Security Enhanced Linux (SELINUX)

Date Index

[Prev Page][Next Page]

[PATCH userspace 0/4] ci: fix and migrate the testsuite part to Testing Farm, Ondrej Mosnacek
- [PATCH userspace 2/4] ci: update Python versions, Ondrej Mosnacek
- [PATCH userspace 1/4] ci: use Testing Farm for running the testsuite, Ondrej Mosnacek
- [PATCH userspace 3/4] ci: add missing libbz2-dev dependency, Ondrej Mosnacek
- [PATCH userspace 4/4] ci: fix pypy conditional, Ondrej Mosnacek
[no subject], Unknown
[RFC PATCH 00/44] SELinux namespace support, Stephen Smalley
- [RFC PATCH 05/44] netstate,selinux: create the selinux netlink socket per network namespace, Stephen Smalley
- [RFC PATCH 04/44] selinux: dynamically allocate selinux namespace, Stephen Smalley
- [RFC PATCH 03/44] selinux: support multiple selinuxfs instances, Stephen Smalley
- [RFC PATCH 06/44] selinux: support per-task/cred selinux namespace, Stephen Smalley
- [RFC PATCH 08/44] selinux: add a selinuxfs interface to unshare selinux namespace, Stephen Smalley
- [RFC PATCH 02/44] selinux: introduce current_selinux_state, Stephen Smalley
- [RFC PATCH 09/44] selinuxfs: restrict write operations to the same selinux namespace, Stephen Smalley
- [RFC PATCH 07/44] selinux: introduce cred_selinux_state() and use it, Stephen Smalley
- [RFC PATCH 01/44] selinux: restore passing of selinux_state, Stephen Smalley
- [RFC PATCH 14/44] selinux: introduce cred_has_extended_perms(), Stephen Smalley
- [RFC PATCH 12/44] selinux: update hook functions to use correct selinux namespace, Stephen Smalley
- [RFC PATCH 17/44] selinux: introduce cred_ssid_has_perm() and cred_other_has_perm(), Stephen Smalley
- [RFC PATCH 15/44] selinux: introduce cred_self_has_perm(), Stephen Smalley
- [RFC PATCH 10/44] selinux: introduce a global SID table, Stephen Smalley
- [RFC PATCH 18/44] selinux: introduce task_obj_perm(), Stephen Smalley
- [RFC PATCH 13/44] selinux: introduce cred_task_has_perm(), Stephen Smalley
- [RFC PATCH 19/44] selinux: fix selinux_lsm_getattr() check, Stephen Smalley
- [RFC PATCH 20/44] selinux: update bprm hooks for selinux namespaces, Stephen Smalley
- [RFC PATCH 16/44] selinux: introduce cred_has_perm(), Stephen Smalley
- [RFC PATCH 11/44] selinux: wrap security server interfaces to use the global SID table, Stephen Smalley
- [RFC PATCH 22/44] selinux: convert selinux_file_send_sigiotask() to namespace-aware helper, Stephen Smalley
- [RFC PATCH 21/44] selinux: add kerneldoc to new permission checking functions, Stephen Smalley
- [RFC PATCH 26/44] selinux: annotate selinuxfs permission checks, Stephen Smalley
- [RFC PATCH 24/44] selinux: convert additional checks to cred_ssid_has_perm(), Stephen Smalley
- [RFC PATCH 23/44] selinux: rename cred_has_perm*() to cred_tsid_has_perm*(), Stephen Smalley
- [RFC PATCH 27/44] selinux: annotate process transition permission checks, Stephen Smalley
- [RFC PATCH 29/44] selinux: switch selinux_lsm_setattr() checks to current namespace, Stephen Smalley
- [RFC PATCH 31/44] selinux: fix namespace creation, Stephen Smalley
- [RFC PATCH 28/44] selinux: convert xfrm and netlabel permission checks, Stephen Smalley
- [RFC PATCH 25/44] selinux: introduce selinux_state_has_perm(), Stephen Smalley
- [RFC PATCH 30/44] selinux: add limits for SELinux namespaces, Stephen Smalley
- [RFC PATCH 32/44] selinux: limit selinux netlink notifications to init namespace, Stephen Smalley
- [RFC PATCH 33/44] selinux: refactor selinux_state_create(), Stephen Smalley
- [RFC PATCH 37/44] selinux: disallow writes to /sys/fs/selinux/user in non-init namespaces, Stephen Smalley
- [RFC PATCH 36/44] selinux: set initial SID context for init to "kernel" in global SID table, Stephen Smalley
- [RFC PATCH 38/44] selinux: convert nlmsg_sock_has_extended_perms() to namespace-aware, Stephen Smalley
- [RFC PATCH 34/44] selinux: make open_perms namespace-aware, Stephen Smalley
- [RFC PATCH 35/44] selinux: split cred_ssid_has_perm() into two cases, Stephen Smalley
- [RFC PATCH 39/44] selinux: defer inode init on current selinux state, Stephen Smalley
- [RFC PATCH 41/44] selinux: allow userspace to detect non-init SELinux namespace, Stephen Smalley
- [RFC PATCH 40/44] selinux: init inode from nearest initialized namespace, Stephen Smalley
- [RFC PATCH 42/44] selinux: exempt creation of init SELinux namespace from limits, Stephen Smalley
- [RFC PATCH 43/44] selinux: introduce a Kconfig option for SELinux namespaces, Stephen Smalley
- [RFC PATCH 44/44] selinux: fix inode initialization when no namespace is initialized, Stephen Smalley
[PATCH 2/2] python: fix typos, Christian Göttsche
- [PATCH 1/2] libsepol: fix typos, Christian Göttsche
[PATCH] libselinux: avoid quadratic complexity for many regex specs validation, Christian Göttsche
[PATCH] semanage: improve -e documentation and fix delete operation, Christian Göttsche
[PATCH] libselinux: update max node depth, Christian Göttsche
[PATCH linux-next 0/2] Fix perf security check problem, Luo Gengkun
- [PATCH linux-next 1/2] perf: Remove unnecessary parameter of security check, Luo Gengkun
  - Re: [PATCH linux-next 1/2] perf: Remove unnecessary parameter of security check, Paul Moore
- [PATCH linux-next 2/2] perf: Return EACCESS when need perfmon capability, Luo Gengkun
[PATCH v2] selinux: match extended permissions to their base permissions, Thiébaud Weksteen
- Re: [PATCH v2] selinux: match extended permissions to their base permissions, Paul Moore
[PATCH 1/2] lsm: add LSM hooks for io_uring_setup(), Hamza Mahfooz
[PATCH] lsm,io_uring: add LSM hooks for io_uring_setup(), Hamza Mahfooz
- Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup(), Jens Axboe
- Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup(), Casey Schaufler
  - Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup(), Paul Moore
selinux@xxxxxxxxxxxxxxx CDIF Comprobante 15:02, pago214
ANN: SELinux userspace 3.8-rc3 release, Petr Lautrbach
[GIT PULL] selinux/selinux-pr-20241217, Paul Moore
- Re: [GIT PULL] selinux/selinux-pr-20241217, pr-tracker-bot
[PATCH 0/6] Audit: Records for multiple security contexts, Casey Schaufler
- [PATCH 3/6] LSM: security_lsmblob_to_secctx module selection, Casey Schaufler
- [PATCH 1/6] Audit: Create audit_stamp structure, Casey Schaufler
- [PATCH 2/6] Audit: Allow multiple records in an audit_buffer, Casey Schaufler
- [PATCH 6/6] Audit: Add record for multiple object contexts, Casey Schaufler
- [PATCH 4/6] Audit: Add record for multiple task security contexts, Casey Schaufler
- [PATCH 5/6] Audit: multiple subject lsm values for netlabel, Casey Schaufler
[PATCH] libselinux/fuzz: readjust load_mmap() update, Christian Göttsche
- Re: [PATCH] libselinux/fuzz: readjust load_mmap() update, Christian Göttsche
Re: kernel-secnext aarch64 builds missing?, Paul Moore
- Re: kernel-secnext aarch64 builds missing?, Paul Moore
  - Re: kernel-secnext aarch64 builds missing?, Paul Moore
    - Re: kernel-secnext aarch64 builds missing?, Ondrej Mosnacek
      - Re: kernel-secnext aarch64 builds missing?, Paul Moore
        
        Re: kernel-secnext aarch64 builds missing?, Ondrej Mosnacek
        
        Re: kernel-secnext aarch64 builds missing?, Paul Moore
[RFC PATCH 2/3] checkpolicy: add support for wildcard netifcon names, Christian Göttsche
- [RFC PATCH 3/3] secilc/test: add test for wildcard netifcon statement, Christian Göttsche
- [RFC PATCH 1/3] libsepol: update sort order for netifcon definitions, Christian Göttsche
[RFC PATCH] selinux: support wildcard network interface names, Christian Göttsche
[syzbot] [selinux?] [mm?] [overlayfs?] INFO: rcu detected stall in sys_mkdirat (2), syzbot
[RFC PATCH v2 01/22] selinux: supply missing field initializers, Christian Göttsche
- [RFC PATCH v2 04/22] selinux: rework match_ipv6_addrmask(), Christian Göttsche
- [RFC PATCH v2 02/22] selinux: avoid using types indicating user space interaction, Christian Göttsche
- [RFC PATCH v2 05/22] selinux: avoid nontransitive comparison, Christian Göttsche
- [RFC PATCH v2 03/22] selinux: align and constify functions, Christian Göttsche
- [RFC PATCH v2 06/22] selinux: rename comparison functions for clarity, Christian Göttsche
- [RFC PATCH v2 07/22] selinux: use known type instead of void pointer, Christian Göttsche
- [RFC PATCH v2 08/22] selinux: avoid unnecessary indirection in struct level_datum, Christian Göttsche
- [RFC PATCH v2 10/22] selinux: use u16 for security classes, Christian Göttsche
- [RFC PATCH v2 09/22] selinux: make use of str_read(), Christian Göttsche
- [RFC PATCH v2 12/22] selinux: check length fields in policies, Christian Göttsche
- [RFC PATCH v2 13/22] selinux: validate constraints, Christian Göttsche
- [RFC PATCH v2 11/22] selinux: more strict policy parsing, Christian Göttsche
- [RFC PATCH v2 14/22] selinux: pre-validate conditional expressions, Christian Göttsche
- [RFC PATCH v2 16/22] selinux: check type attr map overflows, Christian Göttsche
- [RFC PATCH v2 15/22] selinux: introduce ebitmap_highest_set_bit(), Christian Göttsche
- [RFC PATCH v2 17/22] selinux: reorder policydb_index(), Christian Göttsche
- [RFC PATCH v2 19/22] selinux: validate symbols, Christian Göttsche
- [RFC PATCH v2 18/22] selinux: beef up isvalid checks, Christian Göttsche
- [RFC PATCH v2 21/22] selinux: check for simple types, Christian Göttsche
- [RFC PATCH v2 20/22] selinux: more strict bounds check, Christian Göttsche
- [RFC PATCH v2 00/22] selinux: harden against malformed policies, Christian Göttsche
- [RFC PATCH v2 22/22] selinux: restrict policy strings, Christian Göttsche
  - Re: [RFC PATCH v2 22/22] selinux: restrict policy strings, Stephen Smalley
    - Re: [RFC PATCH v2 22/22] selinux: restrict policy strings, Joe Nall
[RFC PATCH v2] libselinux: restore previous regex spec ordering, Christian Göttsche
- Re: [RFC PATCH v2] libselinux: restore previous regex spec ordering, Takaya Saeki
- Re: [RFC PATCH v2] libselinux: restore previous regex spec ordering, James Carter
  - Re: [RFC PATCH v2] libselinux: restore previous regex spec ordering, James Carter
[PATCH] libsemanage: Mute error messages from selinux_restorecon, Vit Mojzis
- Re: [PATCH] libsemanage: Mute error messages from selinux_restorecon, James Carter
  - Re: [PATCH] libsemanage: Mute error messages from selinux_restorecon, James Carter
[PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Mikhail Ivanov
- Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Mickaël Salaün
  - Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Mikhail Ivanov
    - Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Stephen Smalley
      - Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Mikhail Ivanov
        
        Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Stephen Smalley
        
        Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind(), Paul Moore
3.8-rc2 will become rc3, Petr Lautrbach
The curious case of pidfs and pidfds, Paul Moore
- Re: The curious case of pidfs and pidfds, Stephen Smalley
  - Re: The curious case of pidfs and pidfds, Stephen Smalley
    - Re: The curious case of pidfs and pidfds, Paul Moore
      - Re: The curious case of pidfs and pidfds, Stephen Smalley
[RFC PATCH] libselinux: restore previous regex spec ordering, Christian Göttsche
- Re: [RFC PATCH] libselinux: restore previous regex spec ordering, Petr Lautrbach
  - Re: [RFC PATCH] libselinux: restore previous regex spec ordering, Takaya Saeki
[PATCH 1/9] Revert "libselinux/utils: drop reachable assert in sefcontext_compile", James Carter
- [PATCH 3/9] Revert "libselinux: simplify string formatting", James Carter
- [PATCH 2/9] Revert "libselinux/utils: use correct error handling", James Carter
- [PATCH 4/9] Revert "libselinux: use vector instead of linked list for substitutions", James Carter
- [PATCH 5/9] Revert "libselinux: avoid memory allocation in common file label lookup", James Carter
- [PATCH 7/9] Revert "libselinux: support parallel selabel_lookup(3)", James Carter
- [PATCH 6/9] Revert "libselinux: move functions out of header file", James Carter
- [PATCH 8/9] Revert "libselinux: add selabel_file(5) fuzzer", James Carter
- [PATCH 9/9] Revert "libselinux: rework selabel_file(5) database", James Carter
- Re: [PATCH 1/9] Revert "libselinux/utils: drop reachable assert in sefcontext_compile", James Carter
[PATCH] selinux: support wildcard match in genfscon, Takaya Saeki
- Re: [PATCH] selinux: support wildcard match in genfscon, Paul Moore
  - Re: [PATCH] selinux: support wildcard match in genfscon, Takaya Saeki
    - Re: [PATCH] selinux: support wildcard match in genfscon, Paul Moore
      - Re: [PATCH] selinux: support wildcard match in genfscon, Takaya Saeki
        
        Re: [PATCH] selinux: support wildcard match in genfscon, Paul Moore
        
        Re: [PATCH] selinux: support wildcard match in genfscon, Takaya Saeki
        
        Re: [PATCH] selinux: support wildcard match in genfscon, Paul Moore
        
        Re: [PATCH] selinux: support wildcard match in genfscon, Takaya Saeki
        
        Re: [PATCH] selinux: support wildcard match in genfscon, Paul Moore
      - Re: [PATCH] selinux: support wildcard match in genfscon, Stephen Smalley
Incompatible file_contexts precedence in 3.8-rc1, Takaya Saeki
- Re: Incompatible file_contexts precedence in 3.8-rc1, Christian Göttsche
  - Re: Incompatible file_contexts precedence in 3.8-rc1, Takaya Saeki
    - Re: Incompatible file_contexts precedence in 3.8-rc1, James Carter
[PATCH] selinux: KASAN; slab-out-of-bounds in avc_lookup, Joey Jiao
- Re: [PATCH] selinux: KASAN; slab-out-of-bounds in avc_lookup, Paul Moore
[PATCH] libselinux/fuzz: update for lookup_all() change, Christian Göttsche
- Re: [PATCH] libselinux/fuzz: update for lookup_all() change, James Carter
  - Re: [PATCH] libselinux/fuzz: update for lookup_all() change, James Carter
[RFC] genfscon wildcard support for faster sysfs labeling, Takaya Saeki
- Re: [RFC] genfscon wildcard support for faster sysfs labeling, Christian Göttsche
  - Re: [RFC] genfscon wildcard support for faster sysfs labeling, Takaya Saeki
    - Re: [RFC] genfscon wildcard support for faster sysfs labeling, Takaya Saeki
[PATCH] selinux: match extended permissions to their base permissions, Thiébaud Weksteen
- Re: [PATCH] selinux: match extended permissions to their base permissions, Paul Moore
  - Re: [PATCH] selinux: match extended permissions to their base permissions, Thiébaud Weksteen
[PATCH v2] selinux: add netlink nlmsg_type audit message, Thiébaud Weksteen
- Re: [PATCH v2] selinux: add netlink nlmsg_type audit message, Paul Moore
  - Re: [PATCH v2] selinux: add netlink nlmsg_type audit message, Thiébaud Weksteen
    - Re: [PATCH v2] selinux: add netlink nlmsg_type audit message, Paul Moore
[PATCH v2] selinux: ignore unknown extended permissions, Thiébaud Weksteen
- Message not available
  - Re: [PATCH v2] selinux: ignore unknown extended permissions, Thiébaud Weksteen
- Re: [PATCH v2] selinux: ignore unknown extended permissions, Paul Moore
[PATCH] libsepol: add missing word separators in error message, Christian Göttsche
- Re: [PATCH] libsepol: add missing word separators in error message, James Carter
  - Re: [PATCH] libsepol: add missing word separators in error message, James Carter
[PATCH] selinux: ignore unknown extended permissions, Thiébaud Weksteen
- Re: [PATCH] selinux: ignore unknown extended permissions, Paul Moore
Systemd socket labeling issue, Daniel Burgener
- Re: Systemd socket labeling issue, Daniel Burgener
[PATCH] libselinux/utils: drop reachable assert in sefcontext_compile, Christian Göttsche
[PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile, Christian Göttsche
- Re: [PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile, Petr Lautrbach
  - Re: [PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile, James Carter
    - Re: [PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile, James Carter
Regression in 92306daf5219 ("libselinux: rework selabel_file(5) database"), Petr Lautrbach
- Re: Regression in 92306daf5219 ("libselinux: rework selabel_file(5) database"), Petr Lautrbach
[RFC PATCH] Introduce POLICYDB_VERSION_KERNEL_MAX, Christian Göttsche
- Re: [RFC PATCH] Introduce POLICYDB_VERSION_KERNEL_MAX, Stephen Smalley
  - Re: [RFC PATCH] Introduce POLICYDB_VERSION_KERNEL_MAX, Christian Göttsche
[PATCH] checkpolicy: drop host bits in IPv6 CIDR address, Christian Göttsche
- Re: [PATCH] checkpolicy: drop host bits in IPv6 CIDR address, James Carter
  - Re: [PATCH] checkpolicy: drop host bits in IPv6 CIDR address, James Carter
[PATCH] libsepol: avoid unnecessary memset(3) calls in hashtab, Christian Göttsche
- Re: [PATCH] libsepol: avoid unnecessary memset(3) calls in hashtab, James Carter
  - Re: [PATCH] libsepol: avoid unnecessary memset(3) calls in hashtab, James Carter
[PATCH] libselinux/utils: use correct error handling, Christian Göttsche
- Re: [PATCH] libselinux/utils: use correct error handling, James Carter
  - Re: [PATCH] libselinux/utils: use correct error handling, James Carter
[RFC PATCH] ioctl: add test for conditional xperms, Christian Göttsche
- Re: [RFC PATCH] ioctl: add test for conditional xperms, Stephen Smalley
ANN: SELinux userspace 3.8-rc1 release, Petr Lautrbach
[PATCH v2] selinux: add generated av_permissions.h to targets, Thomas Weißschuh
- Re: [PATCH v2] selinux: add generated av_permissions.h to targets, Masahiro Yamada
- Re: [PATCH v2] selinux: add generated av_permissions.h to targets, Paul Moore
[PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Eric Dumazet
- Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Paul Moore
- Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Kuniyuki Iwashima
- Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), patchwork-bot+netdevbpf
  - Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Paul Moore
    - Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Jakub Kicinski
      - Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output(), Paul Moore
[syzbot] [selinux?] KASAN: slab-out-of-bounds Read in selinux_ip_output, syzbot
[PATCH v3 1/3] libselinux: avoid memory allocation in common file label lookup, Christian Göttsche
- [PATCH v3 2/3] libselinux: use vector instead of linked list for substitutions, Christian Göttsche
- [PATCH v3 3/3] libselinux: simplify string formatting, Christian Göttsche
- Re: [PATCH v3 1/3] libselinux: avoid memory allocation in common file label lookup, James Carter
  - Re: [PATCH v3 1/3] libselinux: avoid memory allocation in common file label lookup, James Carter
[PATCH v2] bpf, lsm: Remove getlsmprop hooks BTF IDs, Thomas Weißschuh
- Re: [PATCH v2] bpf, lsm: Remove getlsmprop hooks BTF IDs, patchwork-bot+netdevbpf
[PATCH v2 1/9] libsemanage: set O_CLOEXEC flag for file descriptors, Christian Göttsche
- [PATCH v2 2/9] libsemanage: handle cil_set_handle_unknown() failure, Christian Göttsche
- [PATCH v2 5/9] libsemanage: check closing written files, Christian Göttsche
- [PATCH v2 3/9] libsemanage: handle shell allocation failure, Christian Göttsche
- [PATCH v2 4/9] libsemanage: drop duplicate newlines and error descriptions in error messages, Christian Göttsche
- [PATCH v2 6/9] libsemanage: simplify file deletion, Christian Göttsche
- [PATCH v2 7/9] libsemanage: optimize policy by default, Christian Göttsche
- [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix, Christian Göttsche
  - Re: [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix, James Carter
    - Re: [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix, Petr Lautrbach
- [PATCH v2 8/9] libsemanage/man: add documentation for command overrides, Christian Göttsche
[PATCH v2 1/3] libselinux: avoid memory allocation in common file label lookup, Christian Göttsche
- [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions, Christian Göttsche
  - Re: [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions, James Carter
    - Re: [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions, Christian Göttsche
      - Re: [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions, James Carter
- [PATCH v2 3/3] libselinux: simplify string formatting, Christian Göttsche
[PATCH] selinux: use native iterator types, Christian Göttsche
- Re: [PATCH] selinux: use native iterator types, Paul Moore
  - RE: [PATCH] selinux: use native iterator types, David Laight
    - Re: [PATCH] selinux: use native iterator types, Linus Torvalds
      - Re: [PATCH] selinux: use native iterator types, Paul Moore
        
        Re: [PATCH] selinux: use native iterator types, Christian Göttsche
[PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs, Thomas Weißschuh
- Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs, Jiri Olsa
- Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs, Alexei Starovoitov
  - Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs, Thomas Weißschuh
    - Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs, Matt Bobrowski
[PATCH 1/2] libselinux: avoid memory allocation in common file label lookup, Christian Göttsche
- [PATCH 2/2] selinux: use vector instead of linked list for substitutions, Christian Göttsche
Re: [PATCH] mm/kmemleak: Fix sleeping function called from invalid context in kmemleak_seq_show, Alessandro Carminati
[PATCH 1/2] libsepol: harden availability check against user CFLAGS, Christian Göttsche
- [PATCH 2/2] libselinux: harden availability check against user CFLAGS, Christian Göttsche
- Re: [PATCH 1/2] libsepol: harden availability check against user CFLAGS, James Carter
  - Re: [PATCH 1/2] libsepol: harden availability check against user CFLAGS, James Carter
[PATCH v3 2/3] libselinux: avoid dynamic allocation in openattr(), Christian Göttsche
[PATCH v2 1/3] libselinux: make use of calloc(3), Christian Göttsche
- [PATCH v2 2/3] libselinux: avoid dynamic allocation in openattr(), Christian Göttsche
- [PATCH v2 3/3] libselinux: move functions out of header file, Christian Göttsche
- Re: [PATCH v2 1/3] libselinux: make use of calloc(3), James Carter
  - Re: [PATCH v2 1/3] libselinux: make use of calloc(3), James Carter
[PATCH] selinux: explicitly clean generated av_permissions.h, Thomas Weißschuh
- Re: [PATCH] selinux: explicitly clean generated av_permissions.h, Masahiro Yamada
  - Re: [PATCH] selinux: explicitly clean generated av_permissions.h, Thomas Weißschuh
  - Re: [PATCH] selinux: explicitly clean generated av_permissions.h, Paul Moore
[PATCH 00/17] testsuite: misc fixes and virtme-ng support, Christian Göttsche
- [PATCH 03/17] tools: quote command to prevent word splitting, Christian Göttsche
- [PATCH 04/17] tests: port scripts to sh and please shellcheck, Christian Göttsche
- [PATCH 02/17] Makefile: use $(MAKE) to pass options, Christian Göttsche
- [PATCH 06/17] Makefile: add PHONY targets, Christian Göttsche
- [PATCH 08/17] tests/notify: work with CONFIG_FANOTIFY disabled, Christian Göttsche
- [PATCH 12/17] tests/filesystem: improve fsnotify check and preload loop module, Christian Göttsche
- [PATCH 07/17] test: overlayfs related tweaks, Christian Göttsche
- [PATCH 13/17] defconfig: enable CONFIG_XFRM_USER, Christian Göttsche
- [PATCH 14/17] defconfig: enable CONFIG_NETFILTER_NETLINK_LOG, Christian Göttsche
- [PATCH 15/17] tests: test code tweaks, Christian Göttsche
- [PATCH 16/17] tests: fail on compiler warnings and enable Wextra, Christian Göttsche
- [PATCH 10/17] tests/tun_tap: skip if not supported, Christian Göttsche
- [PATCH 09/17] tests/extended_socket_class: work with CONFIG_CRYPTO_USER_API disabled, Christian Göttsche
- [PATCH 11/17] tests/inet_socket: skip mptcp if not supported, Christian Göttsche
- [PATCH 01/17] Fix typos, Christian Göttsche
- [PATCH 17/17] tests: drop headers from Makefile dependencies, Christian Göttsche
- [PATCH 05/17] tests: enable strictness for perl scripts, Christian Göttsche
[RFC PATCH 01/22] selinux: supply missing field initializers, Christian Göttsche
- [RFC PATCH 05/22] selinux: avoid nontransitive comparison, Christian Göttsche
- [RFC PATCH 02/22] selinux: avoid using types indicating user space interaction, Christian Göttsche
- [RFC PATCH 03/22] selinux: align and constify functions, Christian Göttsche
- [RFC PATCH 04/22] selinux: rework match_ipv6_addrmask(), Christian Göttsche
- [RFC PATCH 06/22] selinux: rename comparison functions for clarity, Christian Göttsche
  - Re: [RFC PATCH 06/22] selinux: rename comparison functions for clarity, Daniel Burgener
- [RFC PATCH 07/22] selinux: use known type instead of void pointer, Christian Göttsche
  - Re: [RFC PATCH 07/22] selinux: use known type instead of void pointer, Daniel Burgener
- [RFC PATCH 08/22] selinux: avoid unnecessary indirection in struct level_datum, Christian Göttsche
- [RFC PATCH 09/22] selinux: make use of str_read(), Christian Göttsche
- [RFC PATCH 10/22] selinux: use u16 for security classes, Christian Göttsche
- [RFC PATCH 11/22] selinux: more strict policy parsing, Christian Göttsche
  - Re: [RFC PATCH 11/22] selinux: more strict policy parsing, Thiébaud Weksteen
- [RFC PATCH 12/22] selinux: check length fields in policies, Christian Göttsche
- [RFC PATCH 13/22] selinux: validate constraints, Christian Göttsche
- [RFC PATCH 14/22] selinux: pre-validate conditional expressions, Christian Göttsche
- [RFC PATCH 15/22] selinux: introduce ebitmap_highest_set_bit(), Christian Göttsche
- [RFC PATCH 16/22] selinux: check type attr map overflows, Christian Göttsche
- [RFC PATCH 17/22] selinux: reorder policydb_index(), Christian Göttsche
- [RFC PATCH 18/22] selinux: beef up isvalid checks, Christian Göttsche
- [RFC PATCH 19/22] selinux: validate symbols, Christian Göttsche
- [RFC PATCH 20/22] selinux: more strict bounds check, Christian Göttsche
- [RFC PATCH 21/22] selinux: check for simple types, Christian Göttsche
- [RFC PATCH 00/22] selinux: harden against malformed policies, Christian Göttsche
  - Re: [RFC PATCH 00/22] selinux: harden against malformed policies, Daniel Burgener
    - Re: [RFC PATCH 00/22] selinux: harden against malformed policies, Christian Göttsche
- [RFC PATCH 22/22] selinux: restrict policy strings, Christian Göttsche
  - Re: [RFC PATCH 22/22] selinux: restrict policy strings, Daniel Burgener
    - Re: [RFC PATCH 22/22] selinux: restrict policy strings, Christian Göttsche
[PATCH] fixfiles: use `grep -F` when search in mounts, Petr Lautrbach
- Re: [PATCH] fixfiles: use `grep -F` when search in mounts, James Carter
  - Re: [PATCH] fixfiles: use `grep -F` when search in mounts, James Carter
[PATCH v1 1/2] libsepol: allow specifying SUBDIRS when building, dmitry . sharshakov
- [PATCH v1 2/2] libsemanage: allow specifying SUBDIRS when building, dmitry . sharshakov
- Re: [PATCH v1 1/2] libsepol: allow specifying SUBDIRS when building, James Carter
[GIT PULL] selinux/selinux-pr-20241112, Paul Moore
- Re: [GIT PULL] selinux/selinux-pr-20241112, pr-tracker-bot
[RFC PATCH] selinux: Fix SCTP error inconsistency in selinux_socket_bind(), Mikhail Ivanov
- Re: [PATCH RFC] selinux: Fix SCTP error inconsistency in selinux_socket_bind(), Paul Moore
Allow rule not having any effect?!, Ian Pilcher
- SOLVED: Allow rule not having any effect?!, Ian Pilcher
- Re: Allow rule not having any effect?!, Dominick Grift
How to write a policy for a "service wrapper"?, Ian Pilcher
- Re: How to write a policy for a "service wrapper"?, Dominick Grift
  - Re: How to write a policy for a "service wrapper"?, Ian Pilcher
[PATCH 01/47] libsemanage: white space cleanup, Christian Göttsche
- [PATCH 02/47] libsemanage: fix typo, Christian Göttsche
- [PATCH 05/47] libsemanage: drop dead variable, Christian Göttsche
- [PATCH 04/47] libsemanage: drop dead assignments, Christian Göttsche
- [PATCH 03/47] libsemanage: drop unused macro, Christian Göttsche
- [PATCH 06/47] libsemanage: drop unnecessary declarations, Christian Göttsche
- [PATCH 09/47] libsemanage: drop const from function declaration, Christian Göttsche
- [PATCH 08/47] libsemanage: drop duplicate include, Christian Göttsche
- [PATCH 07/47] libsemanage: drop unnecessary return statements, Christian Göttsche
- [PATCH 10/47] libsemanage: set O_CLOEXEC flag for file descriptors, Christian Göttsche
- [PATCH 11/47] libsemanage: check memory allocations, Christian Göttsche
- [PATCH 13/47] libsemanage: free resources on failed connect attempt, Christian Göttsche
- [PATCH 12/47] libsemanage: use unlink on non directory, Christian Göttsche
- [PATCH 15/47] libsemanage: avoid const dropping casts, Christian Göttsche
- [PATCH 19/47] libsemanage: avoid leak on realloc failure, Christian Göttsche
- [PATCH 17/47] libsemanage: drop casts to same type, Christian Göttsche
- [PATCH 20/47] libsemanage: use strtok_r for thread safety, Christian Göttsche
- [PATCH 14/47] libsemanage: declare file local function tables static, Christian Göttsche
- [PATCH 16/47] libsemanage: cast to unsigned char for character checking functions, Christian Göttsche
- [PATCH 18/47] libsemanage: fix asprintf error branch, Christian Göttsche
- [PATCH 21/47] libsemanage: handle cil_set_handle_unknown() failure, Christian Göttsche
- [PATCH 24/47] libsemanage: check for path formatting failures, Christian Göttsche
- [PATCH 25/47] libsemanage: introduce write_full wrapper, Christian Göttsche
- [PATCH 22/47] libsemanage: free ibdev names in semanage_ibendport_validate_local(), Christian Göttsche
- [PATCH 23/47] libsemanage: simplify malloc plus strcpy via strndup, Christian Göttsche
- [PATCH 31/47] libsemanage: adjust sizes to avoid implicit truncations, Christian Göttsche
- [PATCH 26/47] libsemanage: more strict value parsing, Christian Göttsche
- [PATCH 30/47] libsemanage: avoid misc function pointer casts, Christian Göttsche
- [PATCH 29/47] libsemanage: constify read only parameters and variables, Christian Göttsche
- [PATCH 37/47] libsemanage: preserve errno during internal logging, Christian Göttsche
- [PATCH 33/47] libsemanage: use size_t for hash input sizes, Christian Göttsche
- [PATCH 28/47] libsemanage: simplify loop exit, Christian Göttsche
- [PATCH 36/47] libsemanage: drop dead code, Christian Göttsche
- [PATCH 27/47] libsemanage: constify function pointer structures, Christian Göttsche
- [PATCH 38/47] libsemanage: avoid strerror(3), Christian Göttsche
- [PATCH 32/47] libsemanage: use asprintf(3) to simplify code, Christian Göttsche
- [PATCH 35/47] libsemanage: handle shell allocation failure, Christian Göttsche
- [PATCH 34/47] libsemanage: drop macros used once, Christian Göttsche
- [PATCH 41/47] libsemanage: check closing written files, Christian Göttsche
- [PATCH 42/47] libsemanage: simplify file deletion, Christian Göttsche
- [PATCH 44/47] libsemanage/man: add documentation for command overrides, Christian Göttsche
- [PATCH 45/47] libsemanage: skip sort of empty arrays, Christian Göttsche
- [PATCH 46/47] libsemanage: respect shell paths with /usr prefix, Christian Göttsche
- [PATCH 43/47] libsemanage: optimize policy by default, Christian Göttsche
- [PATCH 40/47] libsemanage: drop duplicate newlines and error descriptions in error messages, Christian Göttsche
- [PATCH 47/47] libsemanage/tests: misc cleanup, Christian Göttsche
- [PATCH 39/47] libsemanage: avoid writing directly to stderr, Christian Göttsche
- Re: [PATCH 01/47] libsemanage: white space cleanup, James Carter
  - Re: [PATCH 01/47] libsemanage: white space cleanup, James Carter
[PATCH v5 1/6] libsepol: misc assertion cleanup, Christian Göttsche
- [PATCH v5 5/6] libsepol: indent printed allow rule on assertion failure, Christian Göttsche
- [PATCH v5 2/6] libsepol: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v5 3/6] checkpolicy: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v5 4/6] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v5 6/6] libsepol/tests: add cond xperm neverallow tests, Christian Göttsche
- Re: [PATCH v5 1/6] libsepol: misc assertion cleanup, James Carter
  - Re: [PATCH v5 1/6] libsepol: misc assertion cleanup, James Carter
[PATCH] libsemanage: open lock_file with O_RDWR, Petr Lautrbach
- Re: [PATCH] libsemanage: open lock_file with O_RDWR, James Carter
  - Re: [PATCH] libsemanage: open lock_file with O_RDWR, James Carter
[PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Ondrej Mosnacek
- Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Eric Dumazet
  - Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Ondrej Mosnacek
    - Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Eric Dumazet
      - Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Paul Moore
    - Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Paul Moore
- Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free, Paul Moore
[PATCH testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls, Ondrej Mosnacek
- Re: [PATCH testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls, Ondrej Mosnacek
RFC: Adding a dyntrans in systemd pid1's forking, Chris PeBenito
- Re: RFC: Adding a dyntrans in systemd pid1's forking, Chris PeBenito
  - Re: RFC: Adding a dyntrans in systemd pid1's forking, Kenton Groombridge
    - Re: RFC: Adding a dyntrans in systemd pid1's forking, Chris PeBenito
[PATCH] checkpolicy: avoid leak of identifier on required attribute, Christian Göttsche
- Re: [PATCH] checkpolicy: avoid leak of identifier on required attribute, James Carter
  - Re: [PATCH] checkpolicy: avoid leak of identifier on required attribute, James Carter
[PATCH] checkpolicy: avoid memory leaks on redeclarations, Christian Göttsche
- Re: [PATCH] checkpolicy: avoid memory leaks on redeclarations, James Carter
  - Re: [PATCH] checkpolicy: avoid memory leaks on redeclarations, James Carter
[PATCH 1/2] libselinux: make use of calloc(3), Christian Göttsche
- [PATCH 2/2] libselinux: avoid dynamic allocation in openattr(), Christian Göttsche
  - Re: [PATCH 2/2] libselinux: avoid dynamic allocation in openattr(), James Carter
    - Re: [PATCH 2/2] libselinux: avoid dynamic allocation in openattr(), Christian Göttsche
[PATCH v3 0/9] libselinux: rework selabel_file(5) database, Christian Göttsche
- [PATCH v3 3/9] libselinux: use more appropriate types in sidtab, Christian Göttsche
- [PATCH v3 2/9] libselinux/utils: introduce selabel_compare, Christian Göttsche
- [PATCH v3 4/9] libselinux: add unique id to sidtab entries, Christian Göttsche
- [PATCH v3 5/9] libselinux: sidtab updates, Christian Göttsche
- [PATCH v3 7/9] libselinux: remove unused hashtab code, Christian Göttsche
- [PATCH v3 9/9] libselinux: support parallel selabel_lookup(3), Christian Göttsche
- [PATCH v3 1/9] policycoreutils: introduce unsetfiles, Christian Göttsche
  - Re: [PATCH v3 1/9] policycoreutils: introduce unsetfiles, James Carter
    - Re: [PATCH v3 1/9] policycoreutils: introduce unsetfiles, James Carter
- [PATCH v3 8/9] libselinux: add selabel_file(5) fuzzer, Christian Göttsche
- [PATCH v3 6/9] libselinux: rework selabel_file(5) database, Christian Göttsche
[PATCH v4 1/6] libsepol: misc assertion cleanup, Christian Göttsche
- [PATCH v4 6/6] libsepol/tests: add cond xperm neverallow tests, Christian Göttsche
- [PATCH v4 3/6] checkpolicy: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v4 4/6] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v4 2/6] libsepol: add support for xperms in conditional policies, Christian Göttsche
  - Re: [PATCH v4 2/6] libsepol: add support for xperms in conditional policies, James Carter
- [PATCH v4 5/6] libsepol: indent printed allow rule on assertion failure, Christian Göttsche
[PATCH 1/3] libsepol/cil: Optionally allow duplicate role declarations, James Carter
- [PATCH 3/3] libsepol: Remove special handling of roles in module_to_cil.c, James Carter
- [PATCH 2/3] libsemanage: Optionally allow duplicate declarations, James Carter
- Re: [PATCH 1/3] libsepol/cil: Optionally allow duplicate role declarations, James Carter
  - Re: [PATCH 1/3] libsepol/cil: Optionally allow duplicate role declarations, James Carter
[syzbot] [selinux?] INFO: rcu detected stall in rw_verify_area (3), syzbot
[PATCH next] lsm: Fix signedness bug in selinux_secid_to_secctx(), Dan Carpenter
- Re: [PATCH next] lsm: Fix signedness bug in selinux_secid_to_secctx(), Casey Schaufler
- Re: [PATCH next] lsm: Fix signedness bug in selinux_secid_to_secctx(), Paul Moore
Setrans ambiguous translations, Sloane, Brandon
[PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read(), Vit Mojzis
- Re: [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read(), James Carter
  - Re: [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read(), James Carter
[PATCH 1/2] libselinux/setexecfilecon: Remove useless rc check, Vit Mojzis
- [PATCH 2/2] libselinux/matchpathcon: RESOURCE_LEAK: Variable "con", Vit Mojzis
- Re: [PATCH 1/2] libselinux/setexecfilecon: Remove useless rc check, James Carter
  - Re: [PATCH 1/2] libselinux/setexecfilecon: Remove useless rc check, James Carter
[PATCH v3 1/6] libsepol: misc assertion cleanup, Christian Göttsche
- [PATCH v3 2/6] libsepol: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v3 5/6] libsepol: indent printed allow rule on assertion failure, Christian Göttsche
- [PATCH v3 6/6] libsepol/tests: add cond xperm neverallow tests, Christian Göttsche
- [PATCH v3 3/6] checkpolicy: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
  - Re: [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies, James Carter
    - Re: [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
      - Re: [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies, James Carter
[PATCH 1/3] check-syntax: update arguments for astyle v3.2 (possibly earlier), Paul Moore
- [PATCH 2/3] check-syntax: ignore "bad" astyle versions, Paul Moore
- [PATCH 3/3] all: coding style fixes, Paul Moore
- Re: [PATCH 1/3] check-syntax: update arguments for astyle v3.2 (possibly earlier), Ondrej Mosnacek
[PATCH v2 1/4] libsepol: misc assertion cleanup, Christian Göttsche
- [PATCH v2 4/4] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v2 3/4] checkpolicy: add support for xperms in conditional policies, Christian Göttsche
- [PATCH v2 2/4] libsepol: add support for xperms in conditional policies, Christian Göttsche
  - Re: [PATCH v2 2/4] libsepol: add support for xperms in conditional policies, Christian Göttsche
[PATCH 0/2] restorecond: GLib IO channel fixes, Fabian Vogt
- [PATCH 1/2] restorecond: Set GLib IO channels to binary mode, Fabian Vogt
  - Re: [PATCH 1/2] restorecond: Set GLib IO channels to binary mode, James Carter
    - Re: [PATCH 1/2] restorecond: Set GLib IO channels to binary mode, James Carter
- [PATCH 2/2] restorecond: Set GLib IO channels to nonblocking, Fabian Vogt
[PATCH v3 0/5] LSM: Replace secctx/len pairs with lsm_context, Casey Schaufler
- [PATCH v3 1/5] LSM: Ensure the correct LSM context releaser, Casey Schaufler
  - Re: [PATCH v3 1/5] LSM: Ensure the correct LSM context releaser, Paul Moore
  - Re: [PATCH v3 1/5] LSM: Ensure the correct LSM context releaser, Kees Bakker
    - Re: [PATCH v3 1/5] LSM: Ensure the correct LSM context releaser, Casey Schaufler
- [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Casey Schaufler
  - Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Pablo Neira Ayuso
    - Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Casey Schaufler
  - Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Paul Moore
    - Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Pablo Neira Ayuso
      - Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Pablo Neira Ayuso
        
        Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Casey Schaufler
        
        Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Pablo Neira Ayuso
        
        Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Casey Schaufler
        
        Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Paul Moore
        
        Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Paul Moore
        
        Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Casey Schaufler
        
        Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context, Paul Moore
- [PATCH v3 3/5] LSM: Use lsm_context in security_inode_getsecctx, Casey Schaufler
  - Re: [PATCH v3 3/5] LSM: Use lsm_context in security_inode_getsecctx, Paul Moore
- [PATCH v3 4/5] LSM: lsm_context in security_dentry_init_security, Casey Schaufler
  - Re: [PATCH v3 4/5] LSM: lsm_context in security_dentry_init_security, Paul Moore
- [PATCH v3 5/5] LSM: secctx provider check on release, Casey Schaufler
  - Re: [PATCH v3 5/5] LSM: secctx provider check on release, Paul Moore
[PATCH 1/3] libsepol: add support for xperms in conditional policies, Christian Göttsche
- [PATCH 2/3] checkpolicy: add support for xperms in conditional policies, Christian Göttsche
- [PATCH 3/3] libsepol/cil: add support for xperms in conditional policies, Christian Göttsche
- Re: [PATCH 1/3] libsepol: add support for xperms in conditional policies, James Carter
[PATCH] selinux: add support for xperms in conditional policies, Christian Göttsche
[PATCH] selinux: add netlink nlmsg_type audit message, Thiébaud Weksteen
- Re: [PATCH] selinux: add netlink nlmsg_type audit message, Paul Moore
  - Re: [PATCH] selinux: add netlink nlmsg_type audit message, Thiébaud Weksteen
    - Re: [PATCH] selinux: add netlink nlmsg_type audit message, Paul Moore
testsuite astyle options no longer supported, Stephen Smalley
- Re: testsuite astyle options no longer supported, Paul Moore
  - Re: testsuite astyle options no longer supported, Ondrej Mosnacek
[PATCH 1/4] libsepol/cil: Initialize avtab_datum on declaration, Vit Mojzis
- [PATCH 2/4] libsepol/mls: Do not destroy context on memory error, Vit Mojzis
  - Re: [PATCH 2/4] libsepol/mls: Do not destroy context on memory error, James Carter
- [PATCH 3/4] libsepol/cil/cil_post: Initialize tmp on declaration, Vit Mojzis
  - Re: [PATCH 3/4] libsepol/cil/cil_post: Initialize tmp on declaration, James Carter
- [PATCH 4/4] libsepol: Initialize "strs" on declaration, Vit Mojzis
  - Re: [PATCH 4/4] libsepol: Initialize "strs" on declaration, James Carter
- Re: [PATCH 1/4] libsepol/cil: Initialize avtab_datum on declaration, James Carter
  - [PATCH v2 1/4] libsepol/cil: Initialize avtab_datum on declaration, Vit Mojzis
    - [PATCH v2 2/4] libsepol/mls: Do not destroy context on memory error, Vit Mojzis
    - [PATCH v2 4/4] libsepol: Initialize "strs" on declaration, Vit Mojzis
    - [PATCH v2 3/4] libsepol/cil/cil_post: Initialize tmp on declaration, Vit Mojzis
    - Re: [PATCH v2 1/4] libsepol/cil: Initialize avtab_datum on declaration, James Carter
      - Re: [PATCH v2 1/4] libsepol/cil: Initialize avtab_datum on declaration, James Carter
[PATCH] libsepol: Support nlmsg xperms in assertions, Thiébaud Weksteen
- Re: [PATCH] libsepol: Support nlmsg xperms in assertions, James Carter
  - Re: [PATCH] libsepol: Support nlmsg xperms in assertions, James Carter
[PATCH] checkpolicy/fuzz: fix setjmp condition, Christian Göttsche
- Re: [PATCH] checkpolicy/fuzz: fix setjmp condition, James Carter
  - Re: [PATCH] checkpolicy/fuzz: fix setjmp condition, James Carter
[PATCH 1/4] libselinux: avoid errno modification by fclose(3), Christian Göttsche
- [PATCH 2/4] selinux: free memory in error branch, Christian Göttsche
- [PATCH 3/4] libsemanage: check for rewind(3) failure, Christian Göttsche
- [PATCH 4/4] selinux: set missing errno in failure branch, Christian Göttsche
- Re: [PATCH 1/4] libselinux: avoid errno modification by fclose(3), James Carter
  - Re: [PATCH 1/4] libselinux: avoid errno modification by fclose(3), James Carter
selinux_set_callback for policy load not triggering, Matthew Sheets
- Re: selinux_set_callback for policy load not triggering, Stephen Smalley
  - Re: selinux_set_callback for policy load not triggering, Stephen Smalley
    - Re: selinux_set_callback for policy load not triggering, Matthew Sheets
[PATCH 1/2] libselinux: fix swig bindings for 4.3.0, Petr Lautrbach
- [PATCH 2/2] libsemanage: fix swig bindings for 4.3.0, Petr Lautrbach
- Re: [PATCH 1/2] libselinux: fix swig bindings for 4.3.0, James Carter
  - Re: [PATCH 1/2] libselinux: fix swig bindings for 4.3.0, James Carter
[PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context, Casey Schaufler
- [PATCH v2 3/6] LSM: Use lsm_context in security_inode_getsecctx, Casey Schaufler
- [PATCH v2 1/6] LSM: Ensure the correct LSM context releaser, Casey Schaufler
  - Re: [PATCH v2 1/6] LSM: Ensure the correct LSM context releaser, sergeh
  - Re: [PATCH v2 1/6] LSM: Ensure the correct LSM context releaser, Paul Moore
    - Re: [PATCH v2 1/6] LSM: Ensure the correct LSM context releaser, Casey Schaufler
      - Re: [PATCH v2 1/6] LSM: Ensure the correct LSM context releaser, Paul Moore
- [PATCH v2 2/6] LSM: Replace context+len with lsm_context, Casey Schaufler
- [PATCH v2 4/6] LSM: lsm_context in security_dentry_init_security, Casey Schaufler
  - Re: [PATCH v2 4/6] LSM: lsm_context in security_dentry_init_security, Paul Moore
    - Re: [PATCH v2 4/6] LSM: lsm_context in security_dentry_init_security, Casey Schaufler
      - Re: [PATCH v2 4/6] LSM: lsm_context in security_dentry_init_security, Paul Moore
        
        Re: [PATCH v2 4/6] LSM: lsm_context in security_dentry_init_security, Casey Schaufler
- [PATCH v2 5/6] LSM: secctx provider check on release, Casey Schaufler
  - Re: [PATCH v2 5/6] LSM: secctx provider check on release, Paul Moore
    - Re: [PATCH v2 5/6] LSM: secctx provider check on release, Casey Schaufler
      - Re: [PATCH v2 5/6] LSM: secctx provider check on release, Paul Moore
- [PATCH v2 6/6] LSM: Use lsm_context in security_inode_notifysecctx, Casey Schaufler
- Re: [PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context, Serge E. Hallyn
  - Re: [PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context, Serge E. Hallyn
    - Re: [PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context, Casey Schaufler
  - Re: [PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context, Casey Schaufler
[PATCH v4 00/13] LSM: Move away from secids, Casey Schaufler
- [PATCH v4 04/13] Audit: maintain an lsm_prop in audit_context, Casey Schaufler
  - Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context, Paul Moore
    - Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context, Casey Schaufler
      - Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context, Paul Moore
        
        Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context, Casey Schaufler
        
        Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context, Paul Moore
- [PATCH v4 06/13] Audit: Update shutdown LSM data, Casey Schaufler
- [PATCH v4 07/13] LSM: Use lsm_prop in security_current_getsecid, Casey Schaufler
- [PATCH v4 08/13] LSM: Use lsm_prop in security_inode_getsecid, Casey Schaufler
- [PATCH v4 09/13] Audit: use an lsm_prop in audit_names, Casey Schaufler
- [PATCH v4 11/13] Audit: Change context data from secid to lsm_prop, Casey Schaufler
- [PATCH v4 10/13] LSM: Create new security_cred_getlsmprop LSM hook, Casey Schaufler
- [PATCH v4 12/13] Use lsm_prop for audit data, Casey Schaufler
- [PATCH v4 13/13] LSM: Remove lsm_prop scaffolding, Casey Schaufler
- [PATCH v4 03/13] LSM: Add lsmprop_to_secctx hook, Casey Schaufler
- [PATCH v4 01/13] LSM: Add the lsm_prop data structure., Casey Schaufler
  - Re: [PATCH v4 1/13] LSM: Add the lsm_prop data structure., Paul Moore
    - Re: [PATCH v4 1/13] LSM: Add the lsm_prop data structure., Casey Schaufler
  - Re: [PATCH v4 01/13] LSM: Add the lsm_prop data structure., John Johansen
- [PATCH v4 02/13] LSM: Use lsm_prop in security_audit_rule_match, Casey Schaufler
- [PATCH v4 05/13] LSM: Use lsm_prop in security_ipc_getsecid, Casey Schaufler
  - Re: [PATCH v4 5/13] LSM: Use lsm_prop in security_ipc_getsecid, Paul Moore
[PATCH v9 0/7] Improve the copy of task comm, Yafang Shao
- [PATCH v9 1/7] Get rid of __get_task_comm(), Yafang Shao
- [PATCH v9 2/7] auditsc: Replace memcpy() with strscpy(), Yafang Shao
- [PATCH v9 3/7] security: Replace memcpy() with get_task_comm(), Yafang Shao
- [PATCH v9 4/7] bpftool: Ensure task comm is always NUL-terminated, Yafang Shao
- [PATCH v9 5/7] mm/util: Fix possible race condition in kstrdup(), Yafang Shao
- [PATCH v9 6/7] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul}, Yafang Shao
- [PATCH v9 7/7] drm: Replace strcpy() with strscpy(), Yafang Shao
[PATCH v2] selinux: Deprecate /sys/fs/selinux/user, Stephen Smalley
- Re: [PATCH v2] selinux: Deprecate /sys/fs/selinux/user, Paul Moore
  - Re: [PATCH v2] selinux: Deprecate /sys/fs/selinux/user, Paul Moore
[PATCH] libselinux: formally deprecate security_compute_user(), Stephen Smalley
- Re: [PATCH] libselinux: formally deprecate security_compute_user(), Petr Lautrbach
  - Re: [PATCH] libselinux: formally deprecate security_compute_user(), James Carter
[PATCH] selinux: Deprecate /sys/fs/selinux/user, Stephen Smalley
- Re: [PATCH] selinux: Deprecate /sys/fs/selinux/user, Paul Moore
  - Re: [PATCH] selinux: Deprecate /sys/fs/selinux/user, Stephen Smalley
[PATCH v5.15-v6.1] selinux,smack: don't bypass permissions check in inode_setsecctx hook, Shivani Agarwal
[PATCH v5.10] selinux,smack: don't bypass permissions check in inode_setsecctx hook, Shivani Agarwal
[PATCH 1/2] selinux: streamline selinux_nlmsg_lookup(), Paul Moore
- [PATCH 2/2] selinux: apply clang format to security/selinux/nlmsgtab.c, Paul Moore
  - Re: [PATCH 2/2] selinux: apply clang format to security/selinux/nlmsgtab.c, Paul Moore
- Re: [PATCH 1/2] selinux: streamline selinux_nlmsg_lookup(), Thiébaud Weksteen
  - Re: [PATCH 1/2] selinux: streamline selinux_nlmsg_lookup(), Paul Moore
    - Re: [PATCH 1/2] selinux: streamline selinux_nlmsg_lookup(), Thiébaud Weksteen
- Re: [PATCH 1/2] selinux: streamline selinux_nlmsg_lookup(), Paul Moore
[PATCH] selinux,smack: properly reference the LSM blob in security_watch_key(), Paul Moore
- Re: [PATCH] selinux,smack: properly reference the LSM blob in security_watch_key(), Casey Schaufler
  - Re: [PATCH] selinux,smack: properly reference the LSM blob in security_watch_key(), Paul Moore
[PATCH] mm: call the security_mmap_file() LSM hook in remap_file_pages(), Paul Moore
- Re: [PATCH] mm: call the security_mmap_file() LSM hook in remap_file_pages(), Paul Moore
[PATCH 0/5] LSM: Replace secctx/len pairs with lsm_context, Casey Schaufler
- [PATCH 1/5] LSM: Replace context+len with lsm_context, Casey Schaufler
  - Re: [PATCH 1/5] LSM: Replace context+len with lsm_context, Todd Kjos
- [PATCH 2/5] LSM: Use lsm_context in security_inode_getsecctx, Casey Schaufler
- [PATCH 3/5] LSM: lsm_context in security_dentry_init_security, Casey Schaufler
- [PATCH 4/5] LSM: secctx provider check on release, Casey Schaufler
- [PATCH 5/5] LSM: Use lsm_context in security_inode_notifysecctx, Casey Schaufler
ANN: Reference Policy 2.20240916, Chris PeBenito
[GIT PULL] selinux/selinux-pr-20240911, Paul Moore
- Re: [GIT PULL] selinux/selinux-pr-20240911, pr-tracker-bot
[PATCH v3] selinux: Add netlink xperm support, Thiébaud Weksteen
- Re: [PATCH v3] selinux: Add netlink xperm support, Paul Moore
  - Re: [PATCH v3] selinux: Add netlink xperm support, Thiébaud Weksteen
    - Re: [PATCH v3] selinux: Add netlink xperm support, Paul Moore
  - Re: [PATCH v3] selinux: Add netlink xperm support, Paul Moore
[PATCH v3 00/13] LSM: Move away from secids, Casey Schaufler
- [PATCH v3 04/13] Audit: maintain an lsm_prop in audit_context, Casey Schaufler
- [PATCH v3 08/13] LSM: Use lsm_prop in security_inode_getsecid, Casey Schaufler
- [PATCH v3 09/13] Audit: use an lsm_prop in audit_names, Casey Schaufler
- [PATCH v3 10/13] LSM: Create new security_cred_getlsmprop LSM hook, Casey Schaufler
- [PATCH v3 11/13] Audit: Change context data from secid to lsm_prop, Casey Schaufler
- [PATCH v3 12/13] Use lsm_prop for audit data, Casey Schaufler
- [PATCH v3 13/13] LSM: Remove lsm_prop scaffolding, Casey Schaufler
- [PATCH v3 01/13] LSM: Add the lsm_prop data structure., Casey Schaufler
- [PATCH v3 03/13] LSM: Add lsmprop_to_secctx hook, Casey Schaufler
- [PATCH v3 02/13] LSM: Use lsm_prop in security_audit_rule_match, Casey Schaufler
- [PATCH v3 06/13] Audit: Update shutdown LSM data, Casey Schaufler
- [PATCH v3 07/13] LSM: Use lsm_prop in security_current_getsecid, Casey Schaufler
- [PATCH v3 05/13] LSM: Use lsm_prop in security_ipc_getsecid, Casey Schaufler
[PATCH v2] selinux: Add netlink xperm support, Thiébaud Weksteen
- Re: [PATCH v2] selinux: Add netlink xperm support, Stephen Smalley
- Re: [PATCH v2] selinux: Add netlink xperm support, Paul Moore
  - Re: [PATCH v2] selinux: Add netlink xperm support, Thiébaud Weksteen
[PATCH testsuite] policy/test_filesystem.te: fix policy for NFS over a symlinked directory, Ondrej Mosnacek
- Re: [PATCH testsuite] policy/test_filesystem.te: fix policy for NFS over a symlinked directory, Stephen Smalley
  - Re: [PATCH testsuite] policy/test_filesystem.te: fix policy for NFS over a symlinked directory, Ondrej Mosnacek
[PATCH v2 1/2] selinux: do not include <linux/*.h> headers from host programs, Masahiro Yamada
- [PATCH v2 2/2] selinux: move genheaders to security/selinux/, Masahiro Yamada

[Index of Archives] [Selinux Refpolicy] [Fedora Users] [Fedora Desktop] [Kernel] [KDE Users] [Gnome Users]