Security Enhanced Linux (SELINUX)
[Prev Page][Next Page]
- [PATCH testsuite 06/24] test_policy.if: remove weird rule from testsuite_domain_type_minimal(), (continued)
- [PATCH testsuite 06/24] test_policy.if: remove weird rule from testsuite_domain_type_minimal(), Ondrej Mosnacek
- [PATCH testsuite 07/24] policy: move unconfined_t-related dontaudit rule to where it fits better, Ondrej Mosnacek
- [PATCH testsuite 09/24] policy: move miscfiles_domain_entry_test_files() to general policy, Ondrej Mosnacek
- [PATCH testsuite 08/24] policy: move userdom_sysadm_entry_spec_domtrans_to() to general policy, Ondrej Mosnacek
- [PATCH testsuite 11/24] test_general.te: move sysadm-related rules into an optional block, Ondrej Mosnacek
- [PATCH testsuite 12/24] test_filesystem.te: remove redundant dontaudit rules, Ondrej Mosnacek
- [PATCH testsuite 13/24] test_filesystem.te: remove suspicious rules, Ondrej Mosnacek
- [PATCH testsuite 14/24] tests/nnp_nosuid: avoid hardcoding unconfined_t in the policy, Ondrej Mosnacek
- [PATCH testsuite 10/24] policy: substitute userdom_sysadm_entry_spec_domtrans_to(), Ondrej Mosnacek
- [PATCH testsuite 15/24] tests/*filesystem: remove weird uses of unconfined_t, Ondrej Mosnacek
- [PATCH testsuite 17/24] test_general.te: generalize the dontaudit rule, Ondrej Mosnacek
- [PATCH testsuite 18/24] policy: don't audit testsuite programs searching the caller's keys, Ondrej Mosnacek
- [PATCH testsuite 16/24] policy: remove last hardcoded references to unconfined_t, Ondrej Mosnacek
- [PATCH testsuite 19/24] ci: check for unconfined_t AVCs, Ondrej Mosnacek
- [PATCH testsuite 22/24] policy: give sysadm_t perms needed to run quotacheck(8), Ondrej Mosnacek
- [PATCH testsuite 23/24] tests/vsock_socket: use modprobe to check vsock availability, Ondrej Mosnacek
- [PATCH testsuite 24/24] ci: add sysadm_t to the test matrix, Ondrej Mosnacek
- [PATCH testsuite 21/24] tests/overlay: don't hard-code SELinux user of the caller, Ondrej Mosnacek
- [PATCH testsuite 20/24] tests/binder: check only the type part of the context, Ondrej Mosnacek
- Re: [PATCH testsuite 00/24] Clean up testsuite policy and support running as sysadm_t, Ondrej Mosnacek
- [PATCH v3 0/4] Introduce security_create_user_ns(),
Frederick Lawler
- [PATCH v2 1/5] libsepol: rename validate_policydb to policydb_validate,
Christian Göttsche
- [PATCH v3 1/8] libsepol: refactor ebitmap conversion in link.c,
Christian Göttsche
- [PATCH v2 1/7] libsepol/tests: add ebitmap tests,
Christian Göttsche
- [PATCH] tests/sctp: remove assumptions in the SCTP tests,
Paul Moore
- [PATCH testsuite] tests/module_load: detect the linker to use for module build,
Ondrej Mosnacek
- [PATCH 1/5] libsepol: rename validate_policydb to policydb_validate,
Christian Göttsche
- [PATCH 1/3] libsepol: break circular include,
Christian Göttsche
- [PATCH 1/7] libsepol/tests: add ebitmap tests,
Christian Göttsche
- [RFC PATCH RESEND] userfaultfd: open userfaultfds with O_RDONLY,
Ondrej Mosnacek
- [PATCH v2 0/4] Introduce security_create_user_ns(),
Frederick Lawler
- Re: [PATCH v2 0/4] Introduce security_create_user_ns(), Christian Göttsche
[PATCH] libselinux: set errno to EBADF on O_PATH emulation failure,
Christian Göttsche
What is "fscon" statement in a base policy?,
Nicolas Iooss
[PATCH] libsepol: do not modify policy during write,
Christian Göttsche
[syzbot] KASAN: use-after-free Read in selinux_socket_recvmsg,
syzbot
[PATCH] libsepol/utils: improve wording,
Christian Göttsche
[PATCH userspace 1/1] CircleCI: do not add Debian-specific parameter when invoking setup.py,
Nicolas Iooss
[PATCH userspace 1/1] libsepol: initialize s in constraint_expr_eval_reason,
Nicolas Iooss
[PATCH testsuite 0/2] Make the keys test pass in FIPS mode,
Ondrej Mosnacek
[PATCH v37 00/33] LSM: Module stacking for AppArmor,
Casey Schaufler
- [PATCH v37 01/33] integrity: disassociate ima_filter_rule from security_audit_rule, Casey Schaufler
- [PATCH v37 02/33] LSM: Infrastructure management of the sock security, Casey Schaufler
- [PATCH v37 05/33] IMA: avoid label collisions with stacked LSMs, Casey Schaufler
- [PATCH v37 04/33] LSM: provide lsm name and id slot mappings, Casey Schaufler
- [PATCH v37 03/33] LSM: Add the lsmblob data structure., Casey Schaufler
- [PATCH v37 06/33] LSM: Use lsmblob in security_audit_rule_match, Casey Schaufler
- [PATCH v37 07/33] LSM: Use lsmblob in security_kernel_act_as, Casey Schaufler
- [PATCH v37 08/33] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
- [PATCH v37 09/33] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
- [PATCH v37 10/33] LSM: Use lsmblob in security_ipc_getsecid, Casey Schaufler
- [PATCH v37 11/33] LSM: Use lsmblob in security_current_getsecid, Casey Schaufler
- [PATCH v37 12/33] LSM: Use lsmblob in security_inode_getsecid, Casey Schaufler
- [PATCH v37 13/33] LSM: Use lsmblob in security_cred_getsecid, Casey Schaufler
- [PATCH v37 14/33] LSM: Specify which LSM to display, Casey Schaufler
- [PATCH v37 15/33] LSM: Ensure the correct LSM context releaser, Casey Schaufler
- [PATCH v37 16/33] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
- [PATCH v37 17/33] LSM: Use lsmcontext in security_inode_getsecctx, Casey Schaufler
- [PATCH v37 20/33] NET: Store LSM netlabel data in a lsmblob, Casey Schaufler
- [PATCH v37 18/33] LSM: Use lsmcontext in security_dentry_init_security, Casey Schaufler
- [PATCH v37 19/33] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
- [PATCH v37 22/33] LSM: security_secid_to_secctx module selection, Casey Schaufler
- [PATCH v37 23/33] Audit: Keep multiple LSM data in audit_names, Casey Schaufler
- [PATCH v37 21/33] binder: Pass LSM identifier for confirmation, Casey Schaufler
- [PATCH v37 24/33] Audit: Create audit_stamp structure, Casey Schaufler
- [PATCH v37 25/33] LSM: Add a function to report multiple LSMs, Casey Schaufler
- [PATCH v37 26/33] Audit: Allow multiple records in an audit_buffer, Casey Schaufler
- [PATCH v37 29/33] Audit: Add record for multiple object contexts, Casey Schaufler
- [PATCH v37 27/33] Audit: Add record for multiple task security contexts, Casey Schaufler
- [PATCH v37 28/33] audit: multiple subject lsm values for netlabel, Casey Schaufler
- [PATCH v37 31/33] LSM: Removed scaffolding function lsmcontext_init, Casey Schaufler
- [PATCH v37 30/33] netlabel: Use a struct lsmblob in audit data, Casey Schaufler
- [PATCH v37 32/33] LSM: Add /proc attr entry for full LSM context, Casey Schaufler
- [PATCH v37 33/33] AppArmor: Remove the exclusive flag, Casey Schaufler
- Re: [PATCH v37 00/33] LSM: Module stacking for AppArmor, John Johansen
[PATCH] gettext: handle unsupported languages properly,
Vit Mojzis
[PATCH -next] selinux: Cleanup the enum SEL_COMPAT_NET,
Xiu Jianfeng
[PATCH RESEND -next] selinux: Let the caller free the momory in *mnt_opts on error,
Xiu Jianfeng
[GIT PULL] SELinux fixes for v5.19 (#1),
Paul Moore
PHP-FPM restriction bug, Father Vlasie
[RFC PATCH 1/4] libsepol: refactor ebitmap conversion in link.c,
Christian Göttsche
[PATCH -next] selinux: Let the caller free the momory in *mnt_opts on error,
Xiu Jianfeng
[PATCH] python: remove IOError in certain cases,
Elijah Conners
hack, Mikhail
[PATCH] selinux: free contexts previously transferred in selinux_add_opt(),
Christian Göttsche
[PATCH -next] selinux: Fix memleak in security_read_policy,
Xiu Jianfeng
[PATCH 1/4] support Dash as default shell,
Christian Göttsche
[PATCH -next] selinux: Add boundary check in put_entry(),
Xiu Jianfeng
[PATCH -next] selinux: Fix memleak in security_read_state_kernel,
Xiu Jianfeng
[PATCH -next] selinux: Fix potential memory leak in selinux_add_opt,
Xiu Jianfeng
[PATCH] checkpolicy: error out if required permission would exceed limit,
Christian Göttsche
[PATCH] libsepol: avoid potential NULL dereference on optional parameter,
Christian Göttsche
[PATCH v36 00/33] LSM: Module stacking for AppArmor,
Casey Schaufler
- [PATCH v36 01/33] integrity: disassociate ima_filter_rule from security_audit_rule, Casey Schaufler
- [PATCH v36 02/33] LSM: Infrastructure management of the sock security, Casey Schaufler
- [PATCH v36 04/33] LSM: provide lsm name and id slot mappings, Casey Schaufler
- [PATCH v36 03/33] LSM: Add the lsmblob data structure., Casey Schaufler
- [PATCH v36 05/33] IMA: avoid label collisions with stacked LSMs, Casey Schaufler
- [PATCH v36 06/33] LSM: Use lsmblob in security_audit_rule_match, Casey Schaufler
- [PATCH v36 08/33] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
- [PATCH v36 07/33] LSM: Use lsmblob in security_kernel_act_as, Casey Schaufler
- [PATCH v36 09/33] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
- [PATCH v36 11/33] LSM: Use lsmblob in security_current_getsecid, Casey Schaufler
- [PATCH v36 10/33] LSM: Use lsmblob in security_ipc_getsecid, Casey Schaufler
- [PATCH v36 12/33] LSM: Use lsmblob in security_inode_getsecid, Casey Schaufler
- [PATCH v36 13/33] LSM: Use lsmblob in security_cred_getsecid, Casey Schaufler
- [PATCH v36 14/33] LSM: Specify which LSM to display, Casey Schaufler
- [PATCH v36 15/33] LSM: Ensure the correct LSM context releaser, Casey Schaufler
- [PATCH v36 17/33] LSM: Use lsmcontext in security_inode_getsecctx, Casey Schaufler
- [PATCH v36 16/33] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
- [PATCH v36 18/33] LSM: Use lsmcontext in security_dentry_init_security, Casey Schaufler
- [PATCH v36 19/33] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
- [PATCH v36 20/33] NET: Store LSM netlabel data in a lsmblob, Casey Schaufler
- [PATCH v36 22/33] LSM: Extend security_secid_to_secctx to include module selection, Casey Schaufler
- [PATCH v36 23/33] Audit: Keep multiple LSM data in audit_names, Casey Schaufler
- [PATCH v36 21/33] binder: Pass LSM identifier for confirmation, Casey Schaufler
- [PATCH v36 24/33] Audit: Create audit_stamp structure, Casey Schaufler
- [PATCH v36 25/33] LSM: Add a function to report multiple LSMs, Casey Schaufler
- [PATCH v36 26/33] Audit: Allow multiple records in an audit_buffer, Casey Schaufler
- [PATCH v36 27/33] Audit: Add record for multiple task security contexts, Casey Schaufler
- [PATCH v36 29/33] Audit: Add record for multiple object contexts, Casey Schaufler
- [PATCH v36 28/33] audit: multiple subject lsm values for netlabel, Casey Schaufler
- [PATCH v36 31/33] LSM: Removed scaffolding function lsmcontext_init, Casey Schaufler
- [PATCH v36 30/33] netlabel: Use a struct lsmblob in audit data, Casey Schaufler
- [PATCH v36 32/33] LSM: Add /proc attr entry for full LSM context, Casey Schaufler
- [PATCH v36 33/33] AppArmor: Remove the exclusive flag, Casey Schaufler
[PATCH] selinux: fix typos in comments,
Jonas Lindner
[PATCH userspace 0/2] Refine semantics of libsemanage's check_ext_changes,
Ondrej Mosnacek
[PATCH v3] cred: Propagate security_prepare_creds() error code,
Frederick Lawler
why arent we checking MS_BIND?, Dominick Grift
[RFC PATCH 1/3] libsepol: export initial SIDs,
Christian Göttsche
[RFC PATCH] f*xattr: allow O_PATH descriptors,
Christian Göttsche
[PATCH] libsepol: fix validation of user declarations in modules,
Christian Göttsche
[PATCH] libsepol: Drop unused assignment,
Petr Lautrbach
[PATCH testsuite] tests/sctp: temporarily disable ASCONF tests,
Ondrej Mosnacek
Bug in SELinux SCTP ASCONF handling,
Ondrej Mosnacek
[PATCH] Revert "libselinux: restorecon: pin file to avoid TOCTOU issues",
Petr Lautrbach
[PATCH] python: Split "semanage import" into two transactions,
Vit Mojzis
[PATCH 1/1] libselinux: do not return the cached prev_current value when using getpidcon(),
Nicolas Iooss
[PATCH v2] cred: Propagate security_prepare_creds() error code,
Frederick Lawler
[GIT PULL] SELinux patches for v5.19,
Paul Moore
[SELinux-notebook PATCH] network_support.md: clarify local port range and name_bind,
Dominick Grift
[PATCH] cred: Propagate security_prepare_creds() error code,
Frederick Lawler
ANN: Reference Policy 2.20220520, Chris PeBenito
[PATCH] semodule: avoid toctou on output module,
Christian Göttsche
[PATCH] libselinux: declare return value of context_str(3) const,
Christian Göttsche
[PATCH 1/4] libselinux: add man page redirections,
Christian Göttsche
[PATCH] Makefile: always include and link with DESTDIR,
Christian Göttsche
[PATCH] python/audit2allow: close file stream on error,
Christian Göttsche
ANN: SELinux userspace 3.4 release, Petr Lautrbach
[GIT PULL] SELinux fixes for v5.18 (#1),
Paul Moore
[ANNOUNCE][CFP] Linux Security Summit Europe 2022, Reshetova, Elena
[PATCH] selinux: add __randomize_layout to selinux_audit_data,
GONG, Ruiqi
[PATCH 1/2] libselinux: restorecon: add fallback for pre 3.6 Linux,
Christian Göttsche
[PATCH] ci: declare git repository a safe directory,
Christian Göttsche
[PATCH] selinux: fix bad cleanup on error in hashtab_duplicate(),
Ondrej Mosnacek
[PATCH userspace v4 0/2] Support the 'self' keyword in type transitions,
Ondrej Mosnacek
[PATCH] libselinux: preserve errno in selinux_log(),
Christian Göttsche
[RFC PATCH 1/4] libselinux: simplify policy path logic to avoid uninitialized read,
Christian Göttsche
[PATCH] libselinux: free memory in error branch,
Christian Göttsche
[PATCH userspace v3 0/2] Support the 'self' keyword in type transitions,
Ondrej Mosnacek
[PATCH] gettext: set _ on module level instead of builtins namespace,
Vit Mojzis
[PATCH] libselinux/utils: print errno on failure,
Christian Göttsche
[PATCH] libselinux: update man page of setfilecon(3) family about context parameter,
Christian Göttsche
[RFC PATCH] libselinux: emulate O_PATH support in fgetfilecon/fsetfilecon,
Christian Göttsche
ANN: SELinux userspace 3.4-rc3 release candidate,
Petr Lautrbach
[PATCH 00/32] Introduce flexible array struct memcpy() helpers,
Kees Cook
- [PATCH 01/32] netlink: Avoid memcpy() across flexible array boundary, Kees Cook
- [PATCH 02/32] Introduce flexible array struct memcpy() helpers, Kees Cook
- [PATCH 07/32] iwlwifi: calib: Use mem_to_flex_dup() with struct iwl_calib_result, Kees Cook
- [PATCH 05/32] brcmfmac: Use mem_to_flex_dup() with struct brcmf_fweh_queue_item, Kees Cook
- [PATCH 23/32] Bluetooth: Use mem_to_flex_dup() with struct hci_op_configure_data_path, Kees Cook
- [PATCH 12/32] cfg80211: Use mem_to_flex_dup() with struct cfg80211_bss_ies, Kees Cook
- [PATCH 06/32] iwlwifi: calib: Prepare to use mem_to_flex_dup(), Kees Cook
- [PATCH 11/32] nl80211: Use mem_to_flex_dup() with struct cfg80211_cqm_config, Kees Cook
- [PATCH 08/32] iwlwifi: mvm: Use mem_to_flex_dup() with struct ieee80211_key_conf, Kees Cook
- [PATCH 10/32] wcn36xx: Use mem_to_flex_dup() with struct wcn36xx_hal_ind_msg, Kees Cook
- [PATCH 26/32] ima: Use mem_to_flex_dup() with struct modsig, Kees Cook
- [PATCH 04/32] fortify: Add run-time WARN for cross-field memcpy(), Kees Cook
- [PATCH 03/32] flex_array: Add Kunit tests, Kees Cook
- [PATCH 16/32] 802/mrp: Use mem_to_flex_dup() with struct mrp_attr, Kees Cook
- [PATCH 14/32] af_unix: Use mem_to_flex_dup() with struct unix_address, Kees Cook
- [PATCH 21/32] soc: qcom: apr: Use mem_to_flex_dup() with struct apr_rx_buf, Kees Cook
- [PATCH 19/32] afs: Use mem_to_flex_dup() with struct afs_acl, Kees Cook
- [PATCH 25/32] Drivers: hv: utils: Use mem_to_flex_dup() with struct cn_msg, Kees Cook
- [PATCH 29/32] xtensa: Use mem_to_flex_dup() with struct property, Kees Cook
- [PATCH 15/32] 802/garp: Use mem_to_flex_dup() with struct garp_attr, Kees Cook
- [PATCH 18/32] firewire: Use __mem_to_flex_dup() with struct iso_interrupt_event, Kees Cook
- [PATCH 20/32] ASoC: sigmadsp: Use mem_to_flex_dup() with struct sigmadsp_data, Kees Cook
- [PATCH 17/32] net/flow_offload: Use mem_to_flex_dup() with struct flow_action_cookie, Kees Cook
- [PATCH 13/32] mac80211: Use mem_to_flex_dup() with several structs, Kees Cook
- [PATCH 09/32] p54: Use mem_to_flex_dup() with struct p54_cal_database, Kees Cook
- [PATCH 22/32] atags_proc: Use mem_to_flex_dup() with struct buffer, Kees Cook
- [PATCH 27/32] KEYS: Use mem_to_flex_dup() with struct user_key_payload, Kees Cook
- [PATCH 24/32] IB/hfi1: Use mem_to_flex_dup() for struct tid_rb_node, Kees Cook
- [PATCH 28/32] selinux: Use mem_to_flex_dup() with xfrm and sidtab, Kees Cook
- [PATCH 31/32] xenbus: Use mem_to_flex_dup() with struct read_buffer, Kees Cook
- [PATCH 32/32] esas2r: Use __mem_to_flex() with struct atto_ioctl, Kees Cook
- [PATCH 30/32] usb: gadget: f_fs: Use mem_to_flex_dup() with struct ffs_buffer, Kees Cook
- Re: [PATCH 19/32] afs: Use mem_to_flex_dup() with struct afs_acl, David Howells
- Re: [PATCH 00/32] Introduce flexible array struct memcpy() helpers, David Howells
[PATCH] fsnotify: add generic perm check for unlink/rmdir,
Guowei Du
Re: [PATCH] fsnotify: add generic perm check for unlink/rmdir, kernel test robot
Re: [PATCH] fsnotify: add generic perm check for unlink/rmdir, kernel test robot
Re: [PATCH] fsnotify: add generic perm check for unlink/rmdir, kernel test robot
Re: [PATCH] fsnotify: add generic perm check for unlink/rmdir, Paul Moore
[PATCH] gui: Make sure sepolicy calls are translated properly,
Vit Mojzis
[PATCH v2 0/5] selinux_restorecon(3), setfiles(8): skip relabeling errors,
Laszlo Ersek
[PATCH] selinux: include necessary headers in headers,
Christian Göttsche
[PATCH] selinux: avoid extra semicolon,
Christian Göttsche
[PATCH] selinux: fix indentation level of mls_ops block,
Christian Göttsche
[PATCH] selinux: update parameter documentation,
Christian Göttsche
[PATCH] selinux: use unsigned char for boolean values,
Christian Göttsche
[PATCH] selinux: resolve checkpatch errors,
Christian Göttsche
[PATCH v4] firmware_loader: use kernel credentials when reading firmware,
Thiébaud Weksteen
[PATCH] libselinux/utils/getsebool: add options to display en-/disabled booleans,
Christian Göttsche
[PATCH] Update missing sandbox translations,
Petr Lautrbach
[PATCH for-3.5 0/5] selinux_restorecon(3), setfiles(8): skip relabeling errors,
Laszlo Ersek
[PATCH v3] firmware_loader: use kernel credentials when reading firmware,
Thiébaud Weksteen
[PATCH] checkpolicy: mention class name on invalid permission,
Christian Göttsche
[PATCH userspace v2 0/2] Support the 'self' keyword in type transitions,
Ondrej Mosnacek
[PATCH userspace 0/2] Support the 'self' keyword in type transitions,
Ondrej Mosnacek
[PATCH v2] firmware_loader: use kernel credentials when reading firmware,
Thiébaud Weksteen
[Index of Archives]
[Selinux Refpolicy]
[Fedora Users]
[Fedora Desktop]
[Kernel]
[KDE Users]
[Gnome Users]
