Security Enhanced Linux (SELINUX)
[Prev Page][Next Page]
- [PATCH] selinux.8: document how mount flag nosuid affects SELinux,
Topi Miettinen
- [patch] mount.2: document SELinux use of MS_NOSUID mount flag,
Topi Miettinen
- [PATCH] selinux-notebook: describe nosuid and NNP transitions,
Topi Miettinen
- [PATCH -next v2] selinux: Fix kernel-doc,
Yang Li
- Size mismatch between vfs_getxattr_alloc() and vfs_getxattr(),
Roberto Sassu
- [PATCH v27 00/25] LSM: Module stacking for AppArmor,
Casey Schaufler
- [PATCH v27 01/25] LSM: Infrastructure management of the sock security, Casey Schaufler
- [PATCH v27 02/25] LSM: Add the lsmblob data structure., Casey Schaufler
- [PATCH v27 03/25] LSM: provide lsm name and id slot mappings, Casey Schaufler
- [PATCH v27 04/25] IMA: avoid label collisions with stacked LSMs, Casey Schaufler
- [PATCH v27 05/25] LSM: Use lsmblob in security_audit_rule_match, Casey Schaufler
- [PATCH v27 06/25] LSM: Use lsmblob in security_kernel_act_as, Casey Schaufler
- [PATCH v27 07/25] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
- [PATCH v27 08/25] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
- [PATCH v27 09/25] LSM: Use lsmblob in security_ipc_getsecid, Casey Schaufler
- [PATCH v27 10/25] LSM: Use lsmblob in security_task_getsecid, Casey Schaufler
- [PATCH v27 11/25] LSM: Use lsmblob in security_inode_getsecid, Casey Schaufler
- [PATCH v27 12/25] LSM: Use lsmblob in security_cred_getsecid, Casey Schaufler
- [PATCH v27 13/25] IMA: Change internal interfaces to use lsmblobs, Casey Schaufler
- [PATCH v27 14/25] LSM: Specify which LSM to display, Casey Schaufler
- [PATCH v27 15/25] LSM: Ensure the correct LSM context releaser, Casey Schaufler
- [PATCH v27 16/25] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
- [PATCH v27 17/25] LSM: Use lsmcontext in security_inode_getsecctx, Casey Schaufler
- [PATCH v27 18/25] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
- [PATCH v27 19/25] NET: Store LSM netlabel data in a lsmblob, Casey Schaufler
- [PATCH v27 20/25] LSM: Verify LSM display sanity in binder, Casey Schaufler
- [PATCH v27 21/25] audit: add support for non-syscall auxiliary records, Casey Schaufler
- [PATCH v27 22/25] Audit: Add record for multiple process LSM attributes, Casey Schaufler
- [PATCH v27 23/25] Audit: Add record for multiple object LSM attributes, Casey Schaufler
- [PATCH v27 24/25] LSM: Add /proc attr entry for full LSM context, Casey Schaufler
- [PATCH v27 25/25] AppArmor: Remove the exclusive flag, Casey Schaufler
- [PATCH 1/2] selinux: slow_avc_audit has become non-blocking,
Al Viro
- [PATCH -next] selinux: Fix kernel-doc,
Yang Li
- [PATCH] selinux: use __GFP_NOWARN with GFP_NOWAIT,
Minchan Kim
- [PATCH] libsepol: quote paths in CIL conversion,
Christian Göttsche
- [PATCH 00/23] libsepol: miscellaneous cleanup,
Christian Göttsche
- [PATCH 03/23] libsepol: remove unused functions, Christian Göttsche
- [PATCH 10/23] libsepol: mark read-only parameters of ebitmap interfaces const, Christian Göttsche
- [PATCH 13/23] libsepol: assure string NUL-termination, Christian Göttsche
- [PATCH 20/23] libsepol: drop repeated semicolons, Christian Göttsche
- [PATCH 01/23] libsepol: fix typos, Christian Göttsche
- [PATCH 02/23] libsepol: resolve missing prototypes, Christian Göttsche
- [PATCH 05/23] libsepol: avoid implicit conversions, Christian Göttsche
- [PATCH 15/23] libsepol/cil: silence cast warning, Christian Göttsche
- [PATCH 18/23] libsepol/cil: drop unnecessary casts, Christian Göttsche
- [PATCH 17/23] libsepol/cil: drop dead store, Christian Göttsche
- [PATCH 08/23] libsepol/cil: follow declaration-after-statement, Christian Göttsche
- [PATCH 14/23] libsepol: remove dead stores, Christian Göttsche
- [PATCH 04/23] libsepol: ignore UBSAN false-positives, Christian Göttsche
- [PATCH 06/23] libsepol: avoid unsigned integer overflow, Christian Göttsche
- [PATCH 07/23] libsepol: follow declaration-after-statement, Christian Göttsche
- [PATCH 11/23] libsepol: mark read-only parameters of type_set_ interfaces const, Christian Göttsche
- [PATCH 09/23] libsepol: remove dead stores, Christian Göttsche
- [PATCH 12/23] libsepol: do not allocate memory of size 0, Christian Göttsche
- [PATCH 16/23] libsepol/cil: drop extra semicolon, Christian Göttsche
- [PATCH 19/23] libsepol/cil: avoid using maybe uninitialized variables, Christian Göttsche
- [PATCH 21/23] libsepol: drop unnecessary casts, Christian Göttsche
- [PATCH 22/23] libsepol: declare file local variable static, Christian Göttsche
- [PATCH 23/23] libsepol: declare read-only arrays const, Christian Göttsche
- Re: [PATCH 00/23] libsepol: miscellaneous cleanup, James Carter
- [PATCH] libselinux: fix typo,
Christian Göttsche
- SELinux IRC channel moved to Libera, Jason Zaman
- [PATCH] selinux: remove duplicated LABEL_INITIALIZED check routine,
Austin Kim
- [PATCH] libselinux: improve getcon(3) man page,
Christian Göttsche
- [PATCH] libselinux: selinux_status_open: return 1 in fallback mode,
Christian Göttsche
- [pcmoore-selinux:working-io_uring 9/9] security/smack/smack_lsm.c:4702:5: warning: no previous prototype for function 'smack_uring_override_creds',
kernel test robot
- [pcmoore-selinux:working-io_uring 9/9] security/smack/smack_lsm.c:4702:5: warning: no previous prototype for 'smack_uring_override_creds', kernel test robot
- [pcmoore-selinux:working-io_uring 8/9] security/selinux/hooks.c:7146:5: warning: no previous prototype for function 'selinux_uring_override_creds', kernel test robot
- selinux_check_access is not thread-safe,
Seth Moore
- [pcmoore-selinux:working-io_uring 2/9] fs/io_uring.c:6110:3: error: implicit declaration of function 'audit_uring_entry'; did you mean 'audit_syscall_entry'?, kernel test robot
- [pcmoore-selinux:working-io_uring 2/9] fs/io_uring.c:6110:3: error: implicit declaration of function 'audit_uring_entry', kernel test robot
- [RFC PATCH 0/9] Add LSM access controls and auditing to io_uring,
Paul Moore
- [RFC PATCH 1/9] audit: prepare audit_context for use in calling contexts beyond syscalls, Paul Moore
- [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring, Paul Moore
- [RFC PATCH 3/9] audit: dev/test patch to force io_uring auditing, Paul Moore
- [RFC PATCH 4/9] audit: add filtering for io_uring records, Paul Moore
- [RFC PATCH 5/9] fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure(), Paul Moore
- [RFC PATCH 6/9] io_uring: convert io_uring to the secure anon inode interface, Paul Moore
- [RFC PATCH 7/9] lsm,io_uring: add LSM hooks to io_uring, Paul Moore
- [RFC PATCH 8/9] selinux: add support for the io_uring access controls, Paul Moore
- [RFC PATCH 9/9] Smack: Brutalist io_uring support with debug, Paul Moore
- Re: [RFC PATCH 0/9] Add LSM access controls and auditing to io_uring, Tetsuo Handa
- Re: [RFC PATCH 0/9] Add LSM access controls and auditing to io_uring, Jeff Moyer
- [PATCH v2 0/2] vfs/security/NFS/btrfs: clean up and fix LSM option handling,
Ondrej Mosnacek
- [PATCH v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks,
Ondrej Mosnacek
- Relative filename in semanage args ?, Bill Dietrich
- [PATCH v26 00/25] LSM: Module stacking for AppArmor,
Casey Schaufler
- [PATCH v26 01/25] LSM: Infrastructure management of the sock security, Casey Schaufler
- [PATCH v26 02/25] LSM: Add the lsmblob data structure., Casey Schaufler
- [PATCH v26 03/25] LSM: provide lsm name and id slot mappings, Casey Schaufler
- [PATCH v26 04/25] IMA: avoid label collisions with stacked LSMs, Casey Schaufler
- [PATCH v26 05/25] LSM: Use lsmblob in security_audit_rule_match, Casey Schaufler
- [PATCH v26 06/25] LSM: Use lsmblob in security_kernel_act_as, Casey Schaufler
- [PATCH v26 07/25] LSM: Use lsmblob in security_secctx_to_secid, Casey Schaufler
- [PATCH v26 08/25] LSM: Use lsmblob in security_secid_to_secctx, Casey Schaufler
- [PATCH v26 09/25] LSM: Use lsmblob in security_ipc_getsecid, Casey Schaufler
- [PATCH v26 10/25] LSM: Use lsmblob in security_task_getsecid, Casey Schaufler
- [PATCH v26 11/25] LSM: Use lsmblob in security_inode_getsecid, Casey Schaufler
- [PATCH v26 12/25] LSM: Use lsmblob in security_cred_getsecid, Casey Schaufler
- [PATCH v26 13/25] IMA: Change internal interfaces to use lsmblobs, Casey Schaufler
- [PATCH v26 14/25] LSM: Specify which LSM to display, Casey Schaufler
- [PATCH v26 15/25] LSM: Ensure the correct LSM context releaser, Casey Schaufler
- [PATCH v26 16/25] LSM: Use lsmcontext in security_secid_to_secctx, Casey Schaufler
- [PATCH v26 17/25] LSM: Use lsmcontext in security_inode_getsecctx, Casey Schaufler
- [PATCH v26 18/25] LSM: security_secid_to_secctx in netlink netfilter, Casey Schaufler
- [PATCH v26 19/25] NET: Store LSM netlabel data in a lsmblob, Casey Schaufler
- [PATCH v26 20/25] LSM: Verify LSM display sanity in binder, Casey Schaufler
- [PATCH v26 21/25] audit: add support for non-syscall auxiliary records, Casey Schaufler
- [PATCH v26 22/25] Audit: Add new record for multiple process LSM attributes, Casey Schaufler
- [PATCH v26 23/25] Audit: Add a new record for multiple object LSM attributes, Casey Schaufler
- [PATCH v26 24/25] LSM: Add /proc attr entry for full LSM context, Casey Schaufler
- [PATCH v26 25/25] AppArmor: Remove the exclusive flag, Casey Schaufler
- [PATCH 0/6] More secilc-fuzzer problems fixed,
James Carter
- [PATCH v2] lsm_audit,selinux: pass IB device name by reference,
Ondrej Mosnacek
- [PATCH userspace 0/2] Bump testsuite CI image to F34,
Ondrej Mosnacek
- [PATCH 0/5 v2] secilc/cil: Fix name resolution for macro calls,
James Carter
- Re: [PATCH 2/3] libselinux: make selinux_status_open(3) reentrant, Christian Göttsche
- [PATCH 0/3] libselinux: quirks of the status page,
Christian Göttsche
- [PATCH] checkpolicy: fix the leak memory when uses xperms,
liwugang
- [PATCH 1/3] libsepol/cil: Make name resolution in macros work as documented,
James Carter
- [PATCH] selinux: use strlcpy() when copying IB device name,
Ondrej Mosnacek
- [PATCH v2] debugfs: fix security_locked_down() call for SELinux, Ondrej Mosnacek
- Re: [PATCH] vfio: Lock down no-IOMMU mode when kernel is locked down, Ondrej Mosnacek
- [PATCH] serial: core: fix suspicious security_locked_down() call,
Ondrej Mosnacek
- [PATCH] debugfs: fix security_locked_down() call for SELinux,
Ondrej Mosnacek
- [PATCH] lockdown,selinux: fix bogus SELinux lockdown permission checks,
Ondrej Mosnacek
- [PATCH 1/2] libsepol/cil: Fix name resolution involving inherited blocks,
James Carter
- improvement of setfiles man page, clime
- Stable backport request - perf/core: Fix unconditional security_locked_down() call,
Ondrej Mosnacek
- [PATCH v2] libsepol/cil: Check for self-referential loops in sets,
James Carter
- [PATCH 00/25] libselinux: misc compiler and static analyzer findings,
Christian Göttsche
- [PATCH 01/25] libselinux: sidtab_hash(): do not discard const qualifier, Christian Göttsche
- [PATCH 03/25] libselinux: label_common(): do not discard const qualifier, Christian Göttsche
- [PATCH 04/25] libselinux: Sha1Finalise(): do not discard const qualifier, Christian Göttsche
- [PATCH 02/25] libselinux: selinux_file_context_cmp(): do not discard const qualifier, Christian Göttsche
- [PATCH 06/25] libselinux: avcstat: use standard length modifier for unsigned long long, Christian Göttsche
- [PATCH 05/25] libselinux: sefcontext_compile: mark local variable static, Christian Göttsche
- [PATCH 08/25] libselinux: selabel_get_digests_all_partial_matches: free memory after FTS_D block, Christian Göttsche
- [PATCH 07/25] libselinux: selinux_restorecon: mark local variable static, Christian Göttsche
- [PATCH 09/25] libselinux: getconlist: free memory on multiple level arguments, Christian Göttsche
- [PATCH 10/25] libselinux: exclude_non_seclabel_mounts(): drop unused variable, Christian Göttsche
- [PATCH 12/25] libselinux: label_x::init(): drop dead assignment, Christian Göttsche
- [PATCH 14/25] libselinux: setexecfilecon(): drop dead assignment, Christian Göttsche
- [PATCH 15/25] libselinux: getdefaultcon: free memory on multiple same arguments, Christian Göttsche
- [PATCH 11/25] libselinux: context_new(): drop dead assignment, Christian Göttsche
- [PATCH 18/25] libselinux: init_selinux_config(): free resources on error, Christian Göttsche
- [PATCH 17/25] libselinux: matchmediacon(): close file on error, Christian Göttsche
- [PATCH 13/25] libselinux: label_media::init(): drop dead assignment, Christian Göttsche
- [PATCH 16/25] libselinux: store_stem(): do not free possible non-heap object, Christian Göttsche
- [PATCH 19/25] libselinux: label_file::init(): do not pass NULL to strdup, Christian Göttsche
- [PATCH 20/25] libselinux: matchpathcon: free memory on realloc failure, Christian Göttsche
- [PATCH 22/25] libselinux: drop redundant casts to the same type, Christian Göttsche
- [PATCH 23/25] libselinux: sidtab_sid_stats(): unify parameter name, Christian Göttsche
- [PATCH 25/25] libselinux: label_file.c: fix indent, Christian Göttsche
- [PATCH 21/25] libselinux: label_db::db_init(): open file with CLOEXEC mode, Christian Göttsche
- [PATCH 24/25] libselinux: regex: unify parameter names, Christian Göttsche
- Re: [PATCH 00/25] libselinux: misc compiler and static analyzer findings, Petr Lautrbach
- [PATCH] libselinux: selinux_check_passwd_access_internal(): respect deny_unknown,
Christian Göttsche
- [PATCH testsuite] ci: test also on F34 images,
Ondrej Mosnacek
- [PATCH testsuite] tests/lockdown: use /sys/kernel/debug/fault_around_bytes for integrity test,
Ondrej Mosnacek
- [PATCH] libselinux: silence -Wstringop-overflow warning from gcc 10.3.1,
Nicolas Iooss
- [PATCH testsuite] policy: only define anon_inode class if not defined in system policy,
Ondrej Mosnacek
- [PATCH 0/5] Fix bugs identified by the secilc-fuzzer,
James Carter
- [bug report?] other unexpected behaviours in secilc and CIL semantics,
lorenzo ceragioli
- [PATCH] selinux: Remove redundant assignment to rc,
Jiapeng Chong
- [PATCH] libsepol/cil: Properly reset an anonymous classperm set,
James Carter
- [PATCH 2] testsuite: fix cap_userns for kernels >= v5.12,
Paul Moore
- [PATCH v3 0/6] evm: Prepare for moving to the LSM infrastructure,
Roberto Sassu
- [GIT PULL] SELinux patches for v5.13,
Paul Moore
- [PATCH] testsuite: fix cap_userns for kernels >= v5.12,
Paul Moore
- [PATCH v2] selinux: Corrected comment to match kernel-doc comment,
Souptick Joarder
- [PATCH] selinux: Corrected comment to match kernel-doc comment,
Souptick Joarder
- [PATCH] libselinux android: Add keystore2_key label module.,
Jeff Vander Stoep
- [PATCH 1/4] LSM: Infrastructure management of the superblock, Casey Schaufler
- [PATCH] libsepol: use checked arithmetic builtin to perform safe addition,
Nicolas Iooss
- [PATCH] libselinux: do not duplicate make target when going into subdirectory,
Nicolas Iooss
- [PATCH] selinux: add proper NULL termination to the secclass_map permissions,
Paul Moore
- [PATCH 0/3 v3] Create secil2tree to write CIL AST,
James Carter
- [RFC PATCH testsuite] Add extended_anon_inode_class policy capability support, Ondrej Mosnacek
- [RFC PATCH 0/2] selinux,anon_inodes: Use a separate SELinux class for each type of anon inode,
Ondrej Mosnacek
- [PATCH v2 0/6] evm: Prepare for moving to the LSM infrastructure,
Roberto Sassu
- no SELinux common criteria?,
Ted Toth
- [PATCH 0/3 v2] Create secil2tree to write CIL AST,
James Carter
- [PATCH 00/11 v2] Various CIL patches,
James Carter
- [PATCH 01/11 v2] libsepol/cil: Fix out-of-bound read of file context pattern ending with "\", James Carter
- [PATCH 02/11 v2] libsepol/cil: Destroy classperms list when resetting classpermission, James Carter
- [PATCH 03/11 v2] libsepol/cil: Destroy classperm list when resetting map perms, James Carter
- [PATCH 04/11 v2] libsepol/cil: cil_reset_classperms_set() should not reset classpermission, James Carter
- [PATCH 05/11 v2] libsepol/cil: Set class field to NULL when resetting struct cil_classperms, James Carter
- [PATCH 06/11 v2] libsepol/cil: More strict verification of constraint leaf expressions, James Carter
- [PATCH 07/11 v2] libsepol/cil: Exit with an error if declaration name is a reserved word, James Carter
- [PATCH 08/11 v2] libsepol/cil: Allow permission expressions when using map classes, James Carter
- [PATCH 09/11 v2] libsepol/cil: Refactor helper function for cil_gen_node(), James Carter
- [PATCH 10/11 v2] libsepol/cil: Create function cil_add_decl_to_symtab() and refactor, James Carter
- [PATCH 11/11 v2] libsepol/cil: Move check for the shadowing of macro parameters, James Carter
- Re: [PATCH 00/11 v2] Various CIL patches, James Carter
- MCS NetLabel,
Paul R. Tagliamonte
- [PATCH 0/3] Create secil2tree to write CIL AST,
James Carter
- [PATCH 0/5] evm: Prepare for moving to the LSM infrastructure,
Roberto Sassu
- [PATCH] secilc.c: Don't fail if input file is empty,
Yi-Yo Chiang
- [RFC SHADOW PATCH 0/7] SELinux modernizations,
Christian Göttsche
- Re: [PATCH 7/7 v2] tracing: Do not create tracefs files if tracefs lockdown is in effect,
Ondrej Mosnacek
- Re: [PATCH v6 24/40] fs: make helpers idmap mount aware,
Anton Altaparmakov
- [GIT PULL] SELinux fixes for v5.12 (#2),
Paul Moore
- [PATCH 0/2] vfs/security/NFS/btrfs: clean up and fix LSM option handling,
Ondrej Mosnacek
- [PATCH 2/2] selinux:Delete selinux_xfrm_policy_lookup() useless argument,
Zhongjun Tan
- [PATCH 00/11] Various CIL patches,
James Carter
- [PATCH 01/11] libsepol/cil: Fix out-of-bound read of file context pattern ending with "\", James Carter
- [PATCH 02/11] libsepol/cil: Destroy classperms list when resetting classpermission, James Carter
- [PATCH 03/11] libsepol/cil: Destroy classperm list when resetting map perms, James Carter
- [PATCH 04/11] libsepol/cil: cil_reset_classperms_set() should not reset classpermission, James Carter
- [PATCH 05/11] libsepol/cil: Set class field to NULL when resetting struct cil_classperms, James Carter
- [PATCH 06/11] libsepol/cil: More strict verification of constraint leaf expressions, James Carter
- [PATCH 07/11 v2] libsepol/cil: Exit with an error if declaration name is a reserved word, James Carter
- [PATCH 08/11] libsepol/cil: Allow permission expressions when using map classes, James Carter
- [PATCH 09/11] libsepol/cil: Refactor helper function for cil_gen_node(), James Carter
- [PATCH 11/11] libsepol/cil: Move check for the shadowing of macro parameters, James Carter
- [PATCH 10/11] libsepol/cil: Create function cil_add_decl_to_symtab() and refactor, James Carter
- Re: [PATCH 00/11] Various CIL patches, James Carter
- Detect SELinux by checking if policy is loaded,
Kai Lüke
- [PATCH] selinux:Delete selinux_xfrm_policy_lookup() useless argument,
Zhongjun Tan
- [PATCH v2 4/4] selinux: add "mls" binary version of the policy,
Vit Mojzis
- [PATCH v2 3/4] selinux: Remove 'make' dependency, Vit Mojzis
- [PATCH v2 2/4] [DO NOT MERGE] Install selinux-policy-devel in test environment, Vit Mojzis
- [PATCH v3] selinux: fix race between old and new sidtab,
Ondrej Mosnacek
- [PATCH testsuite] Deactivate userfaultfd test policy if no xperm support,
Ondrej Mosnacek
[PATCH v2] selinux: fix race between old and new sidtab, Ondrej Mosnacek
[PATCH] selinux: fix race between old and new sidtab,
Ondrej Mosnacek
Re: [BUG] Oops in sidtab_context_to_sid,
Paul Moore
[Request] CIL configurations,
lorenzo ceragioli
[PATCH v3 0/2] selinux: fix changing booleans,
Ondrej Mosnacek
[PATCH v2 0/2] selinux: fix changing booleans,
Ondrej Mosnacek
[PATCH 10/12] libsepol/cil: Make invalid statement error messages consistent,
James Carter
[PATCH 00/12] Update checks for invalid rules in blocks,
James Carter
- [PATCH 03/12] libsepol/cil: Create new first child helper function for building AST, James Carter
- [PATCH 04/12] libsepol/cil: Use AST to track blocks and optionals when resolving, James Carter
- [PATCH 02/12] libsepol/cil: Cleanup build AST helper functions, James Carter
- [PATCH 01/12] libsepol/cil: Reorder checks for invalid rules when building AST, James Carter
- [PATCH 05/12] libsepol/cil: Reorder checks for invalid rules when resolving AST, James Carter
- [PATCH 07/12] libsepol/cil: Check for statements not allowed in optional blocks, James Carter
- [PATCH 06/12] libsepol/cil: Sync checks for invalid rules in booleanifs, James Carter
- [PATCH 09/12] libsepol/cil: Do not allow tunable declarations in in-statements, James Carter
- [PATCH 08/12] libsepol/cil: Sync checks for invalid rules in macros, James Carter
- Re: [PATCH 00/12] Update checks for invalid rules in blocks, James Carter
- Re: [PATCH 00/12] Update checks for invalid rules in blocks, James Carter
[PATCH 0/3] selinux: fix changing booleans,
Ondrej Mosnacek
[Index of Archives]
[Selinux Refpolicy]
[Fedora Users]
[Fedora Desktop]
[Kernel]
[KDE Users]
[Gnome Users]
