Security Enhanced Linux (SELINUX)
[Prev Page][Next Page]
- ANN: SELinux userspace 3.8-rc1 release, Petr Lautrbach
- [PATCH v2] selinux: add generated av_permissions.h to targets,
Thomas Weißschuh
- [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(),
Eric Dumazet
- [syzbot] [selinux?] KASAN: slab-out-of-bounds Read in selinux_ip_output, syzbot
- [PATCH v3 1/3] libselinux: avoid memory allocation in common file label lookup,
Christian Göttsche
- [PATCH v2] bpf, lsm: Remove getlsmprop hooks BTF IDs,
Thomas Weißschuh
- [PATCH v2 1/9] libsemanage: set O_CLOEXEC flag for file descriptors,
Christian Göttsche
- [PATCH v2 1/3] libselinux: avoid memory allocation in common file label lookup,
Christian Göttsche
- [PATCH] selinux: use native iterator types, Christian Göttsche
- [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs,
Thomas Weißschuh
- [PATCH 1/2] libselinux: avoid memory allocation in common file label lookup,
Christian Göttsche
- Re: [PATCH] mm/kmemleak: Fix sleeping function called from invalid context in kmemleak_seq_show, Alessandro Carminati
- [PATCH 1/2] libsepol: harden availability check against user CFLAGS,
Christian Göttsche
- [PATCH v3 2/3] libselinux: avoid dynamic allocation in openattr(), Christian Göttsche
- [PATCH v2 1/3] libselinux: make use of calloc(3),
Christian Göttsche
- [PATCH] selinux: explicitly clean generated av_permissions.h,
Thomas Weißschuh
- [PATCH 00/17] testsuite: misc fixes and virtme-ng support,
Christian Göttsche
- [PATCH 03/17] tools: quote command to prevent word splitting, Christian Göttsche
- [PATCH 04/17] tests: port scripts to sh and please shellcheck, Christian Göttsche
- [PATCH 02/17] Makefile: use $(MAKE) to pass options, Christian Göttsche
- [PATCH 06/17] Makefile: add PHONY targets, Christian Göttsche
- [PATCH 08/17] tests/notify: work with CONFIG_FANOTIFY disabled, Christian Göttsche
- [PATCH 12/17] tests/filesystem: improve fsnotify check and preload loop module, Christian Göttsche
- [PATCH 07/17] test: overlayfs related tweaks, Christian Göttsche
- [PATCH 13/17] defconfig: enable CONFIG_XFRM_USER, Christian Göttsche
- [PATCH 14/17] defconfig: enable CONFIG_NETFILTER_NETLINK_LOG, Christian Göttsche
- [PATCH 15/17] tests: test code tweaks, Christian Göttsche
- [PATCH 16/17] tests: fail on compiler warnings and enable Wextra, Christian Göttsche
- [PATCH 10/17] tests/tun_tap: skip if not supported, Christian Göttsche
- [PATCH 09/17] tests/extended_socket_class: work with CONFIG_CRYPTO_USER_API disabled, Christian Göttsche
- [PATCH 11/17] tests/inet_socket: skip mptcp if not supported, Christian Göttsche
- [PATCH 01/17] Fix typos, Christian Göttsche
- [PATCH 17/17] tests: drop headers from Makefile dependencies, Christian Göttsche
- [PATCH 05/17] tests: enable strictness for perl scripts, Christian Göttsche
- [RFC PATCH 01/22] selinux: supply missing field initializers,
Christian Göttsche
- [RFC PATCH 05/22] selinux: avoid nontransitive comparison, Christian Göttsche
- [RFC PATCH 02/22] selinux: avoid using types indicating user space interaction, Christian Göttsche
- [RFC PATCH 03/22] selinux: align and constify functions, Christian Göttsche
- [RFC PATCH 04/22] selinux: rework match_ipv6_addrmask(), Christian Göttsche
- [RFC PATCH 06/22] selinux: rename comparison functions for clarity, Christian Göttsche
- [RFC PATCH 07/22] selinux: use known type instead of void pointer, Christian Göttsche
- [RFC PATCH 08/22] selinux: avoid unnecessary indirection in struct level_datum, Christian Göttsche
- [RFC PATCH 09/22] selinux: make use of str_read(), Christian Göttsche
- [RFC PATCH 10/22] selinux: use u16 for security classes, Christian Göttsche
- [RFC PATCH 11/22] selinux: more strict policy parsing, Christian Göttsche
- [RFC PATCH 12/22] selinux: check length fields in policies, Christian Göttsche
- [RFC PATCH 13/22] selinux: validate constraints, Christian Göttsche
- [RFC PATCH 14/22] selinux: pre-validate conditional expressions, Christian Göttsche
- [RFC PATCH 15/22] selinux: introduce ebitmap_highest_set_bit(), Christian Göttsche
- [RFC PATCH 16/22] selinux: check type attr map overflows, Christian Göttsche
- [RFC PATCH 17/22] selinux: reorder policydb_index(), Christian Göttsche
- [RFC PATCH 18/22] selinux: beef up isvalid checks, Christian Göttsche
- [RFC PATCH 19/22] selinux: validate symbols, Christian Göttsche
- [RFC PATCH 20/22] selinux: more strict bounds check, Christian Göttsche
- [RFC PATCH 21/22] selinux: check for simple types, Christian Göttsche
- [RFC PATCH 00/22] selinux: harden against malformed policies, Christian Göttsche
- [RFC PATCH 22/22] selinux: restrict policy strings, Christian Göttsche
- [PATCH] fixfiles: use `grep -F` when search in mounts,
Petr Lautrbach
- [PATCH v1 1/2] libsepol: allow specifying SUBDIRS when building,
dmitry . sharshakov
- [GIT PULL] selinux/selinux-pr-20241112,
Paul Moore
- [RFC PATCH] selinux: Fix SCTP error inconsistency in selinux_socket_bind(), Mikhail Ivanov
- Allow rule not having any effect?!,
Ian Pilcher
- How to write a policy for a "service wrapper"?,
Ian Pilcher
- [PATCH 01/47] libsemanage: white space cleanup,
Christian Göttsche
- [PATCH 02/47] libsemanage: fix typo, Christian Göttsche
- [PATCH 05/47] libsemanage: drop dead variable, Christian Göttsche
- [PATCH 04/47] libsemanage: drop dead assignments, Christian Göttsche
- [PATCH 03/47] libsemanage: drop unused macro, Christian Göttsche
- [PATCH 06/47] libsemanage: drop unnecessary declarations, Christian Göttsche
- [PATCH 09/47] libsemanage: drop const from function declaration, Christian Göttsche
- [PATCH 08/47] libsemanage: drop duplicate include, Christian Göttsche
- [PATCH 07/47] libsemanage: drop unnecessary return statements, Christian Göttsche
- [PATCH 10/47] libsemanage: set O_CLOEXEC flag for file descriptors, Christian Göttsche
- [PATCH 11/47] libsemanage: check memory allocations, Christian Göttsche
- [PATCH 13/47] libsemanage: free resources on failed connect attempt, Christian Göttsche
- [PATCH 12/47] libsemanage: use unlink on non directory, Christian Göttsche
- [PATCH 15/47] libsemanage: avoid const dropping casts, Christian Göttsche
- [PATCH 19/47] libsemanage: avoid leak on realloc failure, Christian Göttsche
- [PATCH 17/47] libsemanage: drop casts to same type, Christian Göttsche
- [PATCH 20/47] libsemanage: use strtok_r for thread safety, Christian Göttsche
- [PATCH 14/47] libsemanage: declare file local function tables static, Christian Göttsche
- [PATCH 16/47] libsemanage: cast to unsigned char for character checking functions, Christian Göttsche
- [PATCH 18/47] libsemanage: fix asprintf error branch, Christian Göttsche
- [PATCH 21/47] libsemanage: handle cil_set_handle_unknown() failure, Christian Göttsche
- [PATCH 24/47] libsemanage: check for path formatting failures, Christian Göttsche
- [PATCH 25/47] libsemanage: introduce write_full wrapper, Christian Göttsche
- [PATCH 22/47] libsemanage: free ibdev names in semanage_ibendport_validate_local(), Christian Göttsche
- [PATCH 23/47] libsemanage: simplify malloc plus strcpy via strndup, Christian Göttsche
- [PATCH 31/47] libsemanage: adjust sizes to avoid implicit truncations, Christian Göttsche
- [PATCH 26/47] libsemanage: more strict value parsing, Christian Göttsche
- [PATCH 30/47] libsemanage: avoid misc function pointer casts, Christian Göttsche
- [PATCH 29/47] libsemanage: constify read only parameters and variables, Christian Göttsche
- [PATCH 37/47] libsemanage: preserve errno during internal logging, Christian Göttsche
- [PATCH 33/47] libsemanage: use size_t for hash input sizes, Christian Göttsche
- [PATCH 28/47] libsemanage: simplify loop exit, Christian Göttsche
- [PATCH 36/47] libsemanage: drop dead code, Christian Göttsche
- [PATCH 27/47] libsemanage: constify function pointer structures, Christian Göttsche
- [PATCH 38/47] libsemanage: avoid strerror(3), Christian Göttsche
- [PATCH 32/47] libsemanage: use asprintf(3) to simplify code, Christian Göttsche
- [PATCH 35/47] libsemanage: handle shell allocation failure, Christian Göttsche
- [PATCH 34/47] libsemanage: drop macros used once, Christian Göttsche
- [PATCH 41/47] libsemanage: check closing written files, Christian Göttsche
- [PATCH 42/47] libsemanage: simplify file deletion, Christian Göttsche
- [PATCH 44/47] libsemanage/man: add documentation for command overrides, Christian Göttsche
- [PATCH 45/47] libsemanage: skip sort of empty arrays, Christian Göttsche
- [PATCH 46/47] libsemanage: respect shell paths with /usr prefix, Christian Göttsche
- [PATCH 43/47] libsemanage: optimize policy by default, Christian Göttsche
- [PATCH 40/47] libsemanage: drop duplicate newlines and error descriptions in error messages, Christian Göttsche
- [PATCH 47/47] libsemanage/tests: misc cleanup, Christian Göttsche
- [PATCH 39/47] libsemanage: avoid writing directly to stderr, Christian Göttsche
- Re: [PATCH 01/47] libsemanage: white space cleanup, James Carter
- [PATCH v5 1/6] libsepol: misc assertion cleanup,
Christian Göttsche
- [PATCH] libsemanage: open lock_file with O_RDWR,
Petr Lautrbach
- [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free,
Ondrej Mosnacek
- [PATCH testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls,
Ondrej Mosnacek
- RFC: Adding a dyntrans in systemd pid1's forking,
Chris PeBenito
- [PATCH] checkpolicy: avoid leak of identifier on required attribute,
Christian Göttsche
- [PATCH] checkpolicy: avoid memory leaks on redeclarations,
Christian Göttsche
- [PATCH 1/2] libselinux: make use of calloc(3),
Christian Göttsche
- [PATCH v3 0/9] libselinux: rework selabel_file(5) database,
Christian Göttsche
- [PATCH v4 1/6] libsepol: misc assertion cleanup,
Christian Göttsche
- [PATCH 1/3] libsepol/cil: Optionally allow duplicate role declarations,
James Carter
- [syzbot] [selinux?] INFO: rcu detected stall in rw_verify_area (3), syzbot
- [PATCH next] lsm: Fix signedness bug in selinux_secid_to_secctx(),
Dan Carpenter
- Setrans ambiguous translations, Sloane, Brandon
- [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read(),
Vit Mojzis
- [PATCH 1/2] libselinux/setexecfilecon: Remove useless rc check,
Vit Mojzis
- [PATCH v3 1/6] libsepol: misc assertion cleanup,
Christian Göttsche
- [PATCH 1/3] check-syntax: update arguments for astyle v3.2 (possibly earlier),
Paul Moore
- [PATCH v2 1/4] libsepol: misc assertion cleanup,
Christian Göttsche
- [PATCH 0/2] restorecond: GLib IO channel fixes,
Fabian Vogt
- [PATCH v3 0/5] LSM: Replace secctx/len pairs with lsm_context,
Casey Schaufler
- [PATCH 1/3] libsepol: add support for xperms in conditional policies,
Christian Göttsche
- [PATCH] selinux: add support for xperms in conditional policies, Christian Göttsche
- [PATCH] selinux: add netlink nlmsg_type audit message,
Thiébaud Weksteen
- testsuite astyle options no longer supported,
Stephen Smalley
- [PATCH 1/4] libsepol/cil: Initialize avtab_datum on declaration,
Vit Mojzis
- [PATCH] libsepol: Support nlmsg xperms in assertions,
Thiébaud Weksteen
- [PATCH] checkpolicy/fuzz: fix setjmp condition,
Christian Göttsche
- [PATCH 1/4] libselinux: avoid errno modification by fclose(3),
Christian Göttsche
- selinux_set_callback for policy load not triggering,
Matthew Sheets
- [PATCH 1/2] libselinux: fix swig bindings for 4.3.0,
Petr Lautrbach
- [PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context,
Casey Schaufler
- [PATCH v4 00/13] LSM: Move away from secids,
Casey Schaufler
- [PATCH v4 04/13] Audit: maintain an lsm_prop in audit_context, Casey Schaufler
- [PATCH v4 06/13] Audit: Update shutdown LSM data, Casey Schaufler
- [PATCH v4 07/13] LSM: Use lsm_prop in security_current_getsecid, Casey Schaufler
- [PATCH v4 08/13] LSM: Use lsm_prop in security_inode_getsecid, Casey Schaufler
- [PATCH v4 09/13] Audit: use an lsm_prop in audit_names, Casey Schaufler
- [PATCH v4 11/13] Audit: Change context data from secid to lsm_prop, Casey Schaufler
- [PATCH v4 10/13] LSM: Create new security_cred_getlsmprop LSM hook, Casey Schaufler
- [PATCH v4 12/13] Use lsm_prop for audit data, Casey Schaufler
- [PATCH v4 13/13] LSM: Remove lsm_prop scaffolding, Casey Schaufler
- [PATCH v4 03/13] LSM: Add lsmprop_to_secctx hook, Casey Schaufler
- [PATCH v4 01/13] LSM: Add the lsm_prop data structure., Casey Schaufler
- [PATCH v4 02/13] LSM: Use lsm_prop in security_audit_rule_match, Casey Schaufler
- [PATCH v4 05/13] LSM: Use lsm_prop in security_ipc_getsecid, Casey Schaufler
- [PATCH v9 0/7] Improve the copy of task comm,
Yafang Shao
- [PATCH v2] selinux: Deprecate /sys/fs/selinux/user,
Stephen Smalley
- [PATCH] libselinux: formally deprecate security_compute_user(),
Stephen Smalley
- [PATCH] selinux: Deprecate /sys/fs/selinux/user,
Stephen Smalley
- [PATCH v5.15-v6.1] selinux,smack: don't bypass permissions check in inode_setsecctx hook, Shivani Agarwal
- [PATCH v5.10] selinux,smack: don't bypass permissions check in inode_setsecctx hook, Shivani Agarwal
- [PATCH 1/2] selinux: streamline selinux_nlmsg_lookup(),
Paul Moore
- [PATCH] selinux,smack: properly reference the LSM blob in security_watch_key(),
Paul Moore
- [PATCH] mm: call the security_mmap_file() LSM hook in remap_file_pages(),
Paul Moore
- [PATCH 0/5] LSM: Replace secctx/len pairs with lsm_context,
Casey Schaufler
- ANN: Reference Policy 2.20240916, Chris PeBenito
- [GIT PULL] selinux/selinux-pr-20240911,
Paul Moore
- [PATCH v3] selinux: Add netlink xperm support,
Thiébaud Weksteen
- [PATCH v3 00/13] LSM: Move away from secids,
Casey Schaufler
- [PATCH v3 04/13] Audit: maintain an lsm_prop in audit_context, Casey Schaufler
- [PATCH v3 08/13] LSM: Use lsm_prop in security_inode_getsecid, Casey Schaufler
- [PATCH v3 09/13] Audit: use an lsm_prop in audit_names, Casey Schaufler
- [PATCH v3 10/13] LSM: Create new security_cred_getlsmprop LSM hook, Casey Schaufler
- [PATCH v3 11/13] Audit: Change context data from secid to lsm_prop, Casey Schaufler
- [PATCH v3 12/13] Use lsm_prop for audit data, Casey Schaufler
- [PATCH v3 13/13] LSM: Remove lsm_prop scaffolding, Casey Schaufler
- [PATCH v3 01/13] LSM: Add the lsm_prop data structure., Casey Schaufler
- [PATCH v3 03/13] LSM: Add lsmprop_to_secctx hook, Casey Schaufler
- [PATCH v3 02/13] LSM: Use lsm_prop in security_audit_rule_match, Casey Schaufler
- [PATCH v3 06/13] Audit: Update shutdown LSM data, Casey Schaufler
- [PATCH v3 07/13] LSM: Use lsm_prop in security_current_getsecid, Casey Schaufler
- [PATCH v3 05/13] LSM: Use lsm_prop in security_ipc_getsecid, Casey Schaufler
- [PATCH v2] selinux: Add netlink xperm support,
Thiébaud Weksteen
- [PATCH testsuite] policy/test_filesystem.te: fix policy for NFS over a symlinked directory,
Ondrej Mosnacek
- [PATCH v2 1/2] selinux: do not include <linux/*.h> headers from host programs,
Masahiro Yamada
- linux-next commit 0855feef5235 ("fsnotify: introduce pre-content permission event"),
Paul Moore
- [PATCH v2 0/8] Enable build system on macOS hosts,
Daniel Gomez via B4 Relay
- selinux-testsuite / NFS symlink issue,
Ondrej Mosnacek
- [PATCH] selinux: fix style problems in security/selinux/include/audit.h,
Paul Moore
- [PATCH v2 00/13] LSM: Move away from secids,
Casey Schaufler
- [PATCH v2 03/13] LSM: Add lsmblob_to_secctx hook, Casey Schaufler
- [PATCH v2 04/13] Audit: maintain an lsmblob in audit_context, Casey Schaufler
- [PATCH v2 08/13] LSM: Use lsmblob in security_inode_getsecid, Casey Schaufler
- [PATCH v2 07/13] LSM: Use lsmblob in security_current_getsecid, Casey Schaufler
- [PATCH v2 09/13] Audit: use an lsmblob in audit_names, Casey Schaufler
- [PATCH v2 10/13] LSM: Create new security_cred_getlsmblob LSM hook, Casey Schaufler
- [PATCH v2 12/13] Netlabel: Use lsmblob for audit data, Casey Schaufler
- [PATCH v2 13/13] LSM: Remove lsmblob scaffolding, Casey Schaufler
- [PATCH v2 01/13] LSM: Add the lsmblob data structure., Casey Schaufler
- [PATCH v2 02/13] LSM: Use lsmblob in security_audit_rule_match, Casey Schaufler
- [PATCH v2 05/13] LSM: Use lsmblob in security_ipc_getsecid, Casey Schaufler
- [PATCH v2 06/13] Audit: Update shutdown LSM data, Casey Schaufler
- [PATCH v2 11/13] Audit: Change context data from secid to lsmblob, Casey Schaufler
- [PATCH testsuite v2] tests/extended_socket_class: test SMC sockets,
Stephen Smalley
- [PATCH testsuite] policy,tests: add tests for netlink xperms,
Stephen Smalley
- [PATCH 0/1] selinux,smack: don't bypass permissions check in inode_setsecctx hook,
Scott Mayhew
- [PATCH v3] checkpolicy: Fix MLS users in optional blocks,
James Carter
- [PATCH RESEND] selinux: mark all newly created Internet domain sockets as labeled sockets,
Guido Trentalancia
- [PATCH v8 0/8] Improve the copy of task comm,
Yafang Shao
- [PATCH v8 1/8] Get rid of __get_task_comm(), Yafang Shao
- [PATCH v8 2/8] auditsc: Replace memcpy() with strscpy(), Yafang Shao
- [PATCH v8 3/8] security: Replace memcpy() with get_task_comm(), Yafang Shao
- [PATCH v8 4/8] bpftool: Ensure task comm is always NUL-terminated, Yafang Shao
- [PATCH v8 5/8] mm/util: Fix possible race condition in kstrdup(), Yafang Shao
- [PATCH v8 6/8] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul}, Yafang Shao
- [PATCH v8 7/8] net: Replace strcpy() with strscpy(), Yafang Shao
- [PATCH v8 8/8] drm: Replace strcpy() with strscpy(), Yafang Shao
- Re: [PATCH bpf-next 7/8] security,bpf: constify struct path in bpf_token_create() LSM hook,
Paul Moore
- [PATCH] selinux: replace kmem_cache_create() with KMEM_CACHE(),
ericsu
- [PATCH testsuite] tests/key_socket: skip the test if CONFIG_NET_KEY is not enabled,
Ondrej Mosnacek
- [PATCH net] sctp: fix association labeling in the duplicate COOKIE-ECHO case,
Ondrej Mosnacek
- [PATCH] selinux: annotate false positive data race to avoid KCSAN warnings,
Stephen Smalley
- [PATCH] selinux: mark all newly created Internet domain sockets as labeled sockets,
Guido Trentalancia
- [PATCH] libselinux: rename hashtab functions,
Thiébaud Weksteen
- [syzbot] [selinux?] KCSAN: data-race in inode_doinit_with_dentry / selinux_file_open, syzbot
- [PATCH 1/1] selinux: simplify avc_xperms_audit_required(),
Zhen Lei
- [PATCH 1/3] libsepol: Rename ioctl xperms structures and functions,
Thiébaud Weksteen
- [PATCH v3 1/2] fs: Fix file_set_fowner LSM hook inconsistencies,
Mickaël Salaün
- [PATCH] selinux: Add netlink xperm support,
Thiébaud Weksteen
- [PATCH] sepolgen-ifgen: allow M4 escaped filenames,
Petr Lautrbach
- [PATCH v7 0/8] Improve the copy of task comm,
Yafang Shao
- [PATCH v7 1/8] Get rid of __get_task_comm(), Yafang Shao
- [PATCH v7 2/8] auditsc: Replace memcpy() with strscpy(), Yafang Shao
- [PATCH v7 3/8] security: Replace memcpy() with get_task_comm(), Yafang Shao
- [PATCH v7 4/8] bpftool: Ensure task comm is always NUL-terminated, Yafang Shao
- [PATCH v7 5/8] mm/util: Fix possible race condition in kstrdup(), Yafang Shao
- [PATCH v7 6/8] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul}, Yafang Shao
- [PATCH v7 7/8] net: Replace strcpy() with strscpy(), Yafang Shao
- [PATCH v7 8/8] drm: Replace strcpy() with strscpy(), Yafang Shao
- Re: [PATCH v7 0/8] Improve the copy of task comm, Yafang Shao
- [PATCH testsuite] tests/extended_socket_class: test SMC sockets,
Stephen Smalley
- selinux: support IPPROTO_SMC in socket_type_to_security_class(),
Jeongjun Park
- [GIT PULL] selinux/selinux-pr-20240814,
Paul Moore
- kernel NULL pointer dereference in selinux_cred,
Jaihind Yadav (QUIC)
- [PATCH] selinux: fix Null pointer deference at sidtab_convert_hashtable(),
Samasth Norway Ananda
- [no subject], Unknown
- [PATCH] checkpolicy: Fix MLS users in optional blocks,
James Carter
- [PATCH v2] fs,security: Fix file_set_fowner LSM hook inconsistencies,
Mickaël Salaün
[Index of Archives]
[Selinux Refpolicy]
[Fedora Users]
[Fedora Desktop]
[Kernel]
[KDE Users]
[Gnome Users]