SELinux - Date Index

Thread Index

[Prev Page][Next Page]

Re: (Userspace) AVC denial generated even if allowed by the policy?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: (Userspace) AVC denial generated even if allowed by the policy?
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
Re: (Userspace) AVC denial generated even if allowed by the policy?
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
Re: [PATCH] libsepol: Fully expand neverallowxperm rules
- From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
[PATCH] libselinux: Correct line count for property and service contexts files
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: (Userspace) AVC denial generated even if allowed by the policy?
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
Re: (Userspace) AVC denial generated even if allowed by the policy?
- From: Dominick Grift <dac.override@xxxxxxxxx>
(Userspace) AVC denial generated even if allowed by the policy?
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
[PATCH] libsepol: Fully expand neverallowxperm rules
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
ANN: Experimental Fedora Rawhide kernels (selinux-next and audit-next)
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: Obtaining Default Context for SELinux Users
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] policycoreutils/sandbox: Fix sandbox to propagate specified MCS/MLS Security Level.
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
Re: [PATCH] policycoreutils: Require at least one argument for 'semanage permissive -d'
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH] policycoreutils: improve sepolicy command line interface
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [selinux-testsuite PATCH 1/4] tests/inet_socket: check 'ip xfrm policy ctx' support
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [selinux-testsuite PATCH v2 3/4] mmap/mprotect_heap: make sure memory is allocated from heap
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Octavian Purdila <octavian.purdila@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: "Richard W.M. Jones" <rjones@xxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Richard Weinberger <richard@xxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Richard Weinberger <richard@xxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Colin Walters <walters@xxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Richard Weinberger <richard@xxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: James Morris <jmorris@xxxxxxxxx>
Re: Obtaining Default Context for SELinux Users
- From: Mike Palmiotto <mike.palmiotto@xxxxxxxxxxxxxxx>
Obtaining Default Context for SELinux Users
- From: Mike Palmiotto <mike.palmiotto@xxxxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Serge Hallyn <serge.hallyn@xxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: "Theodore Ts'o" <tytso@xxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: bfields@xxxxxxxxxxxx (J. Bruce Fields)
Re: [PATCH v3 0/7] User namespace mount updates
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Austin S Hemmelgarn <ahferroin7@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Nikolay Borisov <kernel@xxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Austin S Hemmelgarn <ahferroin7@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Richard Weinberger <richard.weinberger@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Austin S Hemmelgarn <ahferroin7@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Austin S Hemmelgarn <ahferroin7@xxxxxxxxx>
Re: [PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts
- From: James Morris <jmorris@xxxxxxxxx>
Re: [PATCH v3 6/7] userns: Replace in_userns with current_in_userns
- From: James Morris <jmorris@xxxxxxxxx>
Re: [PATCH v3 5/7] selinux: Add support for unprivileged mounts from user namespaces
- From: James Morris <jmorris@xxxxxxxxx>
Re: [PATCH v3 4/7] fs: Treat foreign mounts as nosuid
- From: James Morris <jmorris@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Octavian Purdila <octavian.purdila@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
BTRFS/SELinux patch just got merged in docker.
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Austin S Hemmelgarn <ahferroin7@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Austin S Hemmelgarn <ahferroin7@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Richard Weinberger <richard@xxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Richard Weinberger <richard@xxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Octavian Purdila <octavian.purdila@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Richard Weinberger <richard.weinberger@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Austin S Hemmelgarn <ahferroin7@xxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] User namespace mount updates
- From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
[PATCH v3 6/7] userns: Replace in_userns with current_in_userns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 4/7] fs: Treat foreign mounts as nosuid
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 2/7] block_dev: Check permissions towards block device inode when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 5/7] selinux: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 3/7] mtd: Check permissions towards mtd block device inode when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 1/7] block_dev: Support checking inode permissions in lookup_bdev()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH] policycoreutils: Require at least one argument for 'semanage permissive -d'
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
[PATCH] policycoreutils: improve sepolicy command line interface
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
[selinux-testsuite PATCH v2 3/4] mmap/mprotect_heap: make sure memory is allocated from heap
- From: Jan Stancek <jstancek@xxxxxxxxxx>
Re: the user space object manager code seems to fragile
- From: Dominick Grift <dac.override@xxxxxxxxx>
the user space object manager code seems to fragile
- From: Dominick Grift <dac.override@xxxxxxxxx>
[PATCH] policycoreutils/sandbox: Fix sandbox to propagate specified MCS/MLS Security Level.
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: [PATCH v3] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] sepolgen: Use key function in sort()
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: CIL: question with regard to CIL ioctl filtering support and neverallow
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: neverallow rules and self negation
- From: Joshua Brindle <method@xxxxxxxxxxxxxxx>
CIL: question with regard to CIL ioctl filtering support and neverallow
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [PATCH] secilc: Add support for unordered classes
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm()
- From: Vladis Dronov <vdronov@xxxxxxxxxx>
[PATCH v3] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm()
- From: Vladis Dronov <vdronov@xxxxxxxxxx>
[PATCH] sepolgen: Use key function in sort()
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
Re: get_default_context() hit the SIMPLE_TRANSACTION_LIMIT
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: neverallow rules and self negation
- From: Nick Kralevich <nnk@xxxxxxxxxx>
Re: [PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: setoolsv4: tracking origin of a policy element
- From: Filippo Bonazzi <filippo.bonazzi@xxxxxxxx>
Re: setoolsv4: tracking origin of a policy element
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: [PATCH] secilc: Add support for unordered classes
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [PATCH] secilc: Add support for unordered classes
- From: Dominick Grift <dac.override@xxxxxxxxx>
[PATCH] secilc: Add support for unordered classes
- From: <ykhodorkovskiy@xxxxxxxxxx>
Re: [PATCH v4 03/11] lsm: add file opener's cred to a setprocattr arguments
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
Re: [PATCH v4 03/11] lsm: add file opener's cred to a setprocattr arguments
- From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Re: [PATCH v4 00/11] Smack namespace
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
Re: neverallow rules and self negation
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: neverallow rules and self negation
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: get_default_context() hit the SIMPLE_TRANSACTION_LIMIT
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
get_default_context() hit the SIMPLE_TRANSACTION_LIMIT
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: [PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm()
- From: Vladis Dronov <vdronov@xxxxxxxxxx>
[PATCH] libselinux, policycoreutils: Man page warning fixes
- From: Ville Skyttä <ville.skytta@xxxxxx>
Re: [selinux-testsuite PATCH 3/4] mmap/mprotect_heap: make sure memory is allocated from heap
- From: Jan Stancek <jstancek@xxxxxxxxxx>
Re: [selinux-testsuite PATCH 1/4] tests/inet_socket: check 'ip xfrm policy ctx' support
- From: Jan Stancek <jstancek@xxxxxxxxxx>
neverallow rules and self negation
- From: Nick Kralevich <nnk@xxxxxxxxxx>
Re: [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
RE: New SELinux userspace release supporting extended ioctl permissions?
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Re: New SELinux userspace release supporting extended ioctl permissions?
- From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
Re: [PATCH v3] selinux: export validatetrans decisions
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [selinux-testsuite PATCH 4/4] mmap/mprotect_file_private_execmod: clear READ_IMPLIES_EXEC
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [selinux-testsuite PATCH 3/4] mmap/mprotect_heap: make sure memory is allocated from heap
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: New SELinux userspace release supporting extended ioctl permissions?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [selinux-testsuite PATCH 2/4] inet_socket: secon: use current pid
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [selinux-testsuite PATCH 1/4] tests/inet_socket: check 'ip xfrm policy ctx' support
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: New SELinux userspace release supporting extended ioctl permissions?
- From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
Re: [PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: New SELinux userspace release supporting extended ioctl permissions?
- From: Paul Moore <pmoore@xxxxxxxxxx>
RE: New SELinux userspace release supporting extended ioctl permissions?
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Re: New SELinux userspace release supporting extended ioctl permissions?
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: Wrong audit message type when policy is reloaded
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: New SELinux userspace release supporting extended ioctl permissions?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Wrong audit message type when policy is reloaded
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
New SELinux userspace release supporting extended ioctl permissions?
- From: Paul Moore <pmoore@xxxxxxxxxx>
[selinux-testsuite PATCH 3/4] mmap/mprotect_heap: make sure memory is allocated from heap
- From: Jan Stancek <jstancek@xxxxxxxxxx>
[selinux-testsuite PATCH 4/4] mmap/mprotect_file_private_execmod: clear READ_IMPLIES_EXEC
- From: Jan Stancek <jstancek@xxxxxxxxxx>
[selinux-testsuite PATCH 0/4] inet_socket and mmap patches
- From: Jan Stancek <jstancek@xxxxxxxxxx>
[selinux-testsuite PATCH 2/4] inet_socket: secon: use current pid
- From: Jan Stancek <jstancek@xxxxxxxxxx>
[selinux-testsuite PATCH 1/4] tests/inet_socket: check 'ip xfrm policy ctx' support
- From: Jan Stancek <jstancek@xxxxxxxxxx>
Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x
- From: Jan Stancek <jstancek@xxxxxxxxxx>
Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x
- From: Jan Stancek <jstancek@xxxxxxxxxx>
Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x
- From: Jan Stancek <jstancek@xxxxxxxxxx>
Re: [PATCH v4 04/11] lsm: inode_pre_setxattr hook
- From: John Johansen <john.johansen@xxxxxxxxxxxxx>
Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x
- From: Jan Stancek <jstancek@xxxxxxxxxx>
[PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm()
- From: Vladis Dronov <vdronov@xxxxxxxxxx>
[PATCH] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm()
- From: Vladis Dronov <vdronov@xxxxxxxxxx>
Re: [PATCH v5 0/7] Inode security label invalidation
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v5 6/7] selinux: Revalidate invalid inode security labels
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v5 6/7] selinux: Revalidate invalid inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH v5 6/7] selinux: Revalidate invalid inode security labels
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH v5 7/7] gfs2: Invalide security labels of inodes when they go invalid
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v5 5/7] security: Add hook to invalidate inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v5 6/7] selinux: Revalidate invalid inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v5 4/7] selinux: Add accessor functions for inode->i_security
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH v4 6/7] selinux: Revalidate invalid inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v5 0/7] Inode security label invalidation
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v5 3/7] security: Make inode argument of inode_getsecid non-const
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v5 2/7] security: Make inode argument of inode_getsecurity non-const
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v5 1/7] selinux: Remove unused variable in selinux_inode_init_security
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH v4 6/7] selinux: Revalidate invalid inode security labels
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v4 10/11] smack: namespace implementation
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 09/11] smack: namespace groundwork
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 11/11] smack: documentation for the Smack namespace
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 07/11] smack: abstraction layer for 2 common Smack operations
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 05/11] smack: extend capability functions and fix 2 checks
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 08/11] smack: misc cleanups in preparation for a namespace patch
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 6/7] selinux: Revalidate invalid inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH v4 04/11] lsm: inode_pre_setxattr hook
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 03/11] lsm: add file opener's cred to a setprocattr arguments
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 02/11] lsm: /proc/$PID/attr/label_map file and getprocattr_seq hook
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid
- From: Steven Whitehouse <swhiteho@xxxxxxxxxx>
Re: [PATCH v4 06/11] smack: don't use implicit star to display smackfs/syslog
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 01/11] user_ns: 3 new LSM hooks for user namespace operations
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH v4 6/7] selinux: Revalidate invalid inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH v4 6/7] selinux: Revalidate invalid inode security labels
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v4 5/7] security: Add hook to invalidate inode security labels
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v4 4/7] selinux: Add accessor functions for inode->i_security
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v4 2/7] security: Make inode argument of inode_getsecurity non-const
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v4 3/7] security: Make inode argument of inode_getsecid non-const
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v3] selinux: export validatetrans decisions
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH v4 2/7] security: Make inode argument of inode_getsecurity non-const
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v4 1/7] selinux: Remove unused variable in selinux_inode_init_security
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v4 0/7] Inode security label invalidation
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v4 5/7] security: Add hook to invalidate inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v4 4/7] selinux: Add accessor functions for inode->i_security
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v4 6/7] selinux: Revalidate invalid inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid
- From: Bob Peterson <rpeterso@xxxxxxxxxx>
[PATCH v4 3/7] security: Make inode argument of inode_getsecid non-const
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH v3 0/7] Inode security label invalidation
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v3] selinux: export validatetrans decisions
- From: Andrew Perepechko <anserper@xxxxx>
[sandbox] init script of sandbox returns an improper return code in status function
- From: Keigo Noha <knoha@xxxxxxxxxx>
Re: Macro help
- From: Dan <dtdevore64@xxxxxxxxx>
Re: Macro help
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Macro help
- From: Dan <dtdevore64@xxxxxxxxx>
Re: [PATCH v3 0/7] Inode security label invalidation
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2] selinux: export validatetrans decisions
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v3 2/7] selinux: Add accessor functions for inode->i_security
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH] Load libsepol.so.1 instead of libsepol.so
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v3] libselinux: label_file: fix memory leaks and uninitialized jump
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH v3 5/7] security: Add hook to invalidate inode security labels
- From: James Morris <jmorris@xxxxxxxxx>
Re: [PATCH v3 5/7] security: Add hook to invalidate inode security labels
- From: James Morris <jmorris@xxxxxxxxx>
[PATCH] Load libsepol.so.1 instead of libsepol.so
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
Re: [PATCH] fix memory leaks and uninitialized jump
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
[PATCH v3] libselinux: label_file: fix memory leaks and uninitialized jump
- From: william.c.roberts@xxxxxxxxx
[PATCH v2] selinux: export validatetrans decisions
- From: Andrew Perepechko <anserper@xxxxx>
Re: [PATCH v2] fix memory leaks and uninitialized jump
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: [PATCH] selinux: export validatetrans decisions
- From: Andrew Perepechko <anserper@xxxxx>
Re: [PATCH] selinux: export validatetrans decisions
- From: Andrew Perepechko <anserper@xxxxx>
Re: [PATCH v2] fix memory leaks and uninitialized jump
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH v2] fix memory leaks and uninitialized jump
- From: william.c.roberts@xxxxxxxxx
Re: [PATCH] selinux: export validatetrans decisions
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] selinux: export validatetrans decisions
- From: Andrew Perepechko <anserper@xxxxx>
Re: [PATCH] selinux: export validatetrans decisions
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] fix memory leaks and uninitialized jump
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: [PATCH] fix memory leaks and uninitialized jump
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] fix memory leaks and uninitialized jump
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] sepolgen: Reset line numbers when parsing files
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v3 2/7] selinux: Add accessor functions for inode->i_security
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] selinux: export validatetrans decisions
- From: Andrew Perepechko <anserper@xxxxx>
Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v3 1/7] selinux: Remove unused variable in selinux_inode_init_security
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] selinux-testsuite: unix_socket: fix uninitialized sockaddr len arguments
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v3 0/7] Inode security label invalidation
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH v3 3/7] selinux: Get rid of file_path_has_perm
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v3 6/7] selinux: Revalidate invalid inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v3 0/7] Inode security label invalidation
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v3 7/7] gfs2: Invalide security labels of inodes when they go invalid
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v3 4/7] selinux: Push dentry down from {dentry, path, file}_has_perm
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v3 2/7] selinux: Add accessor functions for inode->i_security
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v3 5/7] security: Add hook to invalidate inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[PATCH v3 1/7] selinux: Remove unused variable in selinux_inode_init_security
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
RE: [PATCH] fix memory leaks and uninitialized jump
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
[PATCH] fix memory leaks and uninitialized jump
- From: william.c.roberts@xxxxxxxxx
Re: setoolsv4: tracking origin of a policy element
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
setoolsv4: tracking origin of a policy element
- From: Elena Reshetova <elena.reshetova@xxxxxxxxx>
[PATCH] sepolgen: Reset line numbers when parsing files
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
[PATCH V3] libselinux: Add selinux_restorecon function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [PATCH V2] libselinux: Replace selabel_digest hash function
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH V2] libselinux: Replace selabel_digest hash function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [GIT PULL] SELinux patches for 4.4
- From: James Morris <jmorris@xxxxxxxxx>
Re: [GIT PULL] SELinux patches for 4.4
- From: Paul Moore <pmoore@xxxxxxxxxx>
[GIT PULL] SELinux patches for 4.4
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH] libselinux: Replace selabel_digest hash function
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] libselinux: Replace selabel_digest hash function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: Static analysis to assist policy creation?
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: Static analysis to assist policy creation?
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
Re: [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus
- From: Stephen Smalley <stephen.smalley@xxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
Static analysis to assist policy creation?
- From: Andrew Ruef <andrew@xxxxxxxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: how to troubleshoot SELinux when auditd won't start?
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: how to troubleshoot SELinux when auditd won't start?
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
how to troubleshoot SELinux when auditd won't start?
- From: Bond Masuda <bond.masuda@xxxxxxxxxx>
did libselinux grow a new build dependency? (openssl-devel: openssl.h)
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [PATCH v2 7/7] Smack: Handle labels consistently in untrusted mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH] libselinux: Fix selabel_open(3) services if no digest requested
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [PATCH v2 7/7] Smack: Handle labels consistently in untrusted mounts
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: ANN: SELinux Userspace Release: 20150202
- From: wenzong fan <wenzong.fan@xxxxxxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: does load_policy default to loading the lowest polvers available?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH v4 09/11] smack: namespace groundwork
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
[PATCH v4 02/11] lsm: /proc/$PID/attr/label_map file and getprocattr_seq hook
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
[PATCH v4 07/11] smack: abstraction layer for 2 common Smack operations
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
[PATCH v4 11/11] smack: documentation for the Smack namespace
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
[PATCH v4 10/11] smack: namespace implementation
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
[PATCH v4 01/11] user_ns: 3 new LSM hooks for user namespace operations
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
[PATCH v4 08/11] smack: misc cleanups in preparation for a namespace patch
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
does load_policy default to loading the lowest polvers available?
- From: Dominick Grift <dac.override@xxxxxxxxx>
[PATCH v4 06/11] smack: don't use implicit star to display smackfs/syslog
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
[PATCH v4 00/11] Smack namespace
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
[PATCH v4 03/11] lsm: add file opener's cred to a setprocattr arguments
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
[PATCH v4 04/11] lsm: inode_pre_setxattr hook
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
[PATCH v4 05/11] smack: extend capability functions and fix 2 checks
- From: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
Re: [RFC PATCH V3] libselinux: Add selabel_digest function
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] libselinux: Fix parallel build with swig python
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v2 5/7] selinux: Add support for unprivileged mounts from user namespaces
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH v2 3/7] mtd: Check permissions towards mtd block device inode when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v2 4/7] fs: Treat foreign mounts as nosuid
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v2 6/7] userns: Replace in_userns with current_in_userns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v2 7/7] Smack: Handle labels consistently in untrusted mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v2 5/7] selinux: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v2 1/7] block_dev: Support checking inode permissions in lookup_bdev()
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v2 2/7] block_dev: Check permissions towards block device inode when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v2 0/7] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [RFC PATCH V3] libselinux: Add selabel_digest function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
[PATCH] libselinux: Fix parallel build with swig python
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH V3] libselinux: Add selabel_digest function
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names
- From: Steve Grubb <sgrubb@xxxxxxxxxx>
Re: [RFC PATCH v3 4/5] selinux: introduce kdbus names into the policy
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v3 1/5] kdbus: add creator credentials to the endpoints
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v3 1/5] kdbus: add creator credentials to the endpoints
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] security: selinux: Use a kmem_cache for allocation struct file_security_struct
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[RFC PATCH v3 2/5] lsm: introduce hooks for kdbus
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v3 4/5] selinux: introduce kdbus names into the policy
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v3 1/5] kdbus: add creator credentials to the endpoints
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v3 5/5] selinux: introduce kdbus access controls
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v3 0/5] kdbus LSM/SELinux hooks
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH] security: selinux: Use a kmem_cache for allocation struct file_security_struct
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 5/5] selinux: introduce kdbus access controls
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH v2 5/5] selinux: introduce kdbus access controls
- From: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
[RFC PATCH v2 5/5] selinux: introduce kdbus access controls
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v2 2/5] lsm: introduce hooks for kdbus
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v2 4/5] selinux: introduce kdbus names into the policy
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v2 1/5] kdbus: add creator credentials to the endpoints
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v2 3/5] lsm: add support for auditing kdbus service names
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v2 0/5] kdbus LSM/SELinux hooks
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: MAP_STACK and execstack
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: MAP_STACK and execstack
- From: Nick Kralevich <nnk@xxxxxxxxxx>
Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: MAP_STACK and execstack
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] security: selinux: Use a kmem_cache for allocation struct file_security_struct
- From: Sangwoo <sangwoo2.park@xxxxxxx>
[PATCH v2 1/2] security: Add hook to invalidate inode security labels
- From: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Re: Computer Science and SE Linux
- From: Hal Martin <hmarti2@xxxxxxxx>
Re: Computer Science and SE Linux
- From: Russell Coker <russell@xxxxxxxxxxxx>
Re: Computer Science and SE Linux
- From: Thomas Rozenbroek <tom.rozenbroek@xxxxxxxxxxx>
Computer Science and SE Linux
- From: Russell Coker <russell@xxxxxxxxxxxx>
MAP_STACK and execstack
- From: Nick Kralevich <nnk@xxxxxxxxxx>
RE: av_decision on audit callback
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Re: av_decision on audit callback
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
RE: av_decision on audit callback
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Re: av_decision on audit callback
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
RE: av_decision on audit callback
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Re: av_decision on audit callback
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: av_decision on audit callback
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
av_decision on audit callback
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: Jan Kara <jack@xxxxxxx>
Re: auditing kdbus service names
- From: Paul Moore <pmoore@xxxxxxxxxx>
[PATCH 3/3] Open stdin as read/write
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH 2/3] policycoreutils/newrole: Set keepcaps around setresuid calls.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH 1/3] Fix newrole to not drop capabilities from the bounding set.
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: newrole not working when built with LSPP_PRIV=y
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: Mike Snitzer <snitzer@xxxxxxxxxx>
Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: Mike Snitzer <snitzer@xxxxxxxxxx>
Re: Linux Firmware Signing
- From: "Luis R. Rodriguez" <mcgrof@xxxxxxxx>
Re: newrole not working when built with LSPP_PRIV=y
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
[PATCH 4/5] userns: Replace in_userns with current_in_userns
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH 5/5] Smack: Handle labels consistently in untrusted mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH 3/5] selinux: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH 1/5] fs: Verify access of user towards block device file when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH 2/5] fs: Treat foreign mounts as nosuid
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH 0/5] User namespace mount updates
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH 5/5] selinux: use sprintf return value
- From: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
Re: [PATCH 1/2] selinux: ioctl_has_perm should be static
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH 5/5] selinux: use sprintf return value
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH 4/5] selinux: use kstrdup() in security_get_bools()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH 3/5] selinux: use kmemdup in security_sid_to_context_core()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH 2/5] selinux: remove pointless cast in selinux_inode_setsecurity()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH 1/5] selinux: introduce security_context_str_to_sid
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[RFC PATCH V3] libselinux: Add selabel_digest function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [PATCH 0/5] Security: Provide unioned file support
- From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Re: [PATCH 0/5] Security: Provide unioned file support
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH v2] libselinux: flush the class/perm string mapping cache on policy reload
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
Re: Find attributes for a type with sepol
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH 0/5] Security: Provide unioned file support
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Find attributes for a type with sepol
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: [PATCH 1/2] selinux: ioctl_has_perm should be static
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Find attributes for a type with sepol
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Find attributes for a type with sepol
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: Find attributes for a type with sepol
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: newrole not working when built with LSPP_PRIV=y
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Find attributes for a type with sepol
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: Find attributes for a type with sepol
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: Find attributes for a type with sepol
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: [RFC PATCH V2] libselinux: Add selabel_digest function
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH 5/5] selinux: use sprintf return value
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Find attributes for a type with sepol
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: [PATCH 4/5] selinux: use kstrdup() in security_get_bools()
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH 3/5] selinux: use kmemdup in security_sid_to_context_core()
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH 2/5] selinux: remove pointless cast in selinux_inode_setsecurity()
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH 1/5] selinux: introduce security_context_str_to_sid
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH 0/5] selinux: minor cleanup suggestions
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH 1/5] Security: Provide copy-up security hooks for unioned files
- From: David Howells <dhowells@xxxxxxxxxx>
[PATCH 4/5] SELinux: Handle opening of a unioned file
- From: David Howells <dhowells@xxxxxxxxxx>
[PATCH 3/5] SELinux: Stub in copy-up handling
- From: David Howells <dhowells@xxxxxxxxxx>
[PATCH 5/5] SELinux: Check against union label for file operations
- From: David Howells <dhowells@xxxxxxxxxx>
[PATCH 2/5] Overlayfs: Use copy-up security hooks
- From: David Howells <dhowells@xxxxxxxxxx>
[PATCH 0/5] Security: Provide unioned file support
- From: David Howells <dhowells@xxxxxxxxxx>
Re: [PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH 1/2] selinux: ioctl_has_perm should be static
- From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function
- From: Nir Soffer <nsoffer@xxxxxxxxxx>
Re: [PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
[PATCH 1/2] selinux: ioctl_has_perm should be static
- From: Geliang Tang <geliangtang@xxxxxxx>
[PATCH 3/5] selinux: use kmemdup in security_sid_to_context_core()
- From: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
[PATCH 2/5] selinux: remove pointless cast in selinux_inode_setsecurity()
- From: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
[PATCH 5/5] selinux: use sprintf return value
- From: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
[PATCH 4/5] selinux: use kstrdup() in security_get_bools()
- From: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
[PATCH 0/5] selinux: minor cleanup suggestions
- From: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
[PATCH 1/5] selinux: introduce security_context_str_to_sid
- From: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
[RFC PATCH V2] libselinux: Add selinux_restorecon function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
newrole not working when built with LSPP_PRIV=y
- From: Laurent Bigonville <bigon@xxxxxxxxxx>
Re: [RFC PATCH v1 1/3] lsm: introduce hooks for kdbus
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH v1 1/3] lsm: introduce hooks for kdbus
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH v4 4/7] fs: Limit file caps to the user namespace of the super block
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v4 1/7] fs: Add user namesapace member to struct super_block
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: selinux network control question
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: selinux network control question
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: selinux network control question
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: selinux network control question
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: selinux network control question
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
selinux network control question
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [PATCH v4 1/7] fs: Add user namesapace member to struct super_block
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v4 4/7] fs: Limit file caps to the user namespace of the super block
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH v4 4/7] fs: Limit file caps to the user namespace of the super block
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH v4 1/7] fs: Add user namesapace member to struct super_block
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: Cil Macros
- From: Dan <dtdevore64@xxxxxxxxx>
Re: Cil Macros
- From: Dan <dtdevore64@xxxxxxxxx>
Re: [PATCH v2] selinux: do not check open perm on ftruncate call
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH v1 1/3] lsm: introduce hooks for kdbus
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Cil Macros
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: Cil Macros
- From: Dan <dtdevore64@xxxxxxxxx>
Re: [RFC PATCH v1 1/3] lsm: introduce hooks for kdbus
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Find attributes for a type with sepol
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: Find attributes for a type with sepol
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Find attributes for a type with sepol
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: Cil Macros
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: overlayfs+selinux error: OPNOTSUPP
- From: Matthew Cengia <mattcen@xxxxxxxxxxxx>
Cil Macros
- From: Dan <dtdevore64@xxxxxxxxx>
Find attributes for a type with sepol
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
[RFC PATCH v1 3/3] selinux: introduce kdbus access controls
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v1 2/3] selinux: introduce kdbus names into the policy
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v1 1/3] lsm: introduce hooks for kdbus
- From: Paul Moore <pmoore@xxxxxxxxxx>
[RFC PATCH v1 0/3] Another take on the kdbus LSM hooks
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [PATCH v3 5/7] fs: Treat foreign mounts as nosuid
- From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
[PATCH v4 7/7] selinux: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 4/7] fs: Limit file caps to the user namespace of the super block
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 5/7] fs: Treat foreign mounts as nosuid
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 3/7] fs: Verify access of user towards block device file when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 2/7] userns: Simpilify MNT_NODEV handling.
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 1/7] fs: Add user namesapace member to struct super_block
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v4 0/7] Initial support for user namespace owned mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [RFC PATCH] selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: overlayfs+selinux error: OPNOTSUPP
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: overlayfs+selinux error: OPNOTSUPP
- From: Russell Coker <russell@xxxxxxxxxxxx>
[PATCH v2] libselinux: flush the class/perm string mapping cache on policy reload
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] libselinux: flush the class/perm string mapping cache on policy reload
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] libselinux: Fix restorecon when path has no context
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] Add neverallow support for ioctl extended permissions
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: overlayfs+selinux error: OPNOTSUPP
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: overlayfs+selinux error: OPNOTSUPP
- From: Matthew Cengia <mattcen@xxxxxxxxxxxx>
Re: overlayfs+selinux error: OPNOTSUPP
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: overlayfs+selinux error: OPNOTSUPP
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: How can i remove net_raw capability from unconfined?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: how to run setsebool -P in chroot?
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] Add neverallow support for ioctl extended permissions
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [RFC PATCH] selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default
- From: Paul Moore <pmoore@xxxxxxxxxx>
Re: [RFC PATCH] selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[RFC PATCH] selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default
- From: Paul Moore <pmoore@xxxxxxxxxx>
overlayfs+selinux error: OPNOTSUPP
- From: Matthew Cengia <mattcen@xxxxxxxxxxxx>
[PATCH] libselinux: Fix restorecon when path has no context
- From: Nir Soffer <nirsof@xxxxxxxxx>
Re: how to run setsebool -P in chroot?
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
How can i remove net_raw capability from unconfined?
- From: "Gmail" <pag.maurizio@xxxxxxxxx>
[RFC PATCH] libselinux: Add selinux_restorecon function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
[RFC PATCH V2] libselinux: Add selabel_digest function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
how to run setsebool -P in chroot?
- From: Bond Masuda <bond.masuda@xxxxxxxxxx>
Re: [PATCH] Add neverallow support for ioctl extended permissions
- From: Nick Kralevich <nnk@xxxxxxxxxx>
[PATCH] Add neverallow support for ioctl extended permissions
- From: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
Re: [PATCH v2] selinux: do not check open perm on ftruncate call
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH v2] selinux: do not check open perm on ftruncate call
- From: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
[PATCH] selinux: do not check open perm on ftruncate call
- From: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
Re: remove unconfined user
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: http process running as initrc_t
- From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Re: [PATCH v3 2/7] userns: Simpilify MNT_NODEV handling.
- From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
Re: [PATCH v3 6/7] Smack: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 5/7] fs: Treat foreign mounts as nosuid
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: [PATCH v3 2/7] userns: Simpilify MNT_NODEV handling.
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: [PATCH v3 2/7] userns: Simpilify MNT_NODEV handling.
- From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
Re: [PATCH v3 5/7] fs: Treat foreign mounts as nosuid
- From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
Re: [PATCH v3 6/7] Smack: Add support for unprivileged mounts from user namespaces
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
http process running as initrc_t
- From: Divya Vyas <dvyas@xxxxxxxxxx>
[PATCH v3 7/7] selinux: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 6/7] Smack: Add support for unprivileged mounts from user namespaces
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 0/7] Initial support for user namespace owned mounts
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 5/7] fs: Treat foreign mounts as nosuid
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 4/7] fs: Limit file caps to the user namespace of the super block
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 3/7] fs: Verify access of user towards block device file when mounting
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 2/7] userns: Simpilify MNT_NODEV handling.
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
[PATCH v3 1/7] fs: Add user namesapace member to struct super_block
- From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Re: ftruncate triggering open denial
- From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
Re: ftruncate triggering open denial
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
ftruncate triggering open denial
- From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
remove unconfined user
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: Neverallow in http policy
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
Re: Neverallow in http policy
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: Neverallow in http policy
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
Neverallow in http policy
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: [PATCH v2] libsepol/cil: improve recursion detection
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [RFC PATCH] libselinux: Add selabel_digest function
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH v2] libsepol/cil: improve recursion detection
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH] libsepol/cil: improve recursion detection
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH] libsepol/cil: improve recursion detection
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH] libsepol/cil: improve recursion detection
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH] libselinux: Free memory when processing media and x specfiles
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: [PATCH] libselinux: Fix mmap memory release for file labeling
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] libselinux: Free memory when processing media and x specfiles
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
[PATCH] libselinux: Fix mmap memory release for file labeling
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
[PATCH] libsepol/cil: improve recursion detection
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: Policy disable error
- From: Dominick Grift <dac.override@xxxxxxxxx>
Policy disable error
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: secilc: segfault on what should be "Recursive block call found"?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: secilc: segfault on what should be "Recursive block call found"?
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: secilc: segfault on what should be "Recursive block call found"?
- From: Dominick Grift <dac.override@xxxxxxxxx>
secilc: segfault on what should be "Recursive block call found"?
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: Can I change default policy from targeted to minimum
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Re: Can I change default policy from targeted to minimum
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: Can I change default policy from targeted to minimum
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: secilc: in segfault
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: Can I change default policy from targeted to minimum
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: Can I change default policy from targeted to minimum
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: [PATCH] libsepol/cil: Fix uninitialized false positive in cil_binary
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH] libsepol/cil: Provide error if classperms are empty
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH] libsepol/cil: Add userattribute{set} functionality
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: Can I change default policy from targeted to minimum
- From: Dominick Grift <dac.override@xxxxxxxxx>
Can I change default policy from targeted to minimum
- From: Divya Vyas <dvyas@xxxxxxxxxx>
[PATCH] libsepol/cil: Fix uninitialized false positive in cil_binary
- From: Yuli Khodorkovskiy <ykhodorkovskiy@xxxxxxxxxx>
[PATCH] libsepol/cil: Provide error if classperms are empty
- From: Yuli Khodorkovskiy <ykhodorkovskiy@xxxxxxxxxx>
Re: [PATCH] libsepol/cil: Add userattribute{set} functionality
- From: Dominick Grift <dac.override@xxxxxxxxx>
RE: [PATCH] libsepol/cil: Add userattribute{set} functionality
- From: Yuli Khodorkovskiy <ykhodorkovskiy@xxxxxxxxxx>
Re: [PATCH] libsepol/cil: Add userattribute{set} functionality
- From: Dominick Grift <dac.override@xxxxxxxxx>
[PATCH] libsepol/cil: Add userattribute{set} functionality
- From: Yuli Khodorkovskiy <ykhodorkovskiy@xxxxxxxxxx>
Re: [PATCH] libsepol/cil: fix blockinherit copying segfault and add macro restrictions
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH] libsepol/cil: fix blockinherit copying segfault and add macro restrictions
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: secilc: in segfault
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: secilc: in segfault
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: secilc: in segfault
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: secilc: in segfault
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH] libsepol/cil: fix NULL pointer dereference when copying classpermission/set
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
[PATCH] libsepol/cil: fix NULL pointer dereference when copying classpermission/set
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: secilc: any idea why this commit causes secilc to segfault?
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: No http boolean
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: secilc: any idea why this commit causes secilc to segfault?
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
secilc: any idea why this commit causes secilc to segfault?
- From: Dominick Grift <dac.override@xxxxxxxxx>
No http boolean
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: 答复: got some problems with the type_transition rules
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[RFC PATCH] libselinux: Add selabel_digest function
- From: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: Kees Cook <keescook@xxxxxxxxxxxx>
Re: Not able to enter root after enabling selinux
- From: Sven Vermeulen <sven.vermeulen@xxxxxxxxx>
Not able to enter root after enabling selinux
- From: Divya Vyas <dvyas@xxxxxxxxxx>
答复: got some problems with the type_transition rules
- From: kuangjiou <kuangjiou@xxxxxxxxxx>
Re: got some problems with the type_transition rules
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: got some problems with the type_transition rules
- From: kuangjiou <kuangjiou@xxxxxxxxxx>
Re: got some problems with the type_transition rules
- From: Dominick Grift <dac.override@xxxxxxxxx>
got some problems with the type_transition rules
- From: kuangjiou <kuangjiou@xxxxxxxxxx>
Re: Enable user_xattr - Selinux failing
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: Enable user_xattr - Selinux failing
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: Enable user_xattr - Selinux failing
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: Enable user_xattr - Selinux failing
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: Enable user_xattr - Selinux failing
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: Enable user_xattr - Selinux failing
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: Enable user_xattr - Selinux failing
- From: Dominick Grift <dac.override@xxxxxxxxx>
Enable user_xattr - Selinux failing
- From: Divya Vyas <dvyas@xxxxxxxxxx>
Re: [PATCH] libsemanage: save homedir_template in the policy store for genhomedircon
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
Re: [PATCH] libsemanage: store users_extra in the policy store
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] libsemanage: store users_extra in the policy store
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH] libsemanage: save homedir_template in the policy store for genhomedircon
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH] libsemanage: save homedir_template in the policy store for genhomedircon
- From: Stephen Smalley <sds@xxxxxxxxxxxxx>
[PATCH] libsemanage: save homedir_template in the policy store for genhomedircon
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: secilc: in segfault
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: secilc: in segfault
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: secilc: in segfault
- From: Petr Lautrbach <plautrba@xxxxxxxxxx>
Re: secilc: in segfault
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: secilc: in segfault
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: secilc: in segfault
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: "Luis R. Rodriguez" <mcgrof@xxxxxxxx>
Re: Linux Firmware Signing
- From: "Luis R. Rodriguez" <mcgrof@xxxxxxxx>
Re: Linux Firmware Signing
- From: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: "Luis R. Rodriguez" <mcgrof@xxxxxxxx>
Re: Linux Firmware Signing
- From: Kees Cook <keescook@xxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: "Luis R. Rodriguez" <mcgrof@xxxxxxxx>
bug: homedir fcontexts disappear when flipping a boolean
- From: Jason Zaman <jason@xxxxxxxxxxxxx>
secilc: in segfault
- From: Dominick Grift <dac.override@xxxxxxxxx>
Re: [PATCH v2 2/3] libsepol/cil: add ioctl whitelist support
- From: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx>
Re: [PATCH v2 2/3] libsepol/cil: add ioctl whitelist support
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH v2 2/3] libsepol/cil: add ioctl whitelist support
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: [PATCH v2 2/3] libsepol/cil: add ioctl whitelist support
- From: Steve Lawrence <slawrence@xxxxxxxxxx>
Re: [PATCH v2 2/3] libsepol/cil: add ioctl whitelist support
- From: James Carter <jwcart2@xxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: Austin S Hemmelgarn <ahferroin7@xxxxxxxxx>
Re: Linux Firmware Signing
- From: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: Kees Cook <keescook@xxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: "Luis R. Rodriguez" <mcgrof@xxxxxxxx>
Re: Linux Firmware Signing
- From: Kees Cook <keescook@xxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: "Luis R. Rodriguez" <mcgrof@xxxxxxxx>
Re: Linux Firmware Signing
- From: "Luis R. Rodriguez" <mcgrof@xxxxxxxx>
Re: Linux Firmware Signing
- From: Eric Paris <eparis@xxxxxxxxxx>
Re: Linux Firmware Signing
- From: William Roberts <bill.c.roberts@xxxxxxxxx>
Re: Linux Firmware Signing
- From: Joshua Brindle <brindle@xxxxxxxxxxxxxxxxx>
Re: Linux Firmware Signing
- From: Kees Cook <keescook@xxxxxxxxxxxx>
RE: Linux Firmware Signing
- From: "Roberts, William C" <william.c.roberts@xxxxxxxxx>

[Index of Archives] [Selinux Refpolicy] [Fedora Users] [Linux Kernel Development]