SELinux - Date Index

Thread Index

[Prev Page][Next Page]

Re: [PATCH linux-next 1/2] perf: Remove unnecessary parameter of security check
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2] selinux: match extended permissions to their base permissions
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: kernel-secnext aarch64 builds missing?
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH v2 22/22] selinux: restrict policy strings
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: kernel-secnext aarch64 builds missing?
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
[PATCH userspace 4/4] ci: fix pypy conditional
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
[PATCH userspace 3/4] ci: add missing libbz2-dev dependency
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
[PATCH userspace 1/4] ci: use Testing Farm for running the testsuite
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
[PATCH userspace 2/4] ci: update Python versions
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
[PATCH userspace 0/4] ci: fix and migrate the testsuite part to Testing Farm
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
[no subject]
- From: Unknown
[RFC PATCH 44/44] selinux: fix inode initialization when no namespace is initialized
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 43/44] selinux: introduce a Kconfig option for SELinux namespaces
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 42/44] selinux: exempt creation of init SELinux namespace from limits
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 40/44] selinux: init inode from nearest initialized namespace
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 41/44] selinux: allow userspace to detect non-init SELinux namespace
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 39/44] selinux: defer inode init on current selinux state
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 35/44] selinux: split cred_ssid_has_perm() into two cases
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 34/44] selinux: make open_perms namespace-aware
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 38/44] selinux: convert nlmsg_sock_has_extended_perms() to namespace-aware
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 36/44] selinux: set initial SID context for init to "kernel" in global SID table
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 37/44] selinux: disallow writes to /sys/fs/selinux/user in non-init namespaces
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 33/44] selinux: refactor selinux_state_create()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 32/44] selinux: limit selinux netlink notifications to init namespace
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 30/44] selinux: add limits for SELinux namespaces
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 25/44] selinux: introduce selinux_state_has_perm()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 28/44] selinux: convert xfrm and netlabel permission checks
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 31/44] selinux: fix namespace creation
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 29/44] selinux: switch selinux_lsm_setattr() checks to current namespace
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 27/44] selinux: annotate process transition permission checks
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 23/44] selinux: rename cred_has_perm*() to cred_tsid_has_perm*()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 24/44] selinux: convert additional checks to cred_ssid_has_perm()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 26/44] selinux: annotate selinuxfs permission checks
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 21/44] selinux: add kerneldoc to new permission checking functions
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 22/44] selinux: convert selinux_file_send_sigiotask() to namespace-aware helper
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 11/44] selinux: wrap security server interfaces to use the global SID table
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 16/44] selinux: introduce cred_has_perm()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 20/44] selinux: update bprm hooks for selinux namespaces
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 19/44] selinux: fix selinux_lsm_getattr() check
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 13/44] selinux: introduce cred_task_has_perm()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 18/44] selinux: introduce task_obj_perm()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 10/44] selinux: introduce a global SID table
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 15/44] selinux: introduce cred_self_has_perm()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 17/44] selinux: introduce cred_ssid_has_perm() and cred_other_has_perm()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 12/44] selinux: update hook functions to use correct selinux namespace
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 14/44] selinux: introduce cred_has_extended_perms()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 01/44] selinux: restore passing of selinux_state
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 07/44] selinux: introduce cred_selinux_state() and use it
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 09/44] selinuxfs: restrict write operations to the same selinux namespace
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 02/44] selinux: introduce current_selinux_state
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 08/44] selinux: add a selinuxfs interface to unshare selinux namespace
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 06/44] selinux: support per-task/cred selinux namespace
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 03/44] selinux: support multiple selinuxfs instances
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 04/44] selinux: dynamically allocate selinux namespace
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 05/44] netstate,selinux: create the selinux netlink socket per network namespace
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH 00/44] SELinux namespace support
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH 1/3] check-syntax: update arguments for astyle v3.2 (possibly earlier)
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
[PATCH 2/2] python: fix typos
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 1/2] libsepol: fix typos
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH] libselinux: avoid quadratic complexity for many regex specs validation
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH] semanage: improve -e documentation and fix delete operation
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH] libselinux: update max node depth
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH] libselinux/fuzz: readjust load_mmap() update
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
[PATCH linux-next 2/2] perf: Return EACCESS when need perfmon capability
- From: Luo Gengkun <luogengkun@xxxxxxxxxxxxxxx>
[PATCH linux-next 1/2] perf: Remove unnecessary parameter of security check
- From: Luo Gengkun <luogengkun@xxxxxxxxxxxxxxx>
[PATCH linux-next 0/2] Fix perf security check problem
- From: Luo Gengkun <luogengkun@xxxxxxxxxxxxxxx>
[PATCH v2] selinux: match extended permissions to their base permissions
- From: "Thiébaud Weksteen" <tweek@xxxxxxxxxx>
Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup()
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH 1/2] lsm: add LSM hooks for io_uring_setup()
- From: Hamza Mahfooz <hamzamahfooz@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup()
- From: Jens Axboe <axboe@xxxxxxxxx>
[PATCH] lsm,io_uring: add LSM hooks for io_uring_setup()
- From: Hamza Mahfooz <hamzamahfooz@xxxxxxxxxxxxxxxxxxx>
selinux@xxxxxxxxxxxxxxx CDIF Comprobante 15:02
- From: pago214@xxxxxxxxxxxxxxxxxxxxxx
Re: kernel-secnext aarch64 builds missing?
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: kernel-secnext aarch64 builds missing?
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
Re: [GIT PULL] selinux/selinux-pr-20241217
- From: pr-tracker-bot@xxxxxxxxxx
Re: [PATCH] selinux: support wildcard match in genfscon
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
ANN: SELinux userspace 3.8-rc3 release
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
[GIT PULL] selinux/selinux-pr-20241217
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: kernel-secnext aarch64 builds missing?
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: support wildcard match in genfscon
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
[PATCH 5/6] Audit: multiple subject lsm values for netlabel
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH 4/6] Audit: Add record for multiple task security contexts
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH 6/6] Audit: Add record for multiple object contexts
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH 2/6] Audit: Allow multiple records in an audit_buffer
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH 1/6] Audit: Create audit_stamp structure
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH 0/6] Audit: Records for multiple security contexts
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH 3/6] LSM: security_lsmblob_to_secctx module selection
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH] libselinux/fuzz: readjust load_mmap() update
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH] libsemanage: Mute error messages from selinux_restorecon
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [RFC PATCH v2] libselinux: restore previous regex spec ordering
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libselinux/fuzz: update for lookup_all() change
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libsepol: add missing word separators in error message
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] Always build for LFS mode on 32-bit archs.
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v2] sepolgen-ifgen: allow M4 escaped filenames
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [RFC PATCH v2] libselinux: restore previous regex spec ordering
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v2] sepolgen-ifgen: allow M4 escaped filenames
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libsemanage: Mute error messages from selinux_restorecon
- From: James Carter <jwcart2@xxxxxxxxx>
Re: kernel-secnext aarch64 builds missing?
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: support wildcard match in genfscon
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: kernel-secnext aarch64 builds missing?
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[RFC PATCH 2/3] checkpolicy: add support for wildcard netifcon names
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 1/3] libsepol: update sort order for netifcon definitions
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 3/3] secilc/test: add test for wildcard netifcon statement
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH] selinux: support wildcard network interface names
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH v2] sepolgen-ifgen: allow M4 escaped filenames
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Re: [RFC PATCH v2] libselinux: restore previous regex spec ordering
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
Re: [PATCH] selinux: support wildcard match in genfscon
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
Re: [PATCH] selinux: support wildcard match in genfscon
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[syzbot] [selinux?] [mm?] [overlayfs?] INFO: rcu detected stall in sys_mkdirat (2)
- From: syzbot <syzbot+ea07f6744590acf5f48f@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH] Always build for LFS mode on 32-bit archs.
- From: James Carter <jwcart2@xxxxxxxxx>
[RFC PATCH v2 22/22] selinux: restrict policy strings
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 00/22] selinux: harden against malformed policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 20/22] selinux: more strict bounds check
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 21/22] selinux: check for simple types
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 18/22] selinux: beef up isvalid checks
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 19/22] selinux: validate symbols
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 17/22] selinux: reorder policydb_index()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 15/22] selinux: introduce ebitmap_highest_set_bit()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 16/22] selinux: check type attr map overflows
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 14/22] selinux: pre-validate conditional expressions
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 11/22] selinux: more strict policy parsing
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 13/22] selinux: validate constraints
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 12/22] selinux: check length fields in policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 09/22] selinux: make use of str_read()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 10/22] selinux: use u16 for security classes
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 08/22] selinux: avoid unnecessary indirection in struct level_datum
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 07/22] selinux: use known type instead of void pointer
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 06/22] selinux: rename comparison functions for clarity
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 03/22] selinux: align and constify functions
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 01/22] selinux: supply missing field initializers
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 05/22] selinux: avoid nontransitive comparison
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 02/22] selinux: avoid using types indicating user space interaction
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH v2 04/22] selinux: rework match_ipv6_addrmask()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [RFC PATCH 22/22] selinux: restrict policy strings
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Re: [RFC PATCH 07/22] selinux: use known type instead of void pointer
- From: Daniel Burgener <dburgener@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH 06/22] selinux: rename comparison functions for clarity
- From: Daniel Burgener <dburgener@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] selinux: use native iterator types
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: support wildcard match in genfscon
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH] selinux: support wildcard match in genfscon
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
Re: [PATCH] selinux: match extended permissions to their base permissions
- From: Thiébaud Weksteen <tweek@xxxxxxxxxx>
Re: [PATCH v2] selinux: ignore unknown extended permissions
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: match extended permissions to their base permissions
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2] selinux: add netlink nlmsg_type audit message
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2] selinux: add netlink nlmsg_type audit message
- From: Thiébaud Weksteen <tweek@xxxxxxxxxx>
Re: [PATCH] selinux: use native iterator types
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: use native iterator types
- From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
RE: [PATCH] selinux: use native iterator types
- From: David Laight <David.Laight@xxxxxxxxxx>
Re: [PATCH] selinux: support wildcard match in genfscon
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH 22/22] selinux: restrict policy strings
- From: Daniel Burgener <dburgener@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH v2] selinux: add support for xperms in conditional policies
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2] selinux: add netlink nlmsg_type audit message
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: add netlink nlmsg_type audit message
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind()
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind()
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
[RFC PATCH v2] libselinux: restore previous regex spec ordering
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH] libsemanage: Mute error messages from selinux_restorecon
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
Re: The curious case of pidfs and pidfds
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH] selinux: Read sk->sk_family once in selinux_socket_bind()
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
Re: The curious case of pidfs and pidfds
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: The curious case of pidfs and pidfds
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: The curious case of pidfs and pidfds
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [RFC PATCH] ioctl: add test for conditional xperms
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH v2] selinux: add support for xperms in conditional policies
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[PATCH] selinux: Read sk->sk_family once in selinux_socket_bind()
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
3.8-rc2 will become rc3
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Re: [RFC PATCH] libselinux: restore previous regex spec ordering
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
Re: [PATCH] selinux: support wildcard match in genfscon
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
The curious case of pidfs and pidfds
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: support wildcard match in genfscon
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH RFC] selinux: Fix SCTP error inconsistency in selinux_socket_bind()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: use native iterator types
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2] selinux: add generated av_permissions.h to targets
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH] libselinux: restore previous regex spec ordering
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Re: [PATCH] selinux: KASAN; slab-out-of-bounds in avc_lookup
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH 1/9] Revert "libselinux/utils: drop reachable assert in sefcontext_compile"
- From: James Carter <jwcart2@xxxxxxxxx>
[RFC PATCH] libselinux: restore previous regex spec ordering
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 9/9] Revert "libselinux: rework selabel_file(5) database"
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 8/9] Revert "libselinux: add selabel_file(5) fuzzer"
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 6/9] Revert "libselinux: move functions out of header file"
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 7/9] Revert "libselinux: support parallel selabel_lookup(3)"
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 5/9] Revert "libselinux: avoid memory allocation in common file label lookup"
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 4/9] Revert "libselinux: use vector instead of linked list for substitutions"
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 2/9] Revert "libselinux/utils: use correct error handling"
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 3/9] Revert "libselinux: simplify string formatting"
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 1/9] Revert "libselinux/utils: drop reachable assert in sefcontext_compile"
- From: James Carter <jwcart2@xxxxxxxxx>
Re: Incompatible file_contexts precedence in 3.8-rc1
- From: James Carter <jwcart2@xxxxxxxxx>
Re: Incompatible file_contexts precedence in 3.8-rc1
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
Re: Incompatible file_contexts precedence in 3.8-rc1
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
[PATCH] selinux: support wildcard match in genfscon
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
Re: [RFC] genfscon wildcard support for faster sysfs labeling
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
Incompatible file_contexts precedence in 3.8-rc1
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
[PATCH] selinux: KASAN; slab-out-of-bounds in avc_lookup
- From: Joey Jiao <quic_jiangenj@xxxxxxxxxxx>
Re: [PATCH v3 1/5] LSM: Ensure the correct LSM context releaser
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH] libselinux/fuzz: update for lookup_all() change
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v3 1/5] LSM: Ensure the correct LSM context releaser
- From: Kees Bakker <kees@xxxxxxxxxxxx>
Re: [RFC] genfscon wildcard support for faster sysfs labeling
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
Re: Systemd socket labeling issue
- From: Daniel Burgener <dburgener@xxxxxxxxxxxxxxxxxxx>
[PATCH] libselinux/fuzz: update for lookup_all() change
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH v2] selinux: ignore unknown extended permissions
- From: Thiébaud Weksteen <tweek@xxxxxxxxxx>
Re: [RFC] genfscon wildcard support for faster sysfs labeling
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
[RFC] genfscon wildcard support for faster sysfs labeling
- From: Takaya Saeki <takayas@xxxxxxxxxxxx>
[PATCH] selinux: match extended permissions to their base permissions
- From: "Thiébaud Weksteen" <tweek@xxxxxxxxxx>
[PATCH v2] selinux: add netlink nlmsg_type audit message
- From: "Thiébaud Weksteen" <tweek@xxxxxxxxxx>
[PATCH v2] selinux: ignore unknown extended permissions
- From: "Thiébaud Weksteen" <tweek@xxxxxxxxxx>
Re: [PATCH] selinux: ignore unknown extended permissions
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] libsepol: add missing word separators in error message
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v1 1/2] libsepol: allow specifying SUBDIRS when building
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v2 1/3] libselinux: make use of calloc(3)
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] checkpolicy: drop host bits in IPv6 CIDR address
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libsepol: avoid unnecessary memset(3) calls in hashtab
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libselinux/utils: use correct error handling
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v3 1/3] libselinux: avoid memory allocation in common file label lookup
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 1/2] libsepol: harden availability check against user CFLAGS
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [RFC PATCH] Introduce POLICYDB_VERSION_KERNEL_MAX
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
[PATCH] libsepol: add missing word separators in error message
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output()
- From: Jakub Kicinski <kuba@xxxxxxxxxx>
[PATCH] selinux: ignore unknown extended permissions
- From: "Thiébaud Weksteen" <tweek@xxxxxxxxxx>
Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile
- From: James Carter <jwcart2@xxxxxxxxx>
Systemd socket labeling issue
- From: Daniel Burgener <dburgener@xxxxxxxxxxxxxxxxxxx>
[PATCH] libselinux/utils: drop reachable assert in sefcontext_compile
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
[PATCH v2] libselinux/utils: drop reachable assert in sefcontext_compile
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: Regression in 92306daf5219 ("libselinux: rework selabel_file(5) database")
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Regression in 92306daf5219 ("libselinux: rework selabel_file(5) database")
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Re: [PATCH v2] selinux: add support for xperms in conditional policies
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [RFC PATCH 11/22] selinux: more strict policy parsing
- From: Thiébaud Weksteen <tweek@xxxxxxxxxx>
Re: [PATCH] checkpolicy: drop host bits in IPv6 CIDR address
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libsepol: avoid unnecessary memset(3) calls in hashtab
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libselinux/utils: use correct error handling
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v3 1/3] libselinux: avoid memory allocation in common file label lookup
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [RFC PATCH] Introduce POLICYDB_VERSION_KERNEL_MAX
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[RFC PATCH] Introduce POLICYDB_VERSION_KERNEL_MAX
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH] checkpolicy: drop host bits in IPv6 CIDR address
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output()
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH] Always build for LFS mode on 32-bit archs.
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH] libsepol: avoid unnecessary memset(3) calls in hashtab
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH] libselinux/utils: use correct error handling
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH] ioctl: add test for conditional xperms
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH v2] selinux: add support for xperms in conditional policies
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Re: [PATCH v2] selinux: add generated av_permissions.h to targets
- From: Masahiro Yamada <masahiroy@xxxxxxxxxx>
ANN: SELinux userspace 3.8-rc1 release
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Re: [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Re: [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Re: [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH v2] selinux: add generated av_permissions.h to targets
- From: Thomas Weißschuh <thomas.weissschuh@xxxxxxxxxxxxx>
Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output()
- From: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
Re: [PATCH] selinux: explicitly clean generated av_permissions.h
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH net] selinux: use sk_to_full_sk() in selinux_ip_output()
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
[syzbot] [selinux?] KASAN: slab-out-of-bounds Read in selinux_ip_output
- From: syzbot <syzbot+2d9f5f948c31dcb7745e@xxxxxxxxxxxxxxxxxxxxxxxxx>
[PATCH v3 3/3] libselinux: simplify string formatting
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 2/3] libselinux: use vector instead of linked list for substitutions
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 1/3] libselinux: avoid memory allocation in common file label lookup
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH v2] bpf, lsm: Remove getlsmprop hooks BTF IDs
- From: patchwork-bot+netdevbpf@xxxxxxxxxx
[PATCH v2] bpf, lsm: Remove getlsmprop hooks BTF IDs
- From: Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs
- From: Matt Bobrowski <mattbobrowski@xxxxxxxxxx>
Re: [RFC PATCH 00/22] selinux: harden against malformed policies
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
[PATCH v2 1/9] libsemanage: set O_CLOEXEC flag for file descriptors
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 1/3] libselinux: avoid memory allocation in common file label lookup
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 3/3] libselinux: simplify string formatting
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 2/3] libselinux: use vector instead of linked list for substitutions
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH] selinux: use native iterator types
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 8/9] libsemanage/man: add documentation for command overrides
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 7/9] libsemanage: optimize policy by default
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 6/9] libsemanage: simplify file deletion
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 4/9] libsemanage: drop duplicate newlines and error descriptions in error messages
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 3/9] libsemanage: handle shell allocation failure
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 5/9] libsemanage: check closing written files
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 2/9] libsemanage: handle cil_set_handle_unknown() failure
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs
- From: Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
Re: [PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs
- From: Jiri Olsa <olsajiri@xxxxxxxxx>
[PATCH] bpf, lsm: Fix getlsmprop hooks BTF IDs
- From: Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
Re: [PATCH 1/2] libsepol: harden availability check against user CFLAGS
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v2 1/3] libselinux: make use of calloc(3)
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 01/47] libsemanage: white space cleanup
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 1/2] libselinux: avoid memory allocation in common file label lookup
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 2/2] selinux: use vector instead of linked list for substitutions
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH 01/47] libsemanage: white space cleanup
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] selinux: explicitly clean generated av_permissions.h
- From: Thomas Weißschuh <thomas.weissschuh@xxxxxxxxxxxxx>
Re: [PATCH] mm/kmemleak: Fix sleeping function called from invalid context in kmemleak_seq_show
- From: Alessandro Carminati <acarmina@xxxxxxxxxx>
[PATCH 2/2] libselinux: harden availability check against user CFLAGS
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 1/2] libsepol: harden availability check against user CFLAGS
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
[PATCH v3 2/3] libselinux: avoid dynamic allocation in openattr()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 3/3] libselinux: move functions out of header file
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 1/3] libselinux: make use of calloc(3)
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 2/3] libselinux: avoid dynamic allocation in openattr()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH] selinux: explicitly clean generated av_permissions.h
- From: Masahiro Yamada <masahiroy@xxxxxxxxxx>
[PATCH] selinux: explicitly clean generated av_permissions.h
- From: Thomas Weißschuh <thomas.weissschuh@xxxxxxxxxxxxx>
Re: [GIT PULL] selinux/selinux-pr-20241112
- From: pr-tracker-bot@xxxxxxxxxx
Re: [PATCH] fixfiles: use `grep -F` when search in mounts
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libsemanage: open lock_file with O_RDWR
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v5 1/6] libsepol: misc assertion cleanup
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] checkpolicy: avoid leak of identifier on required attribute
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] checkpolicy: avoid memory leaks on redeclarations
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v3 1/9] policycoreutils: introduce unsetfiles
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 1/3] libsepol/cil: Optionally allow duplicate role declarations
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 1/2] restorecond: Set GLib IO channels to binary mode
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v3] checkpolicy: Fix MLS users in optional blocks
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [RFC PATCH 00/22] selinux: harden against malformed policies
- From: Daniel Burgener <dburgener@xxxxxxxxxxxxxxxxxxx>
[PATCH 05/17] tests: enable strictness for perl scripts
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 17/17] tests: drop headers from Makefile dependencies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 01/17] Fix typos
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 11/17] tests/inet_socket: skip mptcp if not supported
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 09/17] tests/extended_socket_class: work with CONFIG_CRYPTO_USER_API disabled
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 00/17] testsuite: misc fixes and virtme-ng support
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 10/17] tests/tun_tap: skip if not supported
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 16/17] tests: fail on compiler warnings and enable Wextra
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 15/17] tests: test code tweaks
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 14/17] defconfig: enable CONFIG_NETFILTER_NETLINK_LOG
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 13/17] defconfig: enable CONFIG_XFRM_USER
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 07/17] test: overlayfs related tweaks
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 12/17] tests/filesystem: improve fsnotify check and preload loop module
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 08/17] tests/notify: work with CONFIG_FANOTIFY disabled
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 06/17] Makefile: add PHONY targets
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 02/17] Makefile: use $(MAKE) to pass options
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 04/17] tests: port scripts to sh and please shellcheck
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 03/17] tools: quote command to prevent word splitting
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: Intent to release 3.7
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Re: [PATCH] fixfiles: use `grep -F` when search in mounts
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 1/2] restorecond: Set GLib IO channels to binary mode
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libsemanage: open lock_file with O_RDWR
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 1/3] libsepol/cil: Optionally allow duplicate role declarations
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v3] checkpolicy: Fix MLS users in optional blocks
- From: James Carter <jwcart2@xxxxxxxxx>
[RFC PATCH 22/22] selinux: restrict policy strings
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 00/22] selinux: harden against malformed policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 21/22] selinux: check for simple types
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 20/22] selinux: more strict bounds check
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 19/22] selinux: validate symbols
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 18/22] selinux: beef up isvalid checks
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 17/22] selinux: reorder policydb_index()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 16/22] selinux: check type attr map overflows
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 15/22] selinux: introduce ebitmap_highest_set_bit()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 14/22] selinux: pre-validate conditional expressions
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 13/22] selinux: validate constraints
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 12/22] selinux: check length fields in policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 11/22] selinux: more strict policy parsing
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 10/22] selinux: use u16 for security classes
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 09/22] selinux: make use of str_read()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 08/22] selinux: avoid unnecessary indirection in struct level_datum
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 07/22] selinux: use known type instead of void pointer
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 06/22] selinux: rename comparison functions for clarity
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 04/22] selinux: rework match_ipv6_addrmask()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 03/22] selinux: align and constify functions
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 01/22] selinux: supply missing field initializers
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 02/22] selinux: avoid using types indicating user space interaction
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[RFC PATCH 05/22] selinux: avoid nontransitive comparison
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH v3 1/9] policycoreutils: introduce unsetfiles
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v5 1/6] libsepol: misc assertion cleanup
- From: James Carter <jwcart2@xxxxxxxxx>
Re: RFC: Adding a dyntrans in systemd pid1's forking
- From: Chris PeBenito <chpebeni@xxxxxxxxxxxxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: RFC: Adding a dyntrans in systemd pid1's forking
- From: Kenton Groombridge <me@xxxxxxxxxx>
Re: RFC: Adding a dyntrans in systemd pid1's forking
- From: Chris PeBenito <chpebeni@xxxxxxxxxxxxxxxxxxx>
[PATCH] fixfiles: use `grep -F` when search in mounts
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Intent to release 3.7
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
[PATCH v1 1/2] libsepol: allow specifying SUBDIRS when building
- From: dmitry.sharshakov@xxxxxxxxxxxxxx
[PATCH v1 2/2] libsemanage: allow specifying SUBDIRS when building
- From: dmitry.sharshakov@xxxxxxxxxxxxxx
[GIT PULL] selinux/selinux-pr-20241112
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[RFC PATCH] selinux: Fix SCTP error inconsistency in selinux_socket_bind()
- From: Mikhail Ivanov <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
Re: Allow rule not having any effect?!
- From: Dominick Grift <dominick.grift@xxxxxxxxxxx>
Re: How to write a policy for a "service wrapper"?
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
Re: How to write a policy for a "service wrapper"?
- From: Dominick Grift <dominick.grift@xxxxxxxxxxx>
SOLVED: Allow rule not having any effect?!
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
Allow rule not having any effect?!
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
How to write a policy for a "service wrapper"?
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
[PATCH 39/47] libsemanage: avoid writing directly to stderr
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 47/47] libsemanage/tests: misc cleanup
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 40/47] libsemanage: drop duplicate newlines and error descriptions in error messages
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 43/47] libsemanage: optimize policy by default
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 46/47] libsemanage: respect shell paths with /usr prefix
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 45/47] libsemanage: skip sort of empty arrays
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 44/47] libsemanage/man: add documentation for command overrides
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 42/47] libsemanage: simplify file deletion
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 41/47] libsemanage: check closing written files
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 34/47] libsemanage: drop macros used once
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 35/47] libsemanage: handle shell allocation failure
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 32/47] libsemanage: use asprintf(3) to simplify code
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 38/47] libsemanage: avoid strerror(3)
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 27/47] libsemanage: constify function pointer structures
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 36/47] libsemanage: drop dead code
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 28/47] libsemanage: simplify loop exit
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 33/47] libsemanage: use size_t for hash input sizes
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 37/47] libsemanage: preserve errno during internal logging
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 29/47] libsemanage: constify read only parameters and variables
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 30/47] libsemanage: avoid misc function pointer casts
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 26/47] libsemanage: more strict value parsing
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 31/47] libsemanage: adjust sizes to avoid implicit truncations
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 23/47] libsemanage: simplify malloc plus strcpy via strndup
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 22/47] libsemanage: free ibdev names in semanage_ibendport_validate_local()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 25/47] libsemanage: introduce write_full wrapper
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 24/47] libsemanage: check for path formatting failures
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 21/47] libsemanage: handle cil_set_handle_unknown() failure
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 18/47] libsemanage: fix asprintf error branch
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 16/47] libsemanage: cast to unsigned char for character checking functions
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 14/47] libsemanage: declare file local function tables static
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 20/47] libsemanage: use strtok_r for thread safety
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 17/47] libsemanage: drop casts to same type
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 19/47] libsemanage: avoid leak on realloc failure
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 15/47] libsemanage: avoid const dropping casts
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 12/47] libsemanage: use unlink on non directory
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 13/47] libsemanage: free resources on failed connect attempt
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 11/47] libsemanage: check memory allocations
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 10/47] libsemanage: set O_CLOEXEC flag for file descriptors
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 07/47] libsemanage: drop unnecessary return statements
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 01/47] libsemanage: white space cleanup
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 08/47] libsemanage: drop duplicate include
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 09/47] libsemanage: drop const from function declaration
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 06/47] libsemanage: drop unnecessary declarations
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 03/47] libsemanage: drop unused macro
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 04/47] libsemanage: drop dead assignments
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 05/47] libsemanage: drop dead variable
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 02/47] libsemanage: fix typo
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH 2/2] libselinux: avoid dynamic allocation in openattr()
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
[PATCH v5 6/6] libsepol/tests: add cond xperm neverallow tests
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v5 4/6] libsepol/cil: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v5 1/6] libsepol: misc assertion cleanup
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v5 3/6] checkpolicy: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v5 2/6] libsepol: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v5 5/6] libsepol: indent printed allow rule on assertion failure
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH] libsemanage: open lock_file with O_RDWR
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH 2/2] libselinux: avoid dynamic allocation in openattr()
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] checkpolicy: avoid leak of identifier on required attribute
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] checkpolicy: avoid memory leaks on redeclarations
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
Re: [PATCH] selinux,xfrm: fix dangling refcount on deferred skb free
- From: Eric Dumazet <edumazet@xxxxxxxxxx>
[PATCH] selinux,xfrm: fix dangling refcount on deferred skb free
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
[PATCH testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
RFC: Adding a dyntrans in systemd pid1's forking
- From: Chris PeBenito <chpebeni@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH v4 2/6] libsepol: add support for xperms in conditional policies
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH] checkpolicy: avoid leak of identifier on required attribute
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: [PATCH next] lsm: Fix signedness bug in selinux_secid_to_secctx()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] checkpolicy: avoid memory leaks on redeclarations
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 1/2] libselinux: make use of calloc(3)
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 2/2] libselinux: avoid dynamic allocation in openattr()
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 6/9] libselinux: rework selabel_file(5) database
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 8/9] libselinux: add selabel_file(5) fuzzer
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 1/9] policycoreutils: introduce unsetfiles
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 9/9] libselinux: support parallel selabel_lookup(3)
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 7/9] libselinux: remove unused hashtab code
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 5/9] libselinux: sidtab updates
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 4/9] libselinux: add unique id to sidtab entries
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 2/9] libselinux/utils: introduce selabel_compare
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 3/9] libselinux: use more appropriate types in sidtab
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 0/9] libselinux: rework selabel_file(5) database
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v4 5/6] libsepol: indent printed allow rule on assertion failure
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v4 2/6] libsepol: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v4 4/6] libsepol/cil: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v4 3/6] checkpolicy: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v4 1/6] libsepol: misc assertion cleanup
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v4 6/6] libsepol/tests: add cond xperm neverallow tests
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 2/3] libsemanage: Optionally allow duplicate declarations
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 3/3] libsepol: Remove special handling of roles in module_to_cil.c
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 1/3] libsepol/cil: Optionally allow duplicate role declarations
- From: James Carter <jwcart2@xxxxxxxxx>
[syzbot] [selinux?] INFO: rcu detected stall in rw_verify_area (3)
- From: syzbot <syzbot+fc43743888db044f8f70@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH next] lsm: Fix signedness bug in selinux_secid_to_secctx()
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH next] lsm: Fix signedness bug in selinux_secid_to_secctx()
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Setrans ambiguous translations
- From: "Sloane, Brandon" <bsloane@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] selinux: add netlink nlmsg_type audit message
- From: Thiébaud Weksteen <tweek@xxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v3 4/5] LSM: lsm_context in security_dentry_init_security
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v3 3/5] LSM: Use lsm_context in security_inode_getsecctx
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v3 5/5] LSM: secctx provider check on release
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v3 1/5] LSM: Ensure the correct LSM context releaser
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2] selinux: add support for xperms in conditional policies
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] selinux: add netlink nlmsg_type audit message
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read()
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 1/2] libselinux/setexecfilecon: Remove useless rc check
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libsepol: Support nlmsg xperms in assertions
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v2 1/4] libsepol/cil: Initialize avtab_datum on declaration
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] checkpolicy/fuzz: fix setjmp condition
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 1/4] libselinux: avoid errno modification by fclose(3)
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 1/2] libselinux: fix swig bindings for 4.3.0
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libselinux: formally deprecate security_compute_user()
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 1/2] libselinux/setexecfilecon: Remove useless rc check
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read()
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Re: [PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies
- From: James Carter <jwcart2@xxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read()
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
[PATCH 1/2] libselinux/setexecfilecon: Remove useless rc check
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
[PATCH 2/2] libselinux/matchpathcon: RESOURCE_LEAK: Variable "con"
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
[PATCH v3 4/6] libsepol/cil: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 3/6] checkpolicy: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[PATCH v3 6/6] libsepol/tests: add cond xperm neverallow tests
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 5/6] libsepol: indent printed allow rule on assertion failure
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 2/6] libsepol: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v3 1/6] libsepol: misc assertion cleanup
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 3/3] all: coding style fixes
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH 1/3] check-syntax: update arguments for astyle v3.2 (possibly earlier)
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH 2/3] check-syntax: ignore "bad" astyle versions
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v2 2/4] libsepol: add support for xperms in conditional policies
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Re: [PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH v2 2/4] libsepol: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 3/4] checkpolicy: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 1/4] libsepol: misc assertion cleanup
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 4/4] libsepol/cil: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 2/2] restorecond: Set GLib IO channels to nonblocking
- From: Fabian Vogt <fvogt@xxxxxxx>
[PATCH 1/2] restorecond: Set GLib IO channels to binary mode
- From: Fabian Vogt <fvogt@xxxxxxx>
[PATCH 0/2] restorecond: GLib IO channel fixes
- From: Fabian Vogt <fvogt@xxxxxxx>
[PATCH v3 5/5] LSM: secctx provider check on release
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v3 4/5] LSM: lsm_context in security_dentry_init_security
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v3 3/5] LSM: Use lsm_context in security_inode_getsecctx
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v3 2/5] LSM: Replace context+len with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v3 1/5] LSM: Ensure the correct LSM context releaser
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v3 0/5] LSM: Replace secctx/len pairs with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH 1/3] libsepol: add support for xperms in conditional policies
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH v2 1/4] libsepol/cil: Initialize avtab_datum on declaration
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] libsepol: Support nlmsg xperms in assertions
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 3/3] libsepol/cil: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 2/3] checkpolicy: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 1/3] libsepol: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2] selinux: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH] selinux: add support for xperms in conditional policies
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH v2 1/4] libsepol/cil: Initialize avtab_datum on declaration
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
[PATCH v2 3/4] libsepol/cil/cil_post: Initialize tmp on declaration
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
[PATCH v2 4/4] libsepol: Initialize "strs" on declaration
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
[PATCH v2 2/4] libsepol/mls: Do not destroy context on memory error
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
Re: testsuite astyle options no longer supported
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
Re: testsuite astyle options no longer supported
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] selinux: add netlink nlmsg_type audit message
- From: "Thiébaud Weksteen" <tweek@xxxxxxxxxx>
Re: [PATCH 4/4] libsepol: Initialize "strs" on declaration
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 3/4] libsepol/cil/cil_post: Initialize tmp on declaration
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 2/4] libsepol/mls: Do not destroy context on memory error
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH 1/4] libsepol/cil: Initialize avtab_datum on declaration
- From: James Carter <jwcart2@xxxxxxxxx>
testsuite astyle options no longer supported
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH v2 4/6] LSM: lsm_context in security_dentry_init_security
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v2 4/6] LSM: lsm_context in security_dentry_init_security
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2 5/6] LSM: secctx provider check on release
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2 1/6] LSM: Ensure the correct LSM context releaser
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH 4/4] libsepol: Initialize "strs" on declaration
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
[PATCH 3/4] libsepol/cil/cil_post: Initialize tmp on declaration
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
[PATCH 2/4] libsepol/mls: Do not destroy context on memory error
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
[PATCH 1/4] libsepol/cil: Initialize avtab_datum on declaration
- From: Vit Mojzis <vmojzis@xxxxxxxxxx>
Re: [PATCH v2 4/6] LSM: lsm_context in security_dentry_init_security
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v2 5/6] LSM: secctx provider check on release
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v2 1/6] LSM: Ensure the correct LSM context releaser
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v2 4/6] LSM: lsm_context in security_dentry_init_security
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2 5/6] LSM: secctx provider check on release
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2 1/6] LSM: Ensure the correct LSM context releaser
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] libsepol: Support nlmsg xperms in assertions
- From: "Thiébaud Weksteen" <tweek@xxxxxxxxxx>
Re: [PATCH 1/4] libselinux: avoid errno modification by fclose(3)
- From: James Carter <jwcart2@xxxxxxxxx>
Re: [PATCH] checkpolicy/fuzz: fix setjmp condition
- From: James Carter <jwcart2@xxxxxxxxx>
Re: selinux_set_callback for policy load not triggering
- From: Matthew Sheets <masheets@xxxxxxxxxxxxxxxxxxx>
Re: [RFC PATCH 1/3] newrole: constant time password comparison
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
[PATCH] checkpolicy/fuzz: fix setjmp condition
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 4/4] selinux: set missing errno in failure branch
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 3/4] libsemanage: check for rewind(3) failure
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 1/4] libselinux: avoid errno modification by fclose(3)
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
[PATCH 2/4] selinux: free memory in error branch
- From: Christian Göttsche <cgoettsche@xxxxxxxxxxxxx>
Re: selinux_set_callback for policy load not triggering
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: selinux_set_callback for policy load not triggering
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
selinux_set_callback for policy load not triggering
- From: Matthew Sheets <masheets@xxxxxxxxxxxxxxxxxxx>
Re: [PATCH 1/2] libselinux: fix swig bindings for 4.3.0
- From: James Carter <jwcart2@xxxxxxxxx>
[PATCH 2/2] libsemanage: fix swig bindings for 4.3.0
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
[PATCH 1/2] libselinux: fix swig bindings for 4.3.0
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Re: [PATCH] libselinux: formally deprecate security_compute_user()
- From: Petr Lautrbach <lautrbach@xxxxxxxxxx>
Re: [PATCH v2 1/6] LSM: Ensure the correct LSM context releaser
- From: sergeh@xxxxxxxxxx
Re: [PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context
- From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
Re: [PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context
- From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
[PATCH v2 6/6] LSM: Use lsm_context in security_inode_notifysecctx
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v2 5/6] LSM: secctx provider check on release
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v2 4/6] LSM: lsm_context in security_dentry_init_security
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v2 2/6] LSM: Replace context+len with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v2 1/6] LSM: Ensure the correct LSM context releaser
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v2 3/6] LSM: Use lsm_context in security_inode_getsecctx
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v2 0/6] LSM: Replace secctx/len pairs with lsm_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: [PATCH v4 1/13] LSM: Add the lsm_prop data structure.
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH v4 01/13] LSM: Add the lsm_prop data structure.
- From: John Johansen <john.johansen@xxxxxxxxxxxxx>
Re: [PATCH v4 5/13] LSM: Use lsm_prop in security_ipc_getsecid
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v4 4/13] Audit: maintain an lsm_prop in audit_context
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v4 1/13] LSM: Add the lsm_prop data structure.
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[PATCH v4 05/13] LSM: Use lsm_prop in security_ipc_getsecid
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 02/13] LSM: Use lsm_prop in security_audit_rule_match
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 01/13] LSM: Add the lsm_prop data structure.
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 03/13] LSM: Add lsmprop_to_secctx hook
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 00/13] LSM: Move away from secids
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 13/13] LSM: Remove lsm_prop scaffolding
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 12/13] Use lsm_prop for audit data
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 10/13] LSM: Create new security_cred_getlsmprop LSM hook
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 11/13] Audit: Change context data from secid to lsm_prop
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 09/13] Audit: use an lsm_prop in audit_names
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 08/13] LSM: Use lsm_prop in security_inode_getsecid
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 07/13] LSM: Use lsm_prop in security_current_getsecid
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 06/13] Audit: Update shutdown LSM data
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
[PATCH v4 04/13] Audit: maintain an lsm_prop in audit_context
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH testsuite] policy,tests: add tests for netlink xperms
- From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
Re: [PATCH testsuite] policy,tests: add tests for netlink xperms
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH testsuite] policy,tests: add tests for netlink xperms
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH v2] selinux: Deprecate /sys/fs/selinux/user
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v2] selinux: Deprecate /sys/fs/selinux/user
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH 1/2] selinux: streamline selinux_nlmsg_lookup()
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH 2/2] selinux: apply clang format to security/selinux/nlmsgtab.c
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH v3] selinux: Add netlink xperm support
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[PATCH v9 7/7] drm: Replace strcpy() with strscpy()
- From: Yafang Shao <laoar.shao@xxxxxxxxx>
[PATCH v9 6/7] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul}
- From: Yafang Shao <laoar.shao@xxxxxxxxx>
[PATCH v9 5/7] mm/util: Fix possible race condition in kstrdup()
- From: Yafang Shao <laoar.shao@xxxxxxxxx>
[PATCH v9 4/7] bpftool: Ensure task comm is always NUL-terminated
- From: Yafang Shao <laoar.shao@xxxxxxxxx>
[PATCH v9 3/7] security: Replace memcpy() with get_task_comm()
- From: Yafang Shao <laoar.shao@xxxxxxxxx>
[PATCH v9 2/7] auditsc: Replace memcpy() with strscpy()
- From: Yafang Shao <laoar.shao@xxxxxxxxx>
[PATCH v9 1/7] Get rid of __get_task_comm()
- From: Yafang Shao <laoar.shao@xxxxxxxxx>
[PATCH v9 0/7] Improve the copy of task comm
- From: Yafang Shao <laoar.shao@xxxxxxxxx>
[PATCH v2] selinux: Deprecate /sys/fs/selinux/user
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH] selinux: Deprecate /sys/fs/selinux/user
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH] selinux: Deprecate /sys/fs/selinux/user
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH] libselinux: formally deprecate security_compute_user()
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
[PATCH] selinux: Deprecate /sys/fs/selinux/user
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH v2 2/8] file2alias: fix uuid_t definitions for macos
- From: Andy Shevchenko <andy.shevchenko@xxxxxxxxx>
Re: [PATCH v2 1/2] selinux: do not include <linux/*.h> headers from host programs
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: SELinux namespaces re-base
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
Re: [PATCH v7 5/8] mm/util: Fix possible race condition in kstrdup()
- From: Alejandro Colomar <alx@xxxxxxxxxx>
Re: [PATCH v7 5/8] mm/util: Fix possible race condition in kstrdup()
- From: Alejandro Colomar <alx@xxxxxxxxxx>
Re: [PATCH v7 5/8] mm/util: Fix possible race condition in kstrdup()
- From: Kees Cook <kees@xxxxxxxxxx>
Re: [PATCH v7 5/8] mm/util: Fix possible race condition in kstrdup()
- From: Kees Cook <kees@xxxxxxxxxx>
[PATCH v5.15-v6.1] selinux,smack: don't bypass permissions check in inode_setsecctx hook
- From: Shivani Agarwal <shivani.agarwal@xxxxxxxxxxxx>
[PATCH v5.10] selinux,smack: don't bypass permissions check in inode_setsecctx hook
- From: Shivani Agarwal <shivani.agarwal@xxxxxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: [PATCH v7 5/8] mm/util: Fix possible race condition in kstrdup()
- From: Yafang Shao <laoar.shao@xxxxxxxxx>
Re: [PATCH 1/2] selinux: streamline selinux_nlmsg_lookup()
- From: Thiébaud Weksteen <tweek@xxxxxxxxxx>
Re: [PATCH v7 5/8] mm/util: Fix possible race condition in kstrdup()
- From: Andy Shevchenko <andy.shevchenko@xxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Re: SELinux namespaces re-base
- From: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>

[Index of Archives] [Selinux Refpolicy] [Fedora Users] [Linux Kernel Development]