SELinux - Date Index

Thread Index

[Prev Page][Next Page]

[PATCH v4 04/21] block_dev: Support checking inode permissions in lookup_bdev()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 08/21] userns: Replace in_userns with current_in_userns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 16/21] fs: Allow superblock owner to access do_remount_sb()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 11/21] cred: Reject inodes with invalid ids in set_create_file_as()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 10/21] fs: Check for invalid i_uid in may_follow_link()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: trying to understand a cronie issue anno 2008
- From: Dominick Grift <dac.override@xxxxxxxxx>
trying to understand a cronie issue anno 2008
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [PATCH v3 14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids
- From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
Re: [PATCH v3 03/21] fs: Allow sysfs and cgroupfs to share super blocks between user namespaces
- From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
Re: [PATCH] selinux: Build policy on systems not supporting DCCP protocol
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] selinux: Build policy on systems not supporting DCCP protocol
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: Build policy on systems not supporting DCCP protocol
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
[PATCH] selinux: Build policy on systems not supporting DCCP protocol
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
[PATCH v2 2/8] genhomedircon: move fallback user to genhomedircon_user_entry_t
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH v2 3/8] genhomedircon: rename FALLBACK #defines consistent with struct
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH v2 1/8] genhomedircon: factor out common replacement code
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH v2 7/8] genhomedircon: write contexts for username and userid
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH v2 8/8] genhomedircon: fix FALLBACK_NAME regex
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH v2 4/8] genhomedircon: make all write context funcs take user_entry struct
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH v2 6/8] genhomedircon: make USERID, USERNAME context lists
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH v2 5/8] genhomedircon: Add uid and gid to struct user_entry
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
genhomedircon USERID and USERNAME patches v2
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH v3 13/21] fs: Update posix_acl support to handle user namespace mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 06/21] fs: Treat foreign mounts as nosuid
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 08/21] userns: Replace in_userns with current_in_userns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 03/21] fs: Allow sysfs and cgroupfs to share super blocks between user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 00/21] Support fuse mounts in user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 11/21] cred: Reject inodes with invalid ids in set_create_file_as()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 12/21] fs: Refuse uid/gid changes which don't map into s_user_ns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 07/21] selinux: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 10/21] fs: Check for invalid i_uid in may_follow_link()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 21/21] fuse: Allow user namespace mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 09/21] Smack: Handle labels consistently in untrusted mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 18/21] fuse: Add support for pid namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 16/21] fs: Allow superblock owner to access do_remount_sb()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 04/21] block_dev: Support checking inode permissions in lookup_bdev()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 01/21] fs: fix a posible leak of allocated superblock
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH] Fix extended permissions neverallow checking
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
RE: [PATCH] Fix extended permissions neverallow checking
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
[PATCH] Fix extended permissions neverallow checking
- From: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
Re: [PATCH 5/6] libsepol/cil: Remove path field from cil_tree_node struct
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH 3/6] libsepol/cil: Add cil_tree_log() and supporting functions
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH 1/6] libsepol/cil: Add high-level language line marking support
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH 5/6] libsepol/cil: Remove path field from cil_tree_node struct
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH 3/6] libsepol/cil: Add cil_tree_log() and supporting functions
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH 1/6] libsepol/cil: Add high-level language line marking support
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
[PATCH] selinux: check ss_initialized before revalidating an inode label
- From: Paul Moore <pmoore@xxxxxxxxxx>
[PATCH] selinux: delay inode label lookup as long as possible
- From: Paul Moore <pmoore@xxxxxxxxxx>
[PATCH] selinux: don't revalidate an inode's label when explicitly setting it
- From: Paul Moore <pmoore@xxxxxxxxxx>
[PATCH 3/6] libsepol/cil: Add cil_tree_log() and supporting functions
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 2/6] libsepol/cil: Store CIL filename in parse tree and AST
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 1/6] libsepol/cil: Add high-level language line marking support
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 5/6] libsepol/cil: Remove path field from cil_tree_node struct
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 6/6] libsepol: When generating CIL use HLL line mark for neverallows
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 4/6] libsepol/cil: Replace cil_log() calls with cil_tree_log()
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 0/6] ibsepol/cil: Add high-level language line marking support
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH 0/3] libsepol/cil: Fixes to neverallow and bounds checking
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Ira Weiny <ira.weiny@xxxxxxxxx>
Re: [RFC PATCH] selinux: always return a value from the netport/netnode/netif caches
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Ira Weiny <ira.weiny@xxxxxxxxx>
Re: [PATCH] security/selinux: Change bool variable name to index.
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] security/selinux: Change bool variable name to index.
- From: Prarit Bhargava <prarit@xxxxxxxxxx>
Re: [PATCH] security/selinux: Change bool variable name to index.
- From: David Howells <dhowells@xxxxxxxxxx>
Re: [RFC PATCH] selinux: always return a value from the netport/netnode/netif caches
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Ira Weiny <ira.weiny@xxxxxxxxx>
RE: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: "Hefty, Sean" <sean.hefty@xxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Ira Weiny <ira.weiny@xxxxxxxxx>
Re: Failure in sel_netport_sid_slow()
- From: Greg <gkubok@xxxxxxxxx>
Re: [RFC PATCH] selinux: always return a value from the netport/netnode/netif caches
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: Failure in sel_netport_sid_slow()
- From: Greg <gkubok@xxxxxxxxx>
Re: [RFC PATCH] selinux: always return a value from the netport/netnode/netif caches
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
[RFC PATCH] selinux: always return a value from the netport/netnode/netif caches
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: Failure in sel_netport_sid_slow()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Failure in sel_netport_sid_slow()
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH 3/3] libsepol/cil: Cleanup neverallow checking and fail if bounds checking fails
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 2/3] libsepol/cil: Improve type bounds check reporting
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 1/3] libsepol/cil: Fixed bug in cil_type_match_any()
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 0/3] libsepol/cil: Fixes to neverallow and bounds checking
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: Failure in sel_netport_sid_slow()
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Failure in sel_netport_sid_slow()
- From: Greg <gkubok@xxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
RE: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: "Hefty, Sean" <sean.hefty@xxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Hal Rosenstock <hal@xxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Hal Rosenstock <hal@xxxxxxxxxxxxxxxxxx>
[PATCH] fixfiles: make sure $LOGFILE starts with a slash
- From: Oskari Saarenmaa <os@xxxxxxxx>
[PATCH] selinux-testsuite: Update README
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx>
RE: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: "Hefty, Sean" <sean.hefty@xxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [PATCH] libselinux: Fix typo in sefcontext_compile.8
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH 0/2 v3] Check if module name different than output filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
[PATCH] libselinux: Fix typo in sefcontext_compile.8
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Hal Rosenstock <hal@xxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Hal Rosenstock <hal@xxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: genhomedircon USERID and USERNAME patches
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA
- From: Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx>
Re: [PATCH] Android.mk: Add -D_GNU_SOURCE to common_cflags
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 04/13] selinux: Allocate and free infiniband security hooks
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH net-next] security: drop the unused hook skb_owned_by
- From: James Morris <jmorris@xxxxxxxxx>
Re: [PATCH net-next] security: drop the unused hook skb_owned_by
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] selinux: apply execstack check on thread stacks
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] selinux: distinguish non-init user namespace capability checks
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH net-next] security: drop the unused hook skb_owned_by
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH 4/7] genhomedircon: make all write context funcs take user_entry struct
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH 7/7] genhomedircon: write contexts for username and userid
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH 6/7] genhomedircon: make USERID, USERNAME context lists
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH 1/7] genhomedircon: factor out common replacement code
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH 5/7] genhomedircon: Add uid and gid to struct user_entry
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH 3/7] genhomedircon: rename FALLBACK #defines consistent with struct
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH 2/7] genhomedircon: move fallback user to genhomedircon_user_entry_t
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
genhomedircon USERID and USERNAME patches
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH 0/2 v3] Check if module name different than output filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 2/2 v3] checkpolicy: Fail if module name different than output base filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 1/2 v3] policycoreutils/hll/pp: Warn if module name different than output filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 11/13] ib/core: Enforce Infiniband device SMI security
- From: Leon Romanovsky <leon@xxxxxxx>
Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
- From: "leon@xxxxxxx" <leon@xxxxxxx>
[PATCH net-next] security: drop the unused hook skb_owned_by
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [RFC PATCH v2 10/13] ib/core: Enforce PKey security on management datagrams
- From: Leon Romanovsky <leon@xxxxxxx>
Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
- From: "leon@xxxxxxx" <leon@xxxxxxx>
Re: [RFC PATCH v2 12/13] ib/core: Track which QPs are using which port and PKey index
- From: Leon Romanovsky <leon@xxxxxxx>
Re: [PATCH 0/2 v2] Warn if module name different than output filename
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
Re: [RFC PATCH v2 11/13] ib/core: Enforce Infiniband device SMI security
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [PATCH 2/2 v2] checkpolicy: Warn if module name different than output filename
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: [PATCH 2/2 v2] checkpolicy: Warn if module name different than output filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH 1/2 v2] policycoreutils/hll/pp: Warn if module name different than output filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
- From: "leon@xxxxxxx" <leon@xxxxxxx>
Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
- From: Leon Romanovsky <leon@xxxxxxx>
Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [PATCH 1/2 v2] policycoreutils/hll/pp: Warn if module name different than output filename
- From: Thomas Hurd <toml.hurd@xxxxxxxxx>
Re: [RFC PATCH v2 08/13] ib/core: IB cache enhancements to support Infiniband security
- From: Leon Romanovsky <leon@xxxxxxx>
Re: [RFC PATCH v2 08/13] ib/core: IB cache enhancements to support Infiniband security
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [PATCH 2/2 v2] checkpolicy: Warn if module name different than output filename
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
[PATCH 2/2 v2] checkpolicy: Warn if module name different than output filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH 2/3] policycoreutils/hll/pp: Warn if module name different from filenames
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 0/2 v2] Warn if module name different than output filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 1/2 v2] policycoreutils/hll/pp: Warn if module name different than output filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [RFC PATCH v2 08/13] ib/core: IB cache enhancements to support Infiniband security
- From: Leon Romanovsky <leon@xxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC][PATCH] selinux: apply execstack check on thread stacks
- From: Nick Kralevich <nnk@xxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[RFC][PATCH] selinux-testsuite: Add test for execstack on thread stack
- From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
[RFC][PATCH] selinux: apply execstack check on thread stacks
- From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [RFC][PATCH] selinux: distinguish non-init user namespace capability checks
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: [RFC][PATCH] selinux: distinguish non-init user namespace capability checks
- From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
Re: [RFC][PATCH] selinux: distinguish non-init user namespace capability checks
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [RFC][PATCH] selinux-testsuite: Add tests for non-init userns capability checks
- From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
[RFC][PATCH] selinux-testsuite: Add tests for non-init userns capability checks
- From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
[RFC][PATCH] selinux: distinguish non-init user namespace capability checks
- From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
Re: [PATCH] selinux: Add support for portcon dccp protocol
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paolo Abeni <pabeni@xxxxxxxxxx>
Re: [PATCH v3] selinux: restrict kernel module loading
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: [PATCH v3] selinux: restrict kernel module loading
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] selinux: Add support for portcon dccp protocol
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [PATCH v3] selinux: restrict kernel module loading
- From: Dennis Sherrell <sherrellconsulting@xxxxxxxxx>
[PATCH] cil_mem.c: #define _GNU_SOURCE
- From: Nick Kralevich <nnk@xxxxxxxxxx>
Re: [PATCH] cil_mem.c: #define _GNU_SOURCE
- From: Nick Kralevich <nnk@xxxxxxxxxx>
Re: [PATCH v3] selinux: restrict kernel module loading
- From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
Re: [PATCH v3] selinux: restrict kernel module loading
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Fwd: Kernel merge to v4.6-rc2
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH v3] selinux: restrict kernel module loading
- From: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
Re: [PATCH v2] selinux: restrict kernel module loading
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH 0/7] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH 1/7] security: Add LSM hooks for Infiniband security
- From: Or Gerlitz <gerlitz.or@xxxxxxxxx>
Re: [RFC PATCH 0/7] SELinux support for Infiniband RDMA
- From: James Morris <jmorris@xxxxxxxxx>
Re: [RFC PATCH 1/7] security: Add LSM hooks for Infiniband security
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH 0/7] SELinux support for Infiniband RDMA
- From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
Re: [RFC PATCH 0/7] SELinux support for Infiniband RDMA
- From: James Morris <jmorris@xxxxxxxxx>
Re: [RFC PATCH 1/7] security: Add LSM hooks for Infiniband security
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH] selinux: restrict kernel module loading
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: restrict kernel module loading
- From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
Re: On Fedora 24 I am seeing something strange with CIL
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: [PATCH] selinux: restrict kernel module loading
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: On Fedora 24 I am seeing something strange with CIL
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: On Fedora 24 I am seeing something strange with CIL
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: On Fedora 24 I am seeing something strange with CIL
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: On Fedora 24 I am seeing something strange with CIL
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: On Fedora 24 I am seeing something strange with CIL
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: Project Status?
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Project Status?
- From: John Gomez <john.gomez@xxxxxxxxxx>
Project Status?
- From: John Gomez <john.gomez@xxxxxxxxxx>
[PATCH] selinux: restrict kernel module loading
- From: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
Re: [PATCH] selinux: restrict kernel module loading
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH v2] selinux: restrict kernel module loading
- From: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
[PATCH] selinux: consolidate the ptrace parent lookup code
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: On Fedora 24 I am seeing something strange with CIL
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Fedora 23 error when using policy generator
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
On Fedora 24 I am seeing something strange with CIL
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH] selinux: simply inode label states to INVALID and INITIALIZED
- From: Paul Moore <pmoore@xxxxxxxxxx>
[PATCH] selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram()
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH] netlabel: fix a problem with netlbl_secattr_catmap_setrng()
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH] netlabel: fix a problem with netlbl_secattr_catmap_setrng()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] netlabel: fix a problem with netlbl_secattr_catmap_setrng()
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: CIL: invalid protocol (dccp portcon)
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: CIL: invalid protocol (dccp portcon)
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: CIL: invalid protocol (dccp portcon)
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: CIL: invalid protocol (dccp portcon)
- From: Dominick Grift <dac.override@xxxxxxxxx>
CIL: invalid protocol (dccp portcon)
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: what is /sys/fs/selinux/policy_capabilities/redhat1
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Fedora 23 error when using policy generator
- From: Amir Eaman <amir.imen@xxxxxxxxx>
Fedora 23 error when using policy generator
- From: Amir Eaman <amir.imen@xxxxxxxxx>
Re: [PATCH 2/3] policycoreutils/hll/pp: Warn if module name different from filenames
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH 3/3] checkpolicy: Warn if module name different than filenames
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH 2/3] policycoreutils/hll/pp: Warn if module name different from filenames
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH 3/3] checkpolicy: Warn if module name different than filenames
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH 2/3] policycoreutils/hll/pp: Warn if module name different from filenames
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Just sent a small patch to github to fix the selinuxfs man pages.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] policycoreutils/sepolgen: Add support for TYPEBOUNDS statement in INTERFACE policy files.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH 3/3] checkpolicy: Warn if module name different than filenames
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 1/3] libsepol: Add function to check if module name matches filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 2/3] policycoreutils/hll/pp: Warn if module name different from filenames
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH 0/3] Add warnings if module name different from filename
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: strange pam_selinux behavior
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: strange pam_selinux behavior
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: strange pam_selinux behavior
- From: Dominick Grift <dac.override@xxxxxxxxx>
Just sent a small patch to github to fix the selinuxfs man pages.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: what is /sys/fs/selinux/policy_capabilities/redhat1
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: what is /sys/fs/selinux/policy_capabilities/redhat1
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[ANNOUNCE] Linux Security Summit 2016 - CFP
- From: James Morris <jmorris@xxxxxxxxx>
what is /sys/fs/selinux/policy_capabilities/redhat1
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: selinux_set_callback() problem
- From: Russell Coker <russell@xxxxxxxxxxxx>
Re: strange pam_selinux behavior
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: strange pam_selinux behavior
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: strange pam_selinux behavior
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: strange pam_selinux behavior
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: strange pam_selinux behavior
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: strange pam_selinux behavior
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: strange pam_selinux behavior
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: does it make sense that dac_override get's checked before dac_read_search?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: strange pam_selinux behavior
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: strange pam_selinux behavior
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: strange pam_selinux behavior
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: strange pam_selinux behavior
- From: Dominick Grift <dac.override@xxxxxxxxx>
strange pam_selinux behavior
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does it make sense that dac_override get's checked before dac_read_search?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does it make sense that dac_override get's checked before dac_read_search?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
does it make sense that dac_override get's checked before dac_read_search?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [PATCH] selinux: fix memory leak on node_ptr on error return path
- From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Re: [PATCH] fs: remove excess check for in_userns
- From: James Morris <jmorris@xxxxxxxxx>
Re: [PATCH] selinux: fix memory leak on node_ptr on error return path
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: selinux-query
- From: Dennis Sherrell <sherrellconsulting@xxxxxxxxx>
Re: selinux-query
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: [PATCH] selinux: fix memory leak on node_ptr on error return path
- From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
Re: selinux-query
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: selinux-query
- From: Naina Emmanuel <nemmanuel1992@xxxxxxxxx>
selinux-query
- From: Naina Emmanuel <nemmanuel1992@xxxxxxxxx>
[PATCH] selinux: fix memory leak on node_ptr on error return path
- From: Colin King <colin.king@xxxxxxxxxxxxx>
[PATCH] policycoreutils/sepolgen: Add support for TYPEBOUNDS statement in INTERFACE policy files.
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: [PATCH] libsepol/cil: fix bug when resetting class permission values
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH] libsepol/cil: fix bug when resetting class permission values
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: Problem building CIL module with new class
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: Problem building CIL module with new class
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: Problem building CIL module with new class
- From: Dominick Grift <dac.override@xxxxxxxxx>
Problem building CIL module with new class
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [PATCH] fs: remove excess check for in_userns
- From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
Re: [PATCH] fs: remove excess check for in_userns
- From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
Re: [PATCH] fs: remove excess check for in_userns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH] fs: fix a posible leak of allocated superblock
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH] fs: fix a posible leak of allocated superblock
- From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
[PATCH] fs: remove excess check for in_userns
- From: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
- From: Miklos Szeredi <miklos@xxxxxxxxxx>
Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
We have a pretty big bug between SELinux and the User Namespace
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: initial_sid context via libsepol
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
- From: Miklos Szeredi <miklos@xxxxxxxxxx>
Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: initial_sid context via libsepol
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: initial_sid context via libsepol
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: initial_sid context via libsepol
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
- From: Miklos Szeredi <miklos@xxxxxxxxxx>
Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH RESEND v2 15/18] fuse: Add support for pid namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: initial_sid context via libsepol
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH RESEND v2 18/18] fuse: Allow user namespace mounts
- From: Miklos Szeredi <miklos@xxxxxxxxxx>
Re: [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
- From: Miklos Szeredi <miklos@xxxxxxxxxx>
Re: [PATCH RESEND v2 17/18] fuse: Restrict allow_other to the superblock's namespace or a descendant
- From: Miklos Szeredi <miklos@xxxxxxxxxx>
Re: [PATCH RESEND v2 15/18] fuse: Add support for pid namespaces
- From: Miklos Szeredi <miklos@xxxxxxxxxx>
Re: initial_sid context via libsepol
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: initial_sid context via libsepol
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: initial_sid context via libsepol
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: initial_sid context via libsepol
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: initial_sid context via libsepol
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: initial_sid context via libsepol
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: initial_sid context via libsepol
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: initial_sid context via libsepol
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: initial_sid context via libsepol
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: initial_sid context via libsepol
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
initial_sid context via libsepol
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Re: [GIT PULL] SELinux patches for 4.6
- From: James Morris <jmorris@xxxxxxxxx>
[GIT PULL] SELinux patches for 4.6
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Slight changes to the SELinux and audit kernel repository process
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Linux sandbox and the -i option
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: Linux sandbox and the -i option
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: handling locally-modified policy and upgrades with ostree
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Linux sandbox and the -i option
- From: Bill <wch1m1@xxxxxxxxx>
Re: should setfscreatecon be able to override auto type transition rules?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
handling locally-modified policy and upgrades with ostree
- From: Colin Walters <walters@xxxxxxxxxx>
Re: should setfscreatecon be able to override auto type transition rules?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: should setfscreatecon be able to override auto type transition rules?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: should setfscreatecon be able to override auto type transition rules?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
should setfscreatecon be able to override auto type transition rules?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH] libselinux: only mount /proc if necessary
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Eric Paris <eparis@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Strange AVC with latest rawhide kernel.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Strange AVC with latest rawhide kernel.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: CIL Wiki Translate
- From: omok <omok@xxxxxxxxxx>
Re: getpidcon with pid == 0 (Was: Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.)
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
Re: getpidcon with pid == 0 (Was: Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.)
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: getpidcon with pid == 0 (Was: Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.)
- From: Nick Kralevich <nnk@xxxxxxxxxx>
getpidcon with pid == 0 (Was: Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.)
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH 1/2] libselinux: procattr: return error on invalid pid_t input.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: CIL Wiki Translate
- From: 面和毅 <ka-omo@xxxxxxxx>
Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.
- From: Nick Kralevich <nnk@xxxxxxxxxx>
Re: [PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.
- From: Daniel Cashman <dcashman@xxxxxxxxxxx>
[PATCH 2/2] libselinux: procattr: return einval for <= 0 pid args.
- From: Daniel Cashman <dcashman@xxxxxxxxxxx>
[PATCH 1/2] libselinux: procattr: return error on invalid pid_t input.
- From: Daniel Cashman <dcashman@xxxxxxxxxxx>
[PATCH 0/2] Return error on invalid pids for procattr funcs.
- From: Daniel Cashman <dcashman@xxxxxxxxxxx>
Re: [GIT PULL] SELinux fixes for 4.5 (#2)
- From: Paul Moore <pmoore@xxxxxxxxxx>
ANN: SELinux Userspace Release 20160223
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Job for Experienced SE Linux Dev
- From: James Geddes <j@xxxxx>
Re: [GIT PULL] SELinux fixes for 4.5 (#2)
- From: James Morris <jmorris@xxxxxxxxx>
[GIT PULL] SELinux fixes for 4.5 (#2)
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH] libselinux: selinux_restorecon.3 man page corrections.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] libselinux: selinux_restorecon.3 man page corrections.
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: Don't sleep inside inode_getsecid hook
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
ANN: SETools 4.0.0-beta
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: [PATCH] selinux: Don't sleep inside inode_getsecid hook
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH] selinux: Don't sleep inside inode_getsecid hook
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] selinux: Don't sleep inside inode_getsecid hook
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: RESEND [PATCH V3] libselinux: Add selinux_restorecon function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: RESEND [PATCH V3] libselinux: Add selinux_restorecon function
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
[RFC PATCH v3 18/19] calipso: Add a label cache.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 02/19] netlabel: Add an address family to domain hash entries.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 14/19] ipv6: constify the skb pointer of ipv6_find_tlv().
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 11/19] netlabel: Prevent setsockopt() from changing the hop-by-hop option.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 04/19] netlabel: Add support for querying a CALIPSO DOI.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 06/19] netlabel: Add support for creating a CALIPSO protocol domain mapping.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 17/19] calipso: Add validation of CALIPSO option.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 08/19] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 00/19] CALIPSO Implementation
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 01/19] netlabel: Mark rcu pointers with __rcu.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 16/19] netlabel: Pass a family parameter to netlbl_skbuff_err().
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 13/19] calipso: Allow request sockets to be relabelled by the lsm.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
Re: RESEND [PATCH V3] libselinux: Add selinux_restorecon function
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[RFC PATCH v3 19/19] netlabel: Implement CALIPSO config functions for SMACK.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 09/19] netlabel: Move bitmap manipulation functions to the NetLabel core.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 10/19] calipso: Set the calipso socket label to match the secattr.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 03/19] netlabel: Initial support for the CALIPSO netlink protocol.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 07/19] netlabel: Add support for removing a CALIPSO DOI.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 15/19] calipso: Allow the lsm to label the skbuff directly.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 05/19] netlabel: Add support for enumerating the CALIPSO DOI list.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v3 12/19] ipv6: Allow request socks to contain IPv6 options.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
Re: [PATCH 1/2] libsepol: fix __attribute__((unused)) annotations
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH 1/3] policycoreutils: sepolicy: rename policy global variable
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH] read_spec_entry: fail on non-ascii
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 00/18] CALIPSO Implementation
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 10/18] calipso: Set the calipso socket label to match the secattr.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
Re: Copying/setting security.selinux xattr explicitly
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
Re: Copying/setting security.selinux xattr explicitly
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Copying/setting security.selinux xattr explicitly
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
[PATCH] read_spec_entry: fail on non-ascii
- From: william.c.roberts@xxxxxxxxx
[PATCH] read_spec_entry: fail on non-ascii
- From: william.c.roberts@xxxxxxxxx
Re: Policy feedback
- From: Spencer Shimko <spencer@xxxxxxxxxxxxxxxxx>
Policy feedback
- From: Mark Steele <mark@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH v2 14/18] calipso: Allow the lsm to label the skbuff directly.
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v2 12/18] ipv6: Allow request socks to contain IPv6 options.
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v2 06/18] netlabel: Add support for creating a CALIPSO protocol domain mapping.
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v2 00/18] CALIPSO Implementation
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v2 03/18] netlabel: Initial support for the CALIPSO netlink protocol.
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v2 10/18] calipso: Set the calipso socket label to match the secattr.
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v2 02/18] netlabel: Add an address family to domain hash entries.
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: selinux_set_callback() problem
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Re: selinux_set_callback() problem
- From: Russell Coker <russell@xxxxxxxxxxxx>
[PATCH 1/2] libsepol: fix __attribute__((unused)) annotations
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
[PATCH 2/2] libsemanage: no longer use variables with unused attribute
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
[PATCH 2/3] policycoreutils: sepolicy: do not overwrite CFLAGS
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
[PATCH 3/3] libsemanage: tests: do not overwrite CFLAGS and LDFLAGS
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
[PATCH 1/3] policycoreutils: sepolicy: rename policy global variable
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Re: selinux_set_callback() problem
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
selinux_set_callback() problem
- From: Russell Coker <russell@xxxxxxxxxxxx>
Re: SELinux file context matching
- From: Mark Steele <mark@xxxxxxxxxxxxxxxxxxx>
Re: genhomedircon uid template
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Re: SELinux file context matching
- From: Mike Palmiotto <mike.palmiotto@xxxxxxxxxxxxxxx>
Re: SELinux file context matching
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
Re: SELinux file context matching
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
SELinux file context matching
- From: Mark Steele <mark@xxxxxxxxxxxxxxxxxxx>
Re: genhomedircon uid template
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: genhomedircon uid template
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: genhomedircon uid template
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
Re: genhomedircon uid template
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH] policycoreutils: newrole: add missing defined in #if
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH 1/2] sepolgen: Make sepolgen-ifgen output deterministic with Python>=3.3
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
genhomedircon uid template
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
[PATCH 3/3] libsemanage: move modinfo_tmp definition before goto cleanup
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
[PATCH 2/3] libsemanage: initialize bools_modified variable.
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
[PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Re: Newbie question on fixfiles
- From: Thomas Downing <tdowning@xxxxxxxxxx>
Re: Newbie question on fixfiles
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Newbie question on fixfiles
- From: Thomas Downing <tdowning@xxxxxxxxxx>
Re: Newbie question on fixfiles
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Newbie question on fixfiles
- From: Thomas Downing <tdowning@xxxxxxxxxx>
Re: Newbie question on fixfiles
- From: Thomas Downing <tdowning@xxxxxxxxxx>
Re: Newbie question on fixfiles
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Newbie question on fixfiles
- From: Thomas Downing <tdowning@xxxxxxxxxx>
Re: Newbie question on fixfiles
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Newbie question on fixfiles
- From: Joe Wulf <joe_wulf@xxxxxxxxx>
Newbie question on fixfiles
- From: Thomas Downing <tdowning@xxxxxxxxxx>
Re: kernel-4.3.3-303.fc23.x86_64 and selinux-policy
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
kernel-4.3.3-303.fc23.x86_64 and selinux-policy
- From: Bill <wch1m1@xxxxxxxxx>
Re: [PATCH v3 1/1] selinux: use absolute path to include directory
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH v3 1/1] selinux: use absolute path to include directory
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH RESEND v2 00/19] Support fuse mounts in user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH RESEND v2 00/19] Support fuse mounts in user namespaces
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH RESEND v2 00/19] Support fuse mounts in user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: User range vs. context's range
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: User range vs. context's range
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: User range vs. context's range
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: User range vs. context's range
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: User range vs. context's range
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: User range vs. context's range
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: User range vs. context's range
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
User range vs. context's range
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: [PATCH v2 1/1] selinux: use absolute path to include directory
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH v2 1/1] selinux: use absolute path to include directory
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH v1 1/1] selinux: use absolute path to include directory
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] policycoreutils: newrole: add missing defined in #if
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Re: [PATCH v1 1/1] selinux: use absolute path to include directory
- From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Re: [PATCH v1 1/1] selinux: use absolute path to include directory
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH 1/2] sepolgen: Make sepolgen-ifgen output deterministic with Python>=3.3
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
[PATCH 2/2] sepolgen: Support latest refpolicy interfaces
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
RESEND [PATCH V3] libselinux: Add selinux_restorecon function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [GIT PULL] SELinux fixes for 4.5 (#1)
- From: James Morris <jmorris@xxxxxxxxx>
Re: [PATCH 1/2] Add description of missing newrole parameter -p in newrole man page.
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
[GIT PULL] SELinux fixes for 4.5 (#1)
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: ANN: SELinux Userspace Release 20160107-rc1
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
[PATCH 2/2] Added missing descriptions for --*-key params in secon man page.
- From: Lukas Vrabec <lvrabec@xxxxxxxxxx>
[PATCH 1/2] Add description of missing newrole parameter -p in newrole man page.
- From: Lukas Vrabec <lvrabec@xxxxxxxxxx>
Re: Labeling nsfs filesystem
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Preventing packet sniffing
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: Inode label revalidation performance fix
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Diskless system running SELinux
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
[PATCH] secilc: update dependency information and man page creation
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: ANN: SELinux Userspace Release 20160107-rc1
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: Labeling nsfs filesystem
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: Labeling nsfs filesystem
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Labeling nsfs filesystem
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
[RFC PATCH v2 07/18] netlabel: Add support for removing a CALIPSO DOI.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 10/18] calipso: Set the calipso socket label to match the secattr.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 03/18] netlabel: Initial support for the CALIPSO netlink protocol.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 02/18] netlabel: Add an address family to domain hash entries.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 09/18] netlabel: Move bitmap manipulation functions to the NetLabel core.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 14/18] calipso: Allow the lsm to label the skbuff directly.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 13/18] calipso: Allow request sockets to be relabelled by the lsm.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 06/18] netlabel: Add support for creating a CALIPSO protocol domain mapping.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 04/18] netlabel: Add support for querying a CALIPSO DOI.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 05/18] netlabel: Add support for enumerating the CALIPSO DOI list.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 15/18] netlabel: Pass a family parameter to netlbl_skbuff_err().
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 16/18] calipso: Add validation of CALIPSO option.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 17/18] calipso: Add a label cache.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 18/18] netlabel: Implement CALIPSO config functions for SMACK.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 01/18] netlabel: Mark rcu pointers with __rcu.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 00/18] CALIPSO Implementation
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 11/18] netlabel: Prevent setsockopt() from changing the hop-by-hop option.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH v2 12/18] ipv6: Allow request socks to contain IPv6 options.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
Preventing packet sniffing
- From: Mark Steele <mark@xxxxxxxxxxxxxxxxxxx>
Re: Diskless system running SELinux
- From: Andrew Ruch <adruch2002@xxxxxxxxx>
Re: Diskless system running SELinux
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: ANN: SELinux Userspace Release 20160107-rc1
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Diskless system running SELinux
- From: Andrew Ruch <adruch2002@xxxxxxxxx>
Re: Labeling nsfs filesystem
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Labeling nsfs filesystem
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
ANN: SELinux Userspace Release 20160107-rc1
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH] selinux: Inode label revalidation performance fix
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: CIL Wiki Translate
- From: omok <omok@xxxxxxxxxx>
[PATCH] selinux: Inode label revalidation performance fix
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: CIL Wiki Translate
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
CIL Wiki Translate
- From: 面和毅 <ka-omo@xxxxxxxx>
[PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 18/18] fuse: Allow user namespace mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 14/18] capabilities: Allow privileged user in s_user_ns to set security.* xattrs
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 17/18] fuse: Restrict allow_other to the superblock's namespace or a descendant
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 15/18] fuse: Add support for pid namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 09/18] fs: Refuse uid/gid changes which don't map into s_user_ns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 13/18] fs: Allow superblock owner to access do_remount_sb()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 12/18] fs: Don't remove suid for CAP_FSETID in s_user_ns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 03/18] fs: Treat foreign mounts as nosuid
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 10/18] fs: Update posix_acl support to handle user namespace mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 07/18] fs: Check for invalid i_uid in may_follow_link()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 08/18] cred: Reject inodes with invalid ids in set_create_file_as()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 06/18] Smack: Handle labels consistently in untrusted mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 05/18] userns: Replace in_userns with current_in_userns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 04/18] selinux: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 01/18] block_dev: Support checking inode permissions in lookup_bdev()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 02/18] block_dev: Check permissions towards block device inode when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH RESEND v2 00/19] Support fuse mounts in user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH] update deps and change yum to dnf
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: [PATCH] update deps and change yum to dnf
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [PATCH] update deps and change yum to dnf
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: [PATCH] update deps and change yum to dnf
- From: Dominick Grift <dac.override@xxxxxxxxx>
[PATCH] update deps and change yum to dnf
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: [PATCH] policycoreutils: semanage: list reserver_port_t
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: [RFC PATCH 16/17] calipso: Add validation of CALIPSO option.
- From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH 16/17] calipso: Add validation of CALIPSO option.
- From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH 13/17] calipso: Allow request sockets to be relabelled by the lsm.
- From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH 08/17] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
- From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] policycoreutils: semanage: list reserver_port_t
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
Re: [GIT PULL] SELinux patches for 4.5
- From: James Morris <jmorris@xxxxxxxxx>
[GIT PULL] SELinux patches for 4.5
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH net] sctp: label accepted/peeled off sockets
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH 00/17] CALIPSO implementation
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH 16/17] calipso: Add validation of CALIPSO option.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
Re: [RFC PATCH 00/17] CALIPSO implementation
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
Re: [RFC PATCH 00/17] CALIPSO implementation
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [RFC PATCH 16/17] calipso: Add validation of CALIPSO option.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 02/17] netlabel: Add an address family to domain hash entries.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 03/17] netlabel: Initial support for the CALIPSO netlink protocol.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 04/17] netlabel: Add support for querying a CALIPSO DOI.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 06/17] netlabel: Add support for creating a CALIPSO protocol domain mapping.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 05/17] netlabel: Add support for enumerating the CALIPSO DOI list.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 07/17] netlabel: Add support for removing a CALIPSO DOI.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 10/17] calipso: Set the calipso socket label to match the secattr.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 08/17] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 14/17] calipso: Allow the lsm to label the skbuff directly.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 09/17] netlabel: Move bitmap manipulation functions to the NetLabel core.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 11/17] netlabel: Prevent setsockopt() from changing the hop-by-hop option.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 15/17] netlabel: Pass a family parameter to netlbl_skbuff_err().
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 16/17] calipso: Add validation of CALIPSO option.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 17/17] calipso: Add a label cache.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 13/17] calipso: Allow request sockets to be relabelled by the lsm.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 00/17] CALIPSO implementation
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 12/17] ipv6: Allow request socks to contain IPv6 options.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
[RFC PATCH 01/17] netlabel: Mark rcu pointers with __rcu.
- From: Huw Davies <huw@xxxxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: security_bounded_transition fails
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: security_bounded_transition fails
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: security_bounded_transition fails
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: security_bounded_transition fails
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: security_bounded_transition fails
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: security_bounded_transition fails
- From: Dominick Grift <dac.override@xxxxxxxxx>
security_bounded_transition fails
- From: Hannu Savolainen <hannu.savolainen@xxxxxxxxxx>
Re: [PATCH] libselinux: Verify context input to funtions to make sure the context field is not null.
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: [PATCH] libselinux: Don't wrap rpm_execcon with DISABLE_RPM
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH] libselinux/man: Add information about thread specific on setfscreatecon
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH] policycoreutils/chcat: Add a fallback in case os.getlogin() returns nothing
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH] libselinux: Verify context input to funtions to make sure the context field is not null.
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
Re: [PATCH] libselinux: Verify context input to funtions to make sure the context field is not null.
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH v2] secilc/docs: Convert DocBook documentation into github markdown
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Daniel Cashman <dcashman@xxxxxxxxxxx>
[PATCH v2] secilc/docs: Convert DocBook documentation into github markdown
- From: Yuli Khodorkovskiy <ykhodorkovskiy@xxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Joe Nall <joe@xxxxxxxx>
ANN: SETools 4.0.0-alpha3
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Joe Nall <joe@xxxxxxxx>
Re: [PATCH] secilc/docs: Convert DocBook documentation into github markdown
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
RE: Exposing secid to secctx mapping to user-space
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
RE: Exposing secid to secctx mapping to user-space
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Mike Palmiotto <mike.palmiotto@xxxxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
SELinux/audit kernel repo process changes
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] policycoreutils/chcat: Add a fallback in case os.getlogin() returns nothing
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
RE: Exposing secid to secctx mapping to user-space
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: Exposing secid to secctx mapping to user-space
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Exposing secid to secctx mapping to user-space
- From: Daniel Cashman <dcashman@xxxxxxxxxxx>
Re: A newbie's question
- From: David Li <dlipubkey@xxxxxxxxx>
[PATCH] secilc/docs: Convert DocBook documentation into github markdown
- From: Yuli Khodorkovskiy <ykhodorkovskiy@xxxxxxxxxx>
RE: A newbie's question
- From: "Higgs, Stephen" <Stephen.Higgs@xxxxxxxx>
Re: A newbie's question
- From: David Li <dlipubkey@xxxxxxxxx>

[Index of Archives] [Selinux Refpolicy] [Fedora Users] [Linux Kernel Development]