Security Enhanced Linux (SELINUX)
[Prev Page][Next Page]
- Re: On Fedora 24 I am seeing something strange with CIL, (continued)
- [PATCH] selinux: simply inode label states to INVALID and INITIALIZED, Paul Moore
- [PATCH] selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram(), Paul Moore
- [PATCH] netlabel: fix a problem with netlbl_secattr_catmap_setrng(),
Paul Moore
- CIL: invalid protocol (dccp portcon),
Dominick Grift
- Fedora 23 error when using policy generator,
Amir Eaman
- [PATCH 0/3] Add warnings if module name different from filename,
James Carter
- Just sent a small patch to github to fix the selinuxfs man pages.,
Daniel J Walsh
- [ANNOUNCE] Linux Security Summit 2016 - CFP, James Morris
- what is /sys/fs/selinux/policy_capabilities/redhat1,
Dominick Grift
- strange pam_selinux behavior,
Dominick Grift
does it make sense that dac_override get's checked before dac_read_search?,
Dominick Grift
selinux-query,
Naina Emmanuel
[PATCH] selinux: fix memory leak on node_ptr on error return path,
Colin King
[PATCH] policycoreutils/sepolgen: Add support for TYPEBOUNDS statement in INTERFACE policy files.,
Miroslav Grepl
[PATCH] libsepol/cil: fix bug when resetting class permission values,
Steve Lawrence
Problem building CIL module with new class,
Richard Haines
We have a pretty big bug between SELinux and the User Namespace, Daniel J Walsh
initial_sid context via libsepol,
Roberts, William C
[GIT PULL] SELinux patches for 4.6,
Paul Moore
Slight changes to the SELinux and audit kernel repository process, Paul Moore
Linux sandbox and the -i option,
Bill
handling locally-modified policy and upgrades with ostree,
Colin Walters
should setfscreatecon be able to override auto type transition rules?,
Dominick Grift
[PATCH] libselinux: only mount /proc if necessary, Stephen Smalley
Strange AVC with latest rawhide kernel.,
Daniel J Walsh
[PATCH 0/2] Return error on invalid pids for procattr funcs.,
Daniel Cashman
ANN: SELinux Userspace Release 20160223, Steve Lawrence
Job for Experienced SE Linux Dev, James Geddes
[GIT PULL] SELinux fixes for 4.5 (#2),
Paul Moore
[PATCH] libselinux: selinux_restorecon.3 man page corrections.,
Richard Haines
ANN: SETools 4.0.0-beta, Christopher J. PeBenito
[PATCH] selinux: Don't sleep inside inode_getsecid hook,
Andreas Gruenbacher
[RFC PATCH v3 18/19] calipso: Add a label cache., Huw Davies
[RFC PATCH v3 02/19] netlabel: Add an address family to domain hash entries., Huw Davies
[RFC PATCH v3 14/19] ipv6: constify the skb pointer of ipv6_find_tlv()., Huw Davies
[RFC PATCH v3 11/19] netlabel: Prevent setsockopt() from changing the hop-by-hop option., Huw Davies
[RFC PATCH v3 04/19] netlabel: Add support for querying a CALIPSO DOI., Huw Davies
[RFC PATCH v3 06/19] netlabel: Add support for creating a CALIPSO protocol domain mapping., Huw Davies
[RFC PATCH v3 17/19] calipso: Add validation of CALIPSO option.,
Huw Davies
[RFC PATCH v3 08/19] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer., Huw Davies
[RFC PATCH v3 00/19] CALIPSO Implementation,
Huw Davies
[RFC PATCH v3 01/19] netlabel: Mark rcu pointers with __rcu., Huw Davies
[RFC PATCH v3 16/19] netlabel: Pass a family parameter to netlbl_skbuff_err()., Huw Davies
[RFC PATCH v3 13/19] calipso: Allow request sockets to be relabelled by the lsm., Huw Davies
[RFC PATCH v3 19/19] netlabel: Implement CALIPSO config functions for SMACK., Huw Davies
[RFC PATCH v3 09/19] netlabel: Move bitmap manipulation functions to the NetLabel core., Huw Davies
[RFC PATCH v3 10/19] calipso: Set the calipso socket label to match the secattr., Huw Davies
[RFC PATCH v3 03/19] netlabel: Initial support for the CALIPSO netlink protocol., Huw Davies
[RFC PATCH v3 07/19] netlabel: Add support for removing a CALIPSO DOI., Huw Davies
[RFC PATCH v3 15/19] calipso: Allow the lsm to label the skbuff directly., Huw Davies
[RFC PATCH v3 05/19] netlabel: Add support for enumerating the CALIPSO DOI list., Huw Davies
[RFC PATCH v3 12/19] ipv6: Allow request socks to contain IPv6 options., Huw Davies
Copying/setting security.selinux xattr explicitly,
Laurent Bigonville
[PATCH] read_spec_entry: fail on non-ascii,
william . c . roberts
Policy feedback,
Mark Steele
[PATCH 1/2] libsepol: fix __attribute__((unused)) annotations,
Nicolas Iooss
[PATCH 1/3] policycoreutils: sepolicy: rename policy global variable,
Nicolas Iooss
selinux_set_callback() problem,
Russell Coker
SELinux file context matching,
Mark Steele
genhomedircon uid template,
Jason Zaman
- Re: genhomedircon uid template, Stephen Smalley
- genhomedircon USERID and USERNAME patches, Jason Zaman
- [PATCH 2/7] genhomedircon: move fallback user to genhomedircon_user_entry_t, Jason Zaman
- [PATCH 3/7] genhomedircon: rename FALLBACK #defines consistent with struct, Jason Zaman
- [PATCH 5/7] genhomedircon: Add uid and gid to struct user_entry, Jason Zaman
- [PATCH 1/7] genhomedircon: factor out common replacement code, Jason Zaman
- [PATCH 6/7] genhomedircon: make USERID, USERNAME context lists, Jason Zaman
- [PATCH 7/7] genhomedircon: write contexts for username and userid, Jason Zaman
- [PATCH 4/7] genhomedircon: make all write context funcs take user_entry struct, Jason Zaman
- Re: genhomedircon USERID and USERNAME patches, Nicolas Iooss
- genhomedircon USERID and USERNAME patches v2, Jason Zaman
- [PATCH v2 5/8] genhomedircon: Add uid and gid to struct user_entry, Jason Zaman
- [PATCH v2 6/8] genhomedircon: make USERID, USERNAME context lists, Jason Zaman
- [PATCH v2 4/8] genhomedircon: make all write context funcs take user_entry struct, Jason Zaman
- [PATCH v2 8/8] genhomedircon: fix FALLBACK_NAME regex, Jason Zaman
- [PATCH v2 7/8] genhomedircon: write contexts for username and userid, Jason Zaman
- [PATCH v2 1/8] genhomedircon: factor out common replacement code, Jason Zaman
- [PATCH v2 3/8] genhomedircon: rename FALLBACK #defines consistent with struct, Jason Zaman
- [PATCH v2 2/8] genhomedircon: move fallback user to genhomedircon_user_entry_t, Jason Zaman
- Re: genhomedircon USERID and USERNAME patches v2, Nicolas Iooss
- [PATCH v3 5/8] genhomedircon: Add uid and gid to struct user_entry, Jason Zaman
[PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result,
Nicolas Iooss
Newbie question on fixfiles,
Thomas Downing
kernel-4.3.3-303.fc23.x86_64 and selinux-policy,
Bill
[PATCH v3 1/1] selinux: use absolute path to include directory,
Andy Shevchenko
User range vs. context's range,
Christopher J. PeBenito
[PATCH v2 1/1] selinux: use absolute path to include directory,
Andy Shevchenko
[PATCH] policycoreutils: newrole: add missing defined in #if,
Nicolas Iooss
Re: [PATCH v1 1/1] selinux: use absolute path to include directory,
Paul Moore
[PATCH 1/2] sepolgen: Make sepolgen-ifgen output deterministic with Python>=3.3,
Nicolas Iooss
RESEND [PATCH V3] libselinux: Add selinux_restorecon function,
Richard Haines
[GIT PULL] SELinux fixes for 4.5 (#1),
Paul Moore
[PATCH 1/2] Add description of missing newrole parameter -p in newrole man page.,
Lukas Vrabec
[PATCH] secilc: update dependency information and man page creation, Steve Lawrence
[RFC PATCH v2 07/18] netlabel: Add support for removing a CALIPSO DOI., Huw Davies
[RFC PATCH v2 10/18] calipso: Set the calipso socket label to match the secattr.,
Huw Davies
[RFC PATCH v2 03/18] netlabel: Initial support for the CALIPSO netlink protocol.,
Huw Davies
[RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.,
Huw Davies
[RFC PATCH v2 02/18] netlabel: Add an address family to domain hash entries.,
Huw Davies
[RFC PATCH v2 09/18] netlabel: Move bitmap manipulation functions to the NetLabel core., Huw Davies
[RFC PATCH v2 14/18] calipso: Allow the lsm to label the skbuff directly.,
Huw Davies
[RFC PATCH v2 13/18] calipso: Allow request sockets to be relabelled by the lsm., Huw Davies
[RFC PATCH v2 06/18] netlabel: Add support for creating a CALIPSO protocol domain mapping.,
Huw Davies
[RFC PATCH v2 04/18] netlabel: Add support for querying a CALIPSO DOI., Huw Davies
[RFC PATCH v2 05/18] netlabel: Add support for enumerating the CALIPSO DOI list., Huw Davies
[RFC PATCH v2 15/18] netlabel: Pass a family parameter to netlbl_skbuff_err()., Huw Davies
[RFC PATCH v2 16/18] calipso: Add validation of CALIPSO option., Huw Davies
[RFC PATCH v2 17/18] calipso: Add a label cache., Huw Davies
[RFC PATCH v2 18/18] netlabel: Implement CALIPSO config functions for SMACK., Huw Davies
[RFC PATCH v2 01/18] netlabel: Mark rcu pointers with __rcu., Huw Davies
[RFC PATCH v2 00/18] CALIPSO Implementation,
Huw Davies
[RFC PATCH v2 11/18] netlabel: Prevent setsockopt() from changing the hop-by-hop option., Huw Davies
[RFC PATCH v2 12/18] ipv6: Allow request socks to contain IPv6 options.,
Huw Davies
Preventing packet sniffing,
Mark Steele
Diskless system running SELinux,
Andrew Ruch
Labeling nsfs filesystem,
Nicolas Iooss
ANN: SELinux Userspace Release 20160107-rc1,
Steve Lawrence
[PATCH] selinux: Inode label revalidation performance fix,
Andreas Gruenbacher
CIL Wiki Translate,
面和毅
[PATCH RESEND v2 00/19] Support fuse mounts in user namespaces,
Seth Forshee
- [PATCH RESEND v2 02/18] block_dev: Check permissions towards block device inode when mounting, Seth Forshee
- [PATCH RESEND v2 01/18] block_dev: Support checking inode permissions in lookup_bdev(), Seth Forshee
- [PATCH RESEND v2 04/18] selinux: Add support for unprivileged mounts from user namespaces, Seth Forshee
- [PATCH RESEND v2 05/18] userns: Replace in_userns with current_in_userns, Seth Forshee
- [PATCH RESEND v2 06/18] Smack: Handle labels consistently in untrusted mounts, Seth Forshee
- [PATCH RESEND v2 08/18] cred: Reject inodes with invalid ids in set_create_file_as(), Seth Forshee
- [PATCH RESEND v2 07/18] fs: Check for invalid i_uid in may_follow_link(), Seth Forshee
- [PATCH RESEND v2 10/18] fs: Update posix_acl support to handle user namespace mounts, Seth Forshee
- [PATCH RESEND v2 03/18] fs: Treat foreign mounts as nosuid, Seth Forshee
- [PATCH RESEND v2 12/18] fs: Don't remove suid for CAP_FSETID in s_user_ns, Seth Forshee
- [PATCH RESEND v2 13/18] fs: Allow superblock owner to access do_remount_sb(), Seth Forshee
- [PATCH RESEND v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes, Seth Forshee
- [PATCH RESEND v2 09/18] fs: Refuse uid/gid changes which don't map into s_user_ns, Seth Forshee
- [PATCH RESEND v2 15/18] fuse: Add support for pid namespaces, Seth Forshee
- [PATCH RESEND v2 17/18] fuse: Restrict allow_other to the superblock's namespace or a descendant, Seth Forshee
- [PATCH RESEND v2 14/18] capabilities: Allow privileged user in s_user_ns to set security.* xattrs, Seth Forshee
- [PATCH RESEND v2 18/18] fuse: Allow user namespace mounts, Seth Forshee
- [PATCH RESEND v2 16/18] fuse: Support fuse filesystems outside of init_user_ns, Seth Forshee
- Re: [PATCH RESEND v2 00/19] Support fuse mounts in user namespaces, Seth Forshee
[PATCH] update deps and change yum to dnf,
Joshua Brindle
[PATCH] policycoreutils: semanage: list reserver_port_t,
Petr Lautrbach
[GIT PULL] SELinux patches for 4.5,
Paul Moore
Re: [PATCH net] sctp: label accepted/peeled off sockets, Paul Moore
[RFC PATCH 02/17] netlabel: Add an address family to domain hash entries., Huw Davies
[RFC PATCH 03/17] netlabel: Initial support for the CALIPSO netlink protocol., Huw Davies
[RFC PATCH 04/17] netlabel: Add support for querying a CALIPSO DOI., Huw Davies
[RFC PATCH 06/17] netlabel: Add support for creating a CALIPSO protocol domain mapping., Huw Davies
[RFC PATCH 05/17] netlabel: Add support for enumerating the CALIPSO DOI list., Huw Davies
[RFC PATCH 07/17] netlabel: Add support for removing a CALIPSO DOI., Huw Davies
[RFC PATCH 10/17] calipso: Set the calipso socket label to match the secattr., Huw Davies
[RFC PATCH 08/17] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.,
Huw Davies
[RFC PATCH 14/17] calipso: Allow the lsm to label the skbuff directly., Huw Davies
[RFC PATCH 09/17] netlabel: Move bitmap manipulation functions to the NetLabel core., Huw Davies
[RFC PATCH 11/17] netlabel: Prevent setsockopt() from changing the hop-by-hop option., Huw Davies
[RFC PATCH 15/17] netlabel: Pass a family parameter to netlbl_skbuff_err()., Huw Davies
[RFC PATCH 16/17] calipso: Add validation of CALIPSO option.,
Huw Davies
[RFC PATCH 17/17] calipso: Add a label cache., Huw Davies
[RFC PATCH 13/17] calipso: Allow request sockets to be relabelled by the lsm.,
Huw Davies
[RFC PATCH 00/17] CALIPSO implementation,
Huw Davies
[RFC PATCH 12/17] ipv6: Allow request socks to contain IPv6 options., Huw Davies
[RFC PATCH 01/17] netlabel: Mark rcu pointers with __rcu., Huw Davies
security_bounded_transition fails,
Hannu Savolainen
Re: security_bounded_transition fails, Stephen Smalley
[PATCH v2] secilc/docs: Convert DocBook documentation into github markdown,
Yuli Khodorkovskiy
ANN: SETools 4.0.0-alpha3, Christopher J. PeBenito
SELinux/audit kernel repo process changes, Paul Moore
[PATCH] policycoreutils/chcat: Add a fallback in case os.getlogin() returns nothing,
Laurent Bigonville
Exposing secid to secctx mapping to user-space,
Daniel Cashman
[PATCH] secilc/docs: Convert DocBook documentation into github markdown,
Yuli Khodorkovskiy
[PATCH] libselinux: Don't wrap rpm_execcon with DISABLE_RPM,
Petr Lautrbach
[PATCH] libselinux/man: Add information about thread specific on setfscreatecon,
Petr Lautrbach
[PATCH] libselinux: Verify context input to funtions to make sure the context field is not null.,
Petr Lautrbach
mcs design help,
Higgs, Stephen
Behavior of mmap()ed files on setcon()?,
Nick Kralevich
A newbie's question,
David Li
Performance issues - huge amount of AVC misses,
Michal Marciniszyn
New setools3 release,
Laurent Bigonville
[PATCH v2 00/19] Support fuse mounts in user namespaces,
Seth Forshee
- [PATCH v2 09/18] fs: Refuse uid/gid changes which don't map into s_user_ns, Seth Forshee
- [PATCH v2 18/18] fuse: Allow user namespace mounts, Seth Forshee
- [PATCH v2 17/18] fuse: Restrict allow_other to the superblock's namespace or a descendant, Seth Forshee
- [PATCH v2 16/18] fuse: Support fuse filesystems outside of init_user_ns, Seth Forshee
- [PATCH v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes, Seth Forshee
- [PATCH v2 07/18] fs: Check for invalid i_uid in may_follow_link(), Seth Forshee
- [PATCH v2 05/18] userns: Replace in_userns with current_in_userns, Seth Forshee
- [PATCH v2 15/18] fuse: Add support for pid namespaces, Seth Forshee
- [PATCH v2 01/18] block_dev: Support checking inode permissions in lookup_bdev(), Seth Forshee
- [PATCH v2 08/18] cred: Reject inodes with invalid ids in set_create_file_as(), Seth Forshee
- [PATCH v2 10/18] fs: Update posix_acl support to handle user namespace mounts, Seth Forshee
- [PATCH v2 04/18] selinux: Add support for unprivileged mounts from user namespaces, Seth Forshee
- [PATCH v2 03/18] fs: Treat foreign mounts as nosuid, Seth Forshee
- [PATCH v2 13/18] fs: Allow superblock owner to access do_remount_sb(), Seth Forshee
- [PATCH v2 12/18] fs: Don't remove suid for CAP_FSETID in s_user_ns, Seth Forshee
- [PATCH v2 02/18] block_dev: Check permissions towards block device inode when mounting, Seth Forshee
- [PATCH v2 06/18] Smack: Handle labels consistently in untrusted mounts, Seth Forshee
- [PATCH v2 14/18] capabilities: Allow privileged user in s_user_ns to set security.* xattrs, Seth Forshee
chcat is using getlogin() function that sometimes returns null/empty string,
Laurent Bigonville
[PATCH] libsepol/cil: Validate extended avrules and permissionxs,
Steve Lawrence
How i see SELinux succeed in GNU/Linux, Dominick Grift
Re: Steps needed to support SElinux over FUSE mounts, Paul Moore
[PATCH 00/19] Support fuse mounts in user namespaces,
Seth Forshee
- [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev(), Seth Forshee
- [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link(), Seth Forshee
- [PATCH 03/19] fs: Treat foreign mounts as nosuid, Seth Forshee
- [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting, Seth Forshee
- [PATCH 06/19] Smack: Handle labels consistently in untrusted mounts, Seth Forshee
- [PATCH 04/19] selinux: Add support for unprivileged mounts from user namespaces, Seth Forshee
- [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as(), Seth Forshee
- [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns, Seth Forshee
- [PATCH 05/19] userns: Replace in_userns with current_in_userns, Seth Forshee
- [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps, Seth Forshee
- [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns, Seth Forshee
- [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb(), Seth Forshee
- [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant, Seth Forshee
- [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns, Seth Forshee
- [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts, Seth Forshee
- [PATCH 19/19] fuse: Allow user namespace mounts, Seth Forshee
- [PATCH 16/19] fuse: Add support for pid namespaces, Seth Forshee
- [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes, Seth Forshee
- [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns, Seth Forshee
continuation of systemd/SELinux discussion from Github,
Dominick Grift
[PATCH] libsepol/cil: Remove duplicated 'if' condition in cil_tree, Steve Lawrence
[PATCH 1/2] libsepol/cil: Add support for neverallowx,
Steve Lawrence
[selinux-testsuite PATCH] net_socket: replace md5 with sha1 in ipsec-load,
Jan Stancek
redhats influence is hurting SELinux in GNU/Linux, Dominick Grift
[PATCH] policycoreutils: fix 'semanage permissive -l' subcommand,
Petr Lautrbach
[GIT PULL] SELinux fixes for 4.4 (#1), Paul Moore
[PATCH] policycoreutils: replace string.join() with str.join(),
Petr Lautrbach
libsepol bug report, David Binderman
[PATCH] selinux: fix bug in conditional rules handling,
Stephen Smalley
[PATCH] libselinux: Correct line count for property and service contexts files,
Richard Haines
(Userspace) AVC denial generated even if allowed by the policy?,
Laurent Bigonville
[PATCH] libsepol: Fully expand neverallowxperm rules,
Richard Haines
ANN: Experimental Fedora Rawhide kernels (selinux-next and audit-next), Paul Moore
Obtaining Default Context for SELinux Users,
Mike Palmiotto
BTRFS/SELinux patch just got merged in docker., Daniel J Walsh
[PATCH v3 0/7] User namespace mount updates,
Seth Forshee
[Index of Archives]
[Selinux Refpolicy]
[Fedora Users]
[Fedora Desktop]
[Kernel]
[KDE Users]
[Gnome Users]
