH 1/6] Audit: Create audit_stamp structure, Casey Schaufler
- [PATCH 2/6] Audit: Allow multiple records in an audit_buffer, Casey Schaufler
- [PATCH 6/6] Audit: Add record for multiple object contexts, Casey Schaufler
- [PATCH 4/6] Audit: Add record for multiple task security contexts, Casey Schaufler
- [PATCH 5/6] Audit: multiple subject lsm values for netlabel, Casey Schaufler
[PATCH] libselinux/fuzz: readjust load_mmap() update, Christian Göttsche
- Re: [PATCH] libselinux/fuzz: readjust load_mmap() update, Christian Göttsche
- Re: [PATCH] libselinux/fuzz: readjust load_mmap() update, James Carter
  - Re: [PATCH] libselinux/fuzz: readjust load_mmap() update, James Carter
Re: kernel-secnext aarch64 builds missing?, Paul Moore
- Re: kernel-secnext aarch64 builds missing?, Paul Moore
  - Re: kernel-secnext aarch64 builds missing?, Paul Moore
    - Re: kernel-secnext aarch64 builds missing?, Ondrej Mosnacek
      - Re: kernel-secnext aarch64 builds missing?, Paul Moore
        
        Re: kernel-secnext aarch64 builds missing?, Ondrej Mosnacek
        
        Re: kernel-secnext aarch64 builds missing?, Paul Moore
        
        Re: kernel-secnext aarch64 builds missing?, Ondrej Mosnacek
[RFC PATCH 2/3] checkpolicy: add support for wildcard netifcon names, Christian Göttsche
- [RFC PATCH 3/3] secilc/test: add test for wildcard netifcon statement, Christian Göttsche
- [RFC PATCH 1/3] libsepol: update sort order for netifcon definitions, Christian Göttsche
[RFC PATCH] selinux: support wildcard network interface names, Christian Göttsche
- Re: [RFC PATCH] selinux: support wildcard network interface names, Christian Göttsche
[syzbot] [selinux?] [mm?] [overlayfs?] INFO: rcu detected stall in sys_mkdirat (2), syzbot
[RFC PATCH v2 01/22] selinux: supply missing field initializers, Christian Göttsche
- [RFC PATCH v2 04/22] selinux: rework match_ipv6_addrmask(), Christian Göttsche
  - Re: [PATCH RFC v2 4/22] selinux: rework match_ipv6_addrmask(), Paul Moore
- [RFC PATCH v2 02/22] selinux: avoid using types indicating user space interaction, Christian Göttsche
  - Re: [PATCH RFC v2 2/22] selinux: avoid using types indicating user space interaction, Paul Moore
- [RFC PATCH v2 05/22] selinux: avoid nontransitive comparison, Christian Göttsche
  - Re: [PATCH RFC v2 5/22] selinux: avoid nontransitive comparison, Paul Moore
    - Re: [PATCH RFC v2 5/22] selinux: avoid nontransitive comparison, Christian Göttsche
      - Re: [PATCH RFC v2 5/22] selinux: avoid nontransitive comparison, Christian Göttsche
- [RFC PATCH v2 03/22] selinux: align and constify functions, Christian Göttsche
  - Re: [PATCH RFC v2 3/22] selinux: align and constify functions, Paul Moore
- [RFC PATCH v2 06/22] selinux: rename comparison functions for clarity, Christian Göttsche
  - Re: [PATCH RFC v2 6/22] selinux: rename comparison functions for clarity, Paul Moore
- [RFC PATCH v2 07/22] selinux: use known type instead of void pointer, Christian Göttsche
  - Re: [PATCH RFC v2 7/22] selinux: use known type instead of void pointer, Paul Moore
- [RFC PATCH v2 08/22] selinux: avoid unnecessary indirection in struct level_datum, Christian Göttsche
  - Re: [PATCH RFC v2 8/22] selinux: avoid unnecessary indirection in struct level_datum, Paul Moore
- [RFC PATCH v2 10/22] selinux: use u16 for security classes, Christian Göttsche
  - Re: [PATCH RFC v2 10/22] selinux: use u16 for security classes, Paul Moore
- [RFC PATCH v2 09/22] selinux: make use of str_read(), Christian Göttsche
  - Re: [PATCH RFC v2 9/22] selinux: make use of str_read(), Paul Moore
- [RFC PATCH v2 12/22] selinux: check length fields in policies, Christian Göttsche
  - Re: [PATCH RFC v2 12/22] selinux: check length fields in policies, Paul Moore
- [RFC PATCH v2 13/22] selinux: validate constraints, Christian Göttsche
- [RFC PATCH v2 11/22] selinux: more strict policy parsing, Christian Göttsche
  - Re: [PATCH RFC v2 11/22] selinux: more strict policy parsing, Paul Moore
    - Re: [PATCH RFC v2 11/22] selinux: more strict policy parsing, Christian Göttsche
- [RFC PATCH v2 14/22] selinux: pre-validate conditional expressions, Christian Göttsche
- [RFC PATCH v2 16/22] selinux: check type attr map overflows, Christian Göttsche
- [RFC PATCH v2 15/22] selinux: introduce ebitmap_highest_set_bit(), Christian Göttsche
  - Re: [PATCH RFC v2 15/22] selinux: introduce ebitmap_highest_set_bit(), Paul Moore
- [RFC PATCH v2 17/22] selinux: reorder policydb_index(), Christian Göttsche
- [RFC PATCH v2 19/22] selinux: validate symbols, Christian Göttsche
  - Re: [PATCH RFC v2 19/22] selinux: validate symbols, Paul Moore
    - Re: [PATCH RFC v2 19/22] selinux: validate symbols, Christian Göttsche
- [RFC PATCH v2 18/22] selinux: beef up isvalid checks, Christian Göttsche
- [RFC PATCH v2 21/22] selinux: check for simple types, Christian Göttsche
- [RFC PATCH v2 20/22] selinux: more strict bounds check, Christian Göttsche
- [RFC PATCH v2 00/22] selinux: harden against malformed policies, Christian Göttsche
- [RFC PATCH v2 22/22] selinux: restrict policy strings, Christian Göttsche
  - Re: [RFC PATCH v2 22/22] selinux: restrict policy strings, Stephen Smalley
    - Re: [RFC PATCH v2 22/22] selinux: restrict policy strings, Joe Nall
      - Re: [RFC PATCH v2 22/22] selinux: restrict policy strings, Christian Göttsche
        
        Re: [RFC PATCH v2 22/22] selinux: restrict policy strings, Daniel Burgener
        
        Re: [RFC PATCH v2 22/22] selinux: restrict policy strings, James Carter
- Re: [PATCH RFC v2 1/22] selinux: supply missing field initializers, Paul Moore
[RFC PATCH v2] libselinux: restore previous regex spec ordering, Christian Göttsche
- Re: [RFC PATCH v2] libselinux: restore previous regex spec ordering, Takaya Saeki
- Re: [RFC PATCH v2] libselinux: restore previous regex spec ordering, James Carter
  - Re: [RFC PATCH v2] libselinux: restore previous regex spec ordering, James Carter
[PATCH] libsemanage: Mute error messages from selinux_restorecon, Vit Mojzis
- Re: [PATCH] libsemanage: Mute error messages from selinux_restorecon, James Carter
  - Re: [PATCH] libsemanage: Mute error messages from selinux_restorecon, James Carter
[PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Mikhail Ivanov
- Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Mickaël Salaün
  - Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Mikhail Ivanov
    - Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Stephen Smalley
      - Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Mikhail Ivanov
        
        Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Stephen Smalley
        
        Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Paul Moore
        
        Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Stephen Smalley
        
        Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Paul Moore
        
        Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Mikhail Ivanov
- Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Stephen Smalley
3.8-rc2 will become rc3, Petr Lautrbach
The curious case of pidfs and pidfds, Paul Moore
- Re: The curious case of pidfs and pidfds, Stephen Smalley
  - Re: The curious case of pidfs and pidfds, Stephen Smalley
    - Re: The curious case of pidfs and pidfds, Paul Moore
      - Re: The curious case of pidfs and pidfds, Stephen Smalley
[RFC PATCH] libselinux: restore previous regex spec ordering, Christian Göttsche
- Re: [RFC PATCH] libselinux: restore previous regex spec ordering, Petr Lautrbach
  - Re: [RFC PATCH] libselinux: restore previous regex spec ordering, Takaya Saeki
[PATCH 1/9] Revert "libselinux/utils: drop reachable assert in sefcontext_compile", James Carter
- [PATCH 3/9] Revert "libselinux: simplify string formatting", James Carter
- [PATCH 2/9] Revert "libselinux/utils: use correct error handling", James Carter
- [PATCH 4/9] Revert "libselinux: use vector instead of linked list for substitutions", James Carter
- [PATCH 5/9] Revert "libselinux: avoid memory allocation in common file label lookup", James Carter
- [PATCH 7/9] Revert "libselinux: support parallel selabel_lookup(3)", James Carter
- [PATCH 6/9] Revert "libselinux: move functions out of header file", James Carter
- [PATCH 8/9] Revert "libselinux: add selabel_file(5) fuzzer", James Carter
- [PATCH 9/9] Revert "libselinux: rework selabel_file(5) database", James Carter
- Re: [PATCH 1/9] Revert "libselinux/utils: drop reachable assert in sefcontext_compile", James Carter
[PATCH] selinux: support wildcard match in genfscon, Takaya Saeki
- Re: [PATCH] selinux: support wildcard match in genfscon, Paul Moore
  - Re: [PATCH] selinux: support wildcard match in genfscon, Takaya Saeki
    - Re: [PATCH] selinux: support wildcard match in genfscon, Paul Moore
      - Re: [PATCH] selinux: support wildcard match in genfscon, Takaya Saeki
        
        Re: [PATCH] selinux: support wildcard match in genfscon, Paul Moore
        
        Re: [PATCH] selinux: support wildcard match in genfscon, Takaya Saeki
        
        Re: [PATCH] selinux: support wildcard match in genfscon, Paul Moore
        
        Re: [PATCH] selinux: support wildcard match in genfscon, Takaya Saeki
        
        Re: [PATCH] selinux: support wildcard match in genfscon, Paul Moore
      - Re: [PATCH] selinux: support wildcard match in genfscon, Stephen Smalley
Incompatible file_contexts precedence in 3.8-rc1, Takaya Saeki
- Re: Incompatible file_contexts precedence in 3.8-rc1, Christian Göttsche
  - Re: Incompatible file_contexts precedence in 3.8-rc1, Takaya Saeki
    - Re: Incompatible file_contexts precedence in 3.8-rc1, James Carter
[PATCH] selinux: KASAN; slab-out-of-bounds in avc_lookup, Joey Jiao
- Re: [PATCH] selinux: KASAN; slab-out-of-bounds in avc_lookup, Paul Moore
[PATCH] libselinux/fuzz: update for lookup_all() change, Christian Göttsche
- Re: [PATCH] libselinux/fuzz: update for lookup_all() change, James Carter
  - Re: [PATCH] libselinux/fuzz: update for lookup_all() change, James Carter
[RFC] genfscon wildcard support for faster sysfs labeling, Takaya Saeki
- Re: [RFC] genfscon wildcard support for faster sysfs labeling, Christian Göttsche
  - Re: [RFC] genfscon wildcard support for faster sysfs labeling, Takaya Saeki
    - Re: [RFC] genfscon wildcard support for faster sysfs labeling, Takaya Saeki
[PATCH] selinux: match extended permissions to their base permissions, Thiébaud Weksteen
- Re: [PATCH] selinux: match extended permissions to their base permissions, Paul Moore
  - Re: [PATCH] selinux: match extended permissions to their base permissions, Thiébaud Weksteen
[PATCH v2] selinux: add netlink nlmsg_type audit message, Thiébaud Weksteen
- Re: [PATCH v2] selinux: add netlink nlmsg_type audit message, Paul Moore
  - Re: [PATCH v2] selinux: add netlink nlmsg_type audit message, Thiébaud Weksteen
    - Re: [PATCH v2] selinux: add netlink nlmsg_type audit message, Paul Moore
[PATCH v2] selinux: ignore unknown extended permissions, Thiébaud Weksteen
- Message not available
  - Re: [PATCH v2] selinux: ignore unknown extended permissions, Thiébaud Weksteen
- Re: [PATCH v2] selinux: ignore unknown extended permissions, Paul Moore
[PATCH] libsepol: add missing word separators in error message, Christian Göttsche
- Re: [PATCH] libsepol: add missing word separators in error message, James Carter
  - Re: [PATCH] libsepol: add missing word separators in error message, James Carter
[PATCH] selinux: ignore unknown extended permissions, Thiébaud Weksteen
- Re: [PATCH] selinux: ignore unknown extended permissions, Paul Moore
Systemd socket labeling issue, Daniel Burgener
- Re: Systemd socket labeling issue, Daniel Burgener
[PATCH] libselinux/utils: drop reachable assert in sefcontext_compile, Christian Göttsche
[PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile, Christian Göttsche
- Re: [PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile, Petr Lautrbach
  - Re: [PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile, James Carter
    - Re: [PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile, James Carter
Regression in 92306daf5219 ("libselinux: rework selabel_file(5) database"), Petr Lautrbach
- Re: Regression in 92306daf5219 ("libselinux: rework selabel_file(5) database"), Petr Lautrbach
[RFC PATCH] Introduce POLICYDB_VERSION_KERNEL_MAX, Christian Göttsche
- Re: [RFC PATCH] Introduce POLICYDB_VERSION_KERNEL_MAX, Stephen Smalley
  - Re: [RFC PATCH] Introduce POLICYDB_VERSION_KERNEL_MAX, Christian Göttsche
[PATCH] checkpolicy: drop host bits in IPv6 CIDR address, Christian Göttsche
- Re: [PATCH] checkpolicy: drop host bits in IPv6 CIDR address, James Carter
  - Re: [PATCH] checkpolicy: drop host bits in IPv6 CIDR address, James Carter
[PATCH] libsepol: avoid unnecessary memset(3) calls in hashtab, Christian Göttsche
- Re: [PATCH] libsepol: avoid unnecessary memset(3) calls in hashtab, James Carter
  - Re: [PATCH] libsepol: avoid unnecessary memset(3) calls in hashtab, James Carter
[PATCH] libselinux/utils: use correct error handling, Christian Göttsche
- Re: [PATCH] libselinux/utils: use correct error handling, James Carter
  - Re: [PATCH] libselinux/utils: use correct error handling, James Carter
[RFC PATCH] ioctl: add test for conditional xperms, Christian Göttsche
- Re: [RFC PATCH] ioctl: add test for conditional xperms, Stephen Smalley
  - Re: [RFC PATCH] ioctl: add test for conditional xperms, Ondrej Mosnacek
ANN: SELinux userspace 3.8-rc1 release, Petr Lautrbach
[PATCH v2] selinux: add generated av_permissions.h to targets, Thomas Weißschuh
- Re: [PATCH v2] selinux: add generated av_permissions.h to targets, Masahiro Yamada
- Re: [PATCH v2] selinux: add generated av_permissions.h to targets, Paul Moore
[PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Eric Dumazet
- Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Paul Moore
- Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Kuniyuki Iwashima
- Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), patchwork-bot+netdevbpf
  - Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Paul Moore
    - Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Jakub Kicinski
      - Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Paul Moore
[syzbot] [selinux?] KASAN: slab-out-of-bounds Read in selinux_ip_output, syzbot
[PATCH v3 1/3] libselinux: avoid memory allocation in common file label lookup, Christian Göttsche
- [PATCH v3 2/3] libselinux: use vector instead of linked list for substitutions, Christian Göttsche
- [PATCH v3 3/3] libselinux: simplify string formatting, Christian Göttsche
- Re: [PATCH v3 1/3] libselinux: avoid memory allocation in common file label lookup, James Carter
  - Re: [PATCH v3 1/3] libselinux: avoid memory allocation in common file label lookup, James Carter
[PATCH v2] bpf, lsm: Remove getlsmprop hooks BTF IDs, Thomas Weißschuh
- Re: [PATCH v2] bpf, lsm: Remove getlsmprop hooks BTF IDs, patchwork-bot+netdevbpf
[PATCH v2 1/9] libsemanage: set O_CLOEXEC flag for file descriptors, Christian Göttsche
- [PATCH v2 2/9] libsemanage: handle cil_set_handle_unknown() failure, Christian Göttsche
- [PATCH v2 5/9] libsemanage: check closing written files, Christian Göttsche
- [PATCH v2 3/9] libsemanage: handle shell allocation failure, Christian Göttsche
- [PATCH v2 4/9] libsemanage: drop duplicate newlines and error descriptions in error messages, Christian Göttsche
- [PATCH v2 6/9] libsemanage: simplify file deletion, Christian Göttsche
- [PATCH v2 7/9] libsemanage: optimize policy by default, Christian Göttsche
- [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix, Christian Göttsche
  - Re: [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix, James Carter
    - Re: [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix, Petr Lautrbach
- [PATCH v2 8/9] libsemanage/man: add documentation for command overrides, Christian Göttsche
[PATCH v2 1/3] libselinux: avoid memory allocation in common file label lookup, Christian Göttsche
- [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions, Christian Göttsche
  - Re: [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions, James Carter
    - Re: [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions, Christian Göttsche
      - Re: [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions, James Carter
- [PATCH v2 3/3] libselinux: simplify string formatting, Christian Göttsche
[PATCH] selinux: use native iterator types, Christian Göttsche
- Re: [PATCH] selinux: use native iterator types, Paul Moore
  - RE: [PATCH] selinux: use native iterator types, David Laight
    - Re: [PATCH] selinux: use native iterator types, Linus Torvalds
      - Re: [PATCH] selinux: use native iterator types, Paul Moore
        
        Re: [PATCH] selinux: use native iterator types, Christian Göttsche
[PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs, Thomas Weißschuh
- Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs, Jiri Olsa
- Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs, Alexei Starovoitov
  - Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs, Thomas Weißschuh
    - Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs, Matt Bobrowski
[PATCH 1/2] libselinux: avoid memory allocation in common file label lookup, Christian Göttsche
- [PATCH 2/2] selinux: use vector instead of linked list for substitutions, Christian Göttsche
Re: [PATCH] mm/kmemleak: Fix sleeping function called from invalid context in kmemleak_seq_show, Alessandro Carminati
[PATCH 1/2] libsepol: harden availability check against user CFLAGS, Christian Göttsche
- [PATCH 2/2] libselinux: harden availability check against user CFLAGS, Christian Göttsche
- Re: [PATCH 1/2] libsepol: harden availability check against user CFLAGS, James Carter
  - Re: [PATCH 1/2] libsepol: harden availability check against user CFLAGS, James Carter
[PATCH v3 2/3] libselinux: avoid dynamic allocation in openattr(), Christian Göttsche
[PATCH v2 1/3] libselinux: make use of calloc(3), Christian Göttsche
- [PATCH v2 2/3] libselinux: avoid dynamic allocation in openattr(), Christian Göttsche
- [PATCH v2 3/3] libselinux: move functions out of header file, Christian Göttsche
- Re: [PATCH v2 1/3] libselinux: make use of calloc(3), James Carter
  - Re: [PATCH v2 1/3] libselinux: make use of calloc(3), James Carter
[PATCH] selinux: explicitly clean generated av_permissions.h, Thomas Weißschuh
- Re: [PATCH] selinux: explicitly clean generated av_permissions.h, Masahiro Yamada
  - Re: [PATCH] selinux: explicitly clean generated av_permissions.h, Thomas Weißschuh
  - Re: [PATCH] selinux: explicitly clean generated av_permissions.h, Paul Moore
[PATCH 00/17] testsuite: misc fixes and virtme-ng support, Christian Göttsche
- [PATCH 03/17] tools: quote command to prevent word splitting, Christian Göttsche
- [PATCH 04/17] tests: port scripts to sh and please shellcheck, Christian Göttsche
- [PATCH 02/17] Makefile: use $(MAKE) to pass options, Christian Göttsche
- [PATCH 06/17] Makefile: add PHONY targets, Christian Göttsche
- [PATCH 08/17] tests/notify: work with CONFIG_FANOTIFY disabled, Christian Göttsche
- [PATCH 12/17] tests/filesystem: improve fsnotify check and preload loop module, Christian Göttsche
- [PATCH 07/17] test: overlayfs related tweaks, Christian Göttsche
- [PATCH 13/17] defconfig: enable CONFIG_XFRM_USER, Christian Göttsche
- [PATCH 14/17] defconfig: enable CONFIG_NETFILTER_NETLINK_LOG, Christian Göttsche
- [PATCH 15/17] tests: test code tweaks, Christian Göttsche
- [PATCH 16/17] tests: fail on compiler warnings and enable Wextra, Christian Göttsche
- [PATCH 10/17] tests/tun_tap: skip if not supported, Christian Göttsche
- [PATCH 09/17] tests/extended_socket_class: work with CONFIG_CRYPTO_USER_API disabled, Christian Göttsche
- [PATCH 11/17] tests/inet_socket: skip mptcp if not supported, Christian Göttsche
- [PATCH 01/17] Fix typos, Christian Göttsche
- [PATCH 17/17] tests: drop headers from Makefile dependencies, Christian Göttsche
- [PATCH 05/17] tests: enable strictness for perl scripts, Christian Göttsche
[RFC PATCH 01/22] selinux: supply missing field initializers, Christian Göttsche
- [RFC PATCH 05/22] selinux: avoid nontransitive comparison, Christian Göttsche
- [RFC PATCH 02/22] selinux: avoid using types indicating user space interaction, Christian Göttsche
- [RFC PATCH 03/22] selinux: align and constify functions, Christian Göttsche
- [RFC PATCH 04/22] selinux: rework match_ipv6_addrmask(), Christian Göttsche
- [RFC PATCH 06/22] selinux: rename comparison functions for clarity, Christian Göttsche
  - Re: [RFC PATCH 06/22] selinux: rename comparison functions for clarity, Daniel Burgener
- [RFC PATCH 07/22] selinux: use known type instead of void pointer, Christian Göttsche
  - Re: [RFC PATCH 07/22] selinux: use known type instead of void pointer, Daniel Burgener
- [RFC PATCH 08/22] selinux: avoid unnecessary indirection in struct level_datum, Christian Göttsche
- [RFC PATCH 09/22] selinux: make use of str_read(), Christian Göttsche
- [RFC PATCH 10/22] selinux: use u16 for security classes, Christian Göttsche
- [RFC PATCH 11/22] selinux: more strict policy parsing, Christian Göttsche
  - Re: [RFC PATCH 11/22] selinux: more strict policy parsing, Thiébaud Weksteen
- [RFC PATCH 12/22] selinux: check length fields in policies, Christian Göttsche
- [RFC PATCH 13/22] selinux: validate constraints, Christian Göttsche
- [RFC PATCH 14/22] selinux: pre-validate conditional expressions, Christian Göttsche
- [RFC PATCH 15/22] selinux: introduce ebitmap_highest_set_bit(), Christian Göttsche
- [RFC PATCH 16/22] selinux: check type attr map overflows, Christian Göttsche
- [RFC PATCH 17/22] selinux: reorder policydb_index(), Christian Göttsche
- [RFC PATCH 18/22] selinux: beef up isvalid checks, Christian Göttsche
- [RFC PATCH 19/22] selinux: validate symbols, Christian Göttsche
- [RFC PATCH 20/22] selinux: more strict bounds check, Christian Göttsche
- [RFC PATCH 21/22] selinux: check for simple types, Christian Göttsche
- [RFC PATCH 00/22] selinux: harden against malformed policies, Christian Göttsche
  - Re: [RFC PATCH 00/22] selinux: harden against malformed policies, Daniel Burgener
    - Re: [RFC PATCH 00/22] selinux: harden against malformed policies, Christian Göttsche
- [RFC PATCH 22/22] selinux: restrict policy strings, Christian Göttsche
  - Re: [RFC PATCH 22/22] selinux: restrict policy strings, Daniel Burgener
    - Re: [RFC PATCH 22/22] selinux: restrict policy strings, Christian Göttsche
[PATCH] fixfiles: use `grep -F` when search in mounts, Petr Lautrbach
- Re: [PATCH] fixfiles: use `grep -F` when search in mounts, James Carter
  - Re: [PATCH] fixfiles: use `grep -F` when search in mounts, James Carter
[PATCH v1 1/2] libsepol: allow specifying SUBDIRS when building, dmitry . sharshakov
- [PATCH v1 2/2] libsemanage: allow specifying SUBDIRS when building, dmitry . sharshakov
- Re: [PATCH v1 1/2] libsepol: allow specifying SUBDIRS when building, James Carter
[GIT PULL] selinux/selinux-pr-20241112, Paul Moore
- Re: [GIT PULL] selinux/selinux-pr-20241112, pr-tracker-bot
[RFC PATCH] selinux: Fix SCTP error inconsistency in selinux_socket_bind(), Mikhail Ivanov
- Re: [PATCH RFC] selinux: Fix SCTP error inconsistency in selinux_socket_bind(), Paul Moore
Allow rule not having any effect?!, Ian Pilcher
- SOLVED: Allow rule not having any effect?!, Ian Pilcher
- Re: Allow rule not having any effect?!, Dominick Grift
How to write a policy for a "service wrapper"?, Ian Pilcher
- Re: How to write a policy for a "service wrapper"?, Dominick Grift
  - Re: How to write a policy for a "service wrapper"?, Ian Pilcher
[PATCH 01/47] libsemanage: white space cleanup, Christian Göttsche
- [PATCH 02/47] libsemanage: fix typo, Christian Göttsche
- [PATCH 05/47] libsemanage: drop dead variable, Christian Göttsche
- [PATCH 04/47] libsemanage: drop dead assignments, Christian Göttsche
- [PATCH 03/47] libsemanage: drop unused macro, Christian Göttsche
- [PATCH 06/47] libsemanage: drop unnecessary declarations, Christian Göttsche
- [PATCH 09/47] libsemanage: drop const from function declaration, Christian Göttsche
- [PATCH 08/47] libsemanage: drop duplicate include, Christian Göttsche
- [PATCH 07/47] libsemanage: drop unnecessary return statements, Christian Göttsche
- [PATCH 10/47] libsemanage: set O_CLOEXEC flag for file descriptors, Christian Göttsche
- [PATCH 11/47] libsemanage: check memory allocations, Christian Göttsche
- [PATCH 13/47] libsemanage: free resources on failed connect attempt, Christian Göttsche
- [PATCH 12/47] libsemanage: use unlink on non directory, Christian Göttsche
- [PATCH 15/47] libsemanage: avoid const dropping casts, Christian Göttsche
- [PATCH 19/47] libsemanage: avoid leak on realloc failure, Christian Göttsche
- [PATCH 17/47] libsemanage: drop casts to same type, Christian Göttsche
- [PATCH 20/47] libsemanage: use strtok_r for thread safety, Christian Göttsche
- [PATCH 14/47] libsemanage: declare file local function tables static, Christian Göttsche
- [PATCH 16/47] libsemanage: cast to unsigned char for character checking functions, Christian Göttsche
- [PATCH 18/47] libsemanage: fix asprintf error branch, Christian Göttsche
- [PATCH 21/47] libsemanage: handle cil_set_handle_unknown() failure, Christian Göttsche
- [PATCH 24/47] libsemanage: check for path formatting failures, Christian Göttsche
- [PATCH 25/47] libsemanage: introduce write_full wrapper, Christian Göttsche
- [PATCH 22/47] libsemanage: free ibdev names in semanage_ibendport_validate_local(), Christian Göttsche
- [PATCH 23/47] libsemanage: simplify malloc plus strcpy via strndup, Christian Göttsche
- [PATCH 31/47] libsemanage: adjust sizes to avoid implicit truncations, Christian Göttsche
- [PATCH 26/47] libsemanage: more strict value parsing, Christian Göttsche
- [PATCH 30/47] libsemanage: avoid misc function pointer casts, Christian Göttsche
- [PATCH 29/47] libsemanage: constify read only parameters and variables, Christian Göttsche
- [PATCH 37/47] libsemanage: preserve errno during internal logging, Christian Göttsche
- [PATCH 33/47] libsemanage: use size_t for hash input sizes, Christian Göttsche
- [PATCH 28/47] libsemanage: simplify loop exit, Christian Göttsche
- [PATCH 36/47] libsemanage: drop dead code, Christian Göttsche
- [PATCH 27/47] libsemanage: constify function pointer structures, Christian Göttsche
- [PATCH 38/47] libsemanage: avoid strerror(3), Christian Göttsche
- [PATCH 32/47] libsemanage: use asprintf(3) to simplify code, Christian Göttsche
- [PATCH 35/47] libsemanage: handle shell allocation failure, Christian Göttsche
- [PATCH 34/47] libsemanage: drop macros used once, Christian Göttsche
- [PATCH 41/47] libsemanage: check closing written files, Christian Göttsche
- [PATCH 42/47] libsemanage: simplify file deletion, Christian Göttsche
- [PATCH 44/47] libsemanage/man: add documentation for command overrides, Christian Göttsche
- [PATCH 45/47] libsemanage: skip sort of empty arrays, Christian Göttsche
- [PATCH 46/47] libsemanage: respect shell paths with /usr prefix, Christian Göttsche
- [PATCH 43/47] libsemanage: optimize policy by default, Christian Göttsche
- [PATCH 40/47] libsemanage: drop duplicate newlines and error descriptions in error messages, Christian Göttsche
- [PATCH 47/47] libsemanage/tests: misc cleanup, Christian Göttsche
- [PATCH 39/47] libsemanage: avoid writing directly to stderr, Christian Göttsche
- Re: [PATCH 01/47] libsemanage: white space cleanup, James Carter
  - Re: [PATCH 01/47] libsemanage: white space cleanup, James Carter
[PATCH v5 1/6] libsepol: misc assertion cleanup, Christian Göttsche
- [PATCH v5 5/6] libsepol: indent printed allow rule on assertion failure, Christian Göttsche
- [PATCH v5 2/6] libsepol: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v5 3/6] checkpolicy: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v5 4/6] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v5 6/6] libsepol/tests: add cond xperm neverallow tests, Christian Göttsche
- Re: [PATCH v5 1/6] libsepol: misc assertion cleanup, James Carter
  - Re: [PATCH v5 1/6] libsepol: misc assertion cleanup, James Carter
[PATCH] libsemanage: open lock_file with O_RDWR, Petr Lautrbach
- Re: [PATCH] libsemanage: open lock_file with O_RDWR, James Carter
  - Re: [PATCH] libsemanage: open lock_file with O_RDWR, James Carter
[PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Ondrej Mosnacek
- Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Eric Dumazet
  - Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Ondrej Mosnacek
    - Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Eric Dumazet
      - Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Paul Moore
    - Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Paul Moore
- Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Paul Moore
[PATCH testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls, Ondrej Mosnacek
- Re: [PATCH testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls, Ondrej Mosnacek
RFC: Adding a dyntrans in systemd pid1's forking, Chris PeBenito
- Re: RFC: Adding a dyntrans in systemd pid1's forking, Chris PeBenito
  - Re: RFC: Adding a dyntrans in systemd pid1's forking, Kenton Groombridge
    - Re: RFC: Adding a dyntrans in systemd pid1's forking, Chris PeBenito
[PATCH] checkpolicy: avoid leak of identifier on required attribute, Christian Göttsche
- Re: [PATCH] checkpolicy: avoid leak of identifier on required attribute, James Carter
  - Re: [PATCH] checkpolicy: avoid leak of identifier on required attribute, James Carter
[PATCH] checkpolicy: avoid memory leaks on redeclarations, Christian Göttsche
- Re: [PATCH] checkpolicy: avoid memory leaks on redeclarations, James Carter
  - Re: [PATCH] checkpolicy: avoid memory leaks on redeclarations, James Carter
[PATCH 1/2] libselinux: make use of calloc(3), Christian Göttsche
- [PATCH 2/2] libselinux: avoid dynamic allocation in openattr(), Christian Göttsche
  - Re: [PATCH 2/2] libselinux: avoid dynamic allocation in openattr(), James Carter
    - Re: [PATCH 2/2] libselinux: avoid dynamic allocation in openattr(), Christian Göttsche
[PATCH v3 0/9] libselinux: rework selabel_file(5) database, Christian Göttsche
- [PATCH v3 3/9] libselinux: use more appropriate types in sidtab, Christian Göttsche
- [PATCH v3 2/9] libselinux/utils: introduce selabel_compare, Christian Göttsche
- [PATCH v3 4/9] libselinux: add unique id to sidtab entries, Christian Göttsche
- [PATCH v3 5/9] libselinux: sidtab updates, Christian Göttsche
- [PATCH v3 7/9] libselinux: remove unused hashtab code, Christian Göttsche
- [PATCH v3 9/9] libselinux: support parallel selabel_lookup(3), Christian Göttsche
- [PATCH v3 1/9] policycoreutils: introduce unsetfiles, Christian Göttsche
  - Re: [PATCH v3 1/9] policycoreutils: introduce unsetfiles, James Carter
    - Re: [PATCH v3 1/9] policycoreutils: introduce unsetfiles, James Carter
- [PATCH v3 8/9] libselinux: add selabel_file(5) fuzzer, Christian Göttsche
- [PATCH v3 6/9] libselinux: rework selabel_file(5) database, Christian Göttsche
[PATCH v4 1/6] libsepol: misc assertion cleanup, Christian Göttsche
- [PATCH v4 6/6] libsepol/tests: add cond xperm neverallow tests, Christian Göttsche
- [PATCH v4 3/6] checkpolicy: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v4 4/6] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v4 2/6] libsepol: add support for xperms in conditional policies, Christian Göttsche
  - Re: [PATCH v4 2/6] libsepol: add support for xperms in conditional policies, James Carter
- [PATCH v4 5/6] libsepol: indent printed allow rule on assertion failure, Christian Göttsche
[PATCH 1/3] libsepol/cil: Optionally allow duplicate role declarations, James Carter
- [PATCH 3/3] libsepol: Remove special handling of roles in module_to_cil.c, James Carter
- [PATCH 2/3] libsemanage: Optionally allow duplicate declarations, James Carter
- Re: [PATCH 1/3] libsepol/cil: Optionally allow duplicate role declarations, James Carter
  - Re: [PATCH 1/3] libsepol/cil: Optionally allow duplicate role declarations, James Carter
[syzbot] [selinux?] INFO: rcu detected stall in rw_verify_area (3), syzbot
[PATCH next] lsm: Fix signedness bug in selinux_secid_to_secctx(), Dan Carpenter
- Re: [PATCH next] lsm: Fix signedness bug in selinux_secid_to_secctx(), Casey Schaufler
- Re: [PATCH next] lsm: Fix signedness bug in selinux_secid_to_secctx(), Paul Moore
Setrans ambiguous translations, Sloane, Brandon
[PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read(), Vit Mojzis
- Re: [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read(), James Carter
  - Re: [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read(), James Carter
[PATCH 1/2] libselinux/setexecfilecon: Remove useless rc check, Vit Mojzis
- [PATCH 2/2] libselinux/matchpathcon: RESOURCE_LEAK: Variable "con", Vit Mojzis
- Re: [PATCH 1/2] libselinux/setexecfilecon: Remove useless rc check, James Carter
  - Re: [PATCH 1/2] libselinux/setexecfilecon: Remove useless rc check, James Carter
[PATCH v3 1/6] libsepol: misc assertion cleanup, Christian Göttsche
- [PATCH v3 2/6] libsepol: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v3 5/6] libsepol: indent printed allow rule on assertion failure, Christian Göttsche
- [PATCH v3 6/6] libsepol/tests: add cond xperm neverallow tests, Christian Göttsche
- [PATCH v3 3/6] checkpolicy: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
  - Re: [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies, James Carter
    - Re: [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
      - Re: [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies, James Carter
[PATCH 1/3] check-syntax: update arguments for astyle v3.2 (possibly earlier), Paul Moore
- [PATCH 2/3] check-syntax: ignore "bad" astyle versions, Paul Moore
- [PATCH 3/3] all: coding style fixes, Paul Moore
- Re: [PATCH 1/3] check-syntax: update arguments for astyle v3.2 (possibly earlier), Ondrej Mosnacek
[PATCH v2 1/4] libsepol: misc assertion cleanup, Christian Göttsche
- [PATCH v2 4/4] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v2 3/4] checkpolicy: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v2 2/4] libsepol: add support for xperms in conditional policies, Christian Göttsche
  - Re: [PATCH v2 2/4] libsepol: add support for xperms in conditional policies, Christian Göttsche
[PATCH 0/2] restorecond: GLib IO channel fixes, Fabian Vogt
- [PATCH 1/2] restorecond: Set GLib IO channels to binary mode, Fabian Vogt
  - Re: [PATCH 1/2] restorecond: Set GLib IO channels to binary mode, James Carter
    - Re: [PATCH 1/2] restorecond: Set GLib IO channels to binary mode, James Carter
- [PATCH 2/2] restorecond: Set GLib IO channels to nonblocking, Fabian Vogt
[PATCH v3 0/5] LSM: Replace secctx/len pairs with lsm_context, Casey Schaufler

[Index of Archives] [Selinux Refpolicy] [Fedora Users] [Fedora Desktop] [Kernel] [KDE Users] [Gnome Users]