Security Enhanced Linux (SELINUX)

Date Index

[Prev Page][Next Page]

[PATCH] libsepol/cil: Validate extended avrules and permissionxs, Steve Lawrence
- Re: [PATCH] libsepol/cil: Validate extended avrules and permissionxs, James Carter
How i see SELinux succeed in GNU/Linux, Dominick Grift
Re: Steps needed to support SElinux over FUSE mounts, Paul Moore
[PATCH 00/19] Support fuse mounts in user namespaces, Seth Forshee
- [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev(), Seth Forshee
  - Re: [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev(), Serge E. Hallyn
- [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link(), Seth Forshee
  - Re: [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link(), Serge E. Hallyn
- [PATCH 03/19] fs: Treat foreign mounts as nosuid, Seth Forshee
  - Re: [PATCH 03/19] fs: Treat foreign mounts as nosuid, Serge E. Hallyn
- [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting, Seth Forshee
  - Re: [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting, Serge E. Hallyn
- [PATCH 06/19] Smack: Handle labels consistently in untrusted mounts, Seth Forshee
- [PATCH 04/19] selinux: Add support for unprivileged mounts from user namespaces, Seth Forshee
- [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as(), Seth Forshee
  - Re: [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as(), Serge E. Hallyn
- [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns, Seth Forshee
  - Re: [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns, Serge E. Hallyn
- [PATCH 05/19] userns: Replace in_userns with current_in_userns, Seth Forshee
  - Re: [PATCH 05/19] userns: Replace in_userns with current_in_userns, Serge E. Hallyn
- [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps, Seth Forshee
  - Re: [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps, Serge E. Hallyn
    - Re: [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps, Seth Forshee
      - Re: [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps, Serge E. Hallyn
- [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns, Seth Forshee
  - Re: [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns, Serge E. Hallyn
    - Re: [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns, Seth Forshee
      - Re: [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns, Serge E. Hallyn
- [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb(), Seth Forshee
  - Re: [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb(), Serge E. Hallyn
- [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant, Seth Forshee
  - Re: [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant, Serge E. Hallyn
    - Re: [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant, Seth Forshee
      - Re: [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant, Serge E. Hallyn
- [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns, Seth Forshee
  - Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns, Serge E. Hallyn
    - Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns, Theodore Ts'o
      - Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns, Serge E. Hallyn
        
        Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns, Seth Forshee
        
        Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns, Theodore Ts'o
        
        Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns, Serge E. Hallyn
        
        Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns, Seth Forshee
        
        Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns, Andreas Dilger
- [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts, Seth Forshee
  - Re: [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts, Serge E. Hallyn
- [PATCH 19/19] fuse: Allow user namespace mounts, Seth Forshee
- [PATCH 16/19] fuse: Add support for pid namespaces, Seth Forshee
- [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes, Seth Forshee
  - Re: [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes, Serge E. Hallyn
- [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns, Seth Forshee
  - Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns, Seth Forshee
  - Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns, Serge E. Hallyn
    - Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns, Seth Forshee
      - Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns, Serge E. Hallyn
continuation of systemd/SELinux discussion from Github, Dominick Grift
- Re: continuation of systemd/SELinux discussion from Github, Dominick Grift
- Re: continuation of systemd/SELinux discussion from Github, Stephen Smalley
  - Re: continuation of systemd/SELinux discussion from Github, Dominick Grift
    - Re: continuation of systemd/SELinux discussion from Github, Stephen Smalley
      - Re: continuation of systemd/SELinux discussion from Github, Dominick Grift
      - Re: continuation of systemd/SELinux discussion from Github, Miroslav Grepl
        
        Re: continuation of systemd/SELinux discussion from Github, Stephen Smalley
        
        Re: continuation of systemd/SELinux discussion from Github, Dominick Grift
        
        Re: continuation of systemd/SELinux discussion from Github, Dominick Grift
        
        Re: continuation of systemd/SELinux discussion from Github, Miroslav Grepl
        
        Re: continuation of systemd/SELinux discussion from Github, Dominick Grift
        
        Re: continuation of systemd/SELinux discussion from Github, Dominick Grift
        
        Re: continuation of systemd/SELinux discussion from Github, Dominick Grift
    - Re: continuation of systemd/SELinux discussion from Github, Dominick Grift
  - Re: continuation of systemd/SELinux discussion from Github, Dominick Grift
  - Re: continuation of systemd/SELinux discussion from Github, Laurent Bigonville
[PATCH] libsepol/cil: Remove duplicated 'if' condition in cil_tree, Steve Lawrence
[PATCH 1/2] libsepol/cil: Add support for neverallowx, Steve Lawrence
- [PATCH 2/2] secilc/docs: Add documentation for neverallowx rules, Steve Lawrence
  - Re: [PATCH 2/2] secilc/docs: Add documentation for neverallowx rules, James Carter
- Re: [PATCH 1/2] libsepol/cil: Add support for neverallowx, James Carter
[selinux-testsuite PATCH] net_socket: replace md5 with sha1 in ipsec-load, Jan Stancek
- Re: [selinux-testsuite PATCH] net_socket: replace md5 with sha1 in ipsec-load, Paul Moore
redhats influence is hurting SELinux in GNU/Linux, Dominick Grift
[PATCH] policycoreutils: fix 'semanage permissive -l' subcommand, Petr Lautrbach
- Re: [PATCH] policycoreutils: fix 'semanage permissive -l' subcommand, Stephen Smalley
[GIT PULL] SELinux fixes for 4.4 (#1), Paul Moore
[PATCH] policycoreutils: replace string.join() with str.join(), Petr Lautrbach
- Re: [PATCH] policycoreutils: replace string.join() with str.join(), Stephen Smalley
libsepol bug report, David Binderman
[PATCH] selinux: fix bug in conditional rules handling, Stephen Smalley
- Re: [PATCH] selinux: fix bug in conditional rules handling, Paul Moore
  - Re: [PATCH] selinux: fix bug in conditional rules handling, Stephen Smalley
- Re: [PATCH] selinux: fix bug in conditional rules handling, Paul Moore
[PATCH] libselinux: Correct line count for property and service contexts files, Richard Haines
- Re: [PATCH] libselinux: Correct line count for property and service contexts files, Jeffrey Vander Stoep
- Re: [PATCH] libselinux: Correct line count for property and service contexts files, Stephen Smalley
(Userspace) AVC denial generated even if allowed by the policy?, Laurent Bigonville
- Re: (Userspace) AVC denial generated even if allowed by the policy?, Dominick Grift
  - Re: (Userspace) AVC denial generated even if allowed by the policy?, Laurent Bigonville
- Re: (Userspace) AVC denial generated even if allowed by the policy?, Laurent Bigonville
  - Re: (Userspace) AVC denial generated even if allowed by the policy?, Laurent Bigonville
- Re: (Userspace) AVC denial generated even if allowed by the policy?, Stephen Smalley
  - Re: (Userspace) AVC denial generated even if allowed by the policy?, Laurent Bigonville
    - Re: (Userspace) AVC denial generated even if allowed by the policy?, Stephen Smalley
      - Re: (Userspace) AVC denial generated even if allowed by the policy?, Laurent Bigonville
        
        Re: (Userspace) AVC denial generated even if allowed by the policy?, Stephen Smalley
[PATCH] libsepol: Fully expand neverallowxperm rules, Richard Haines
- Re: [PATCH] libsepol: Fully expand neverallowxperm rules, Jeffrey Vander Stoep
- Re: [PATCH] libsepol: Fully expand neverallowxperm rules, Stephen Smalley
ANN: Experimental Fedora Rawhide kernels (selinux-next and audit-next), Paul Moore
Obtaining Default Context for SELinux Users, Mike Palmiotto
- Re: Obtaining Default Context for SELinux Users, Mike Palmiotto
  - Re: Obtaining Default Context for SELinux Users, Stephen Smalley
BTRFS/SELinux patch just got merged in docker., Daniel J Walsh
[PATCH v3 0/7] User namespace mount updates, Seth Forshee
- [PATCH v3 1/7] block_dev: Support checking inode permissions in lookup_bdev(), Seth Forshee
- [PATCH v3 3/7] mtd: Check permissions towards mtd block device inode when mounting, Seth Forshee
- [PATCH v3 5/7] selinux: Add support for unprivileged mounts from user namespaces, Seth Forshee
  - Re: [PATCH v3 5/7] selinux: Add support for unprivileged mounts from user namespaces, James Morris
- [PATCH v3 2/7] block_dev: Check permissions towards block device inode when mounting, Seth Forshee
- [PATCH v3 4/7] fs: Treat foreign mounts as nosuid, Seth Forshee
  - Re: [PATCH v3 4/7] fs: Treat foreign mounts as nosuid, James Morris
- [PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts, Seth Forshee
  - Re: [PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts, Casey Schaufler
  - Re: [PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts, James Morris
    - Re: [PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts, Seth Forshee
- [PATCH v3 6/7] userns: Replace in_userns with current_in_userns, Seth Forshee
  - Re: [PATCH v3 6/7] userns: Replace in_userns with current_in_userns, James Morris
- Re: [PATCH v3 0/7] User namespace mount updates, Al Viro
  - Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
    - Re: [PATCH v3 0/7] User namespace mount updates, Serge E. Hallyn
    - Re: [PATCH v3 0/7] User namespace mount updates, Al Viro
      - Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Richard Weinberger
        
        Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Octavian Purdila
        
        Re: [PATCH v3 0/7] User namespace mount updates, Richard Weinberger
        
        Re: [PATCH v3 0/7] User namespace mount updates, Octavian Purdila
        
        Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Octavian Purdila
        
        Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Serge E. Hallyn
        
        Re: [PATCH v3 0/7] User namespace mount updates, Richard Weinberger
        
        Re: [PATCH v3 0/7] User namespace mount updates, Theodore Ts'o
        
        Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Serge Hallyn
      - Re: [PATCH v3 0/7] User namespace mount updates, Austin S Hemmelgarn
        
        Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Austin S Hemmelgarn
        
        Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Austin S Hemmelgarn
        
        Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Al Viro
        
        Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Al Viro
        
        Re: [PATCH v3 0/7] User namespace mount updates, Richard Weinberger
        
        Re: [PATCH v3 0/7] User namespace mount updates, James Morris
        
        Re: [PATCH v3 0/7] User namespace mount updates, Richard Weinberger
        
        Re: [PATCH v3 0/7] User namespace mount updates, Serge E. Hallyn
        
        Re: [PATCH v3 0/7] User namespace mount updates, Richard Weinberger
        
        Re: [PATCH v3 0/7] User namespace mount updates, Colin Walters
        
        Re: [PATCH v3 0/7] User namespace mount updates, Richard Weinberger
        
        Re: [PATCH v3 0/7] User namespace mount updates, Richard W.M. Jones
        
        Re: [PATCH v3 0/7] User namespace mount updates, Serge E. Hallyn
        
        Re: [PATCH v3 0/7] User namespace mount updates, Austin S Hemmelgarn
        
        Re: [PATCH v3 0/7] User namespace mount updates, Nikolay Borisov
        
        Re: [PATCH v3 0/7] User namespace mount updates, Al Viro
        
        Re: [PATCH v3 0/7] User namespace mount updates, Austin S Hemmelgarn
        
        Re: [PATCH v3 0/7] User namespace mount updates, Al Viro
        
        Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Austin S Hemmelgarn
        
        Re: [PATCH v3 0/7] User namespace mount updates, Seth Forshee
        
        Re: [PATCH v3 0/7] User namespace mount updates, Austin S Hemmelgarn
        
        Re: [PATCH v3 0/7] User namespace mount updates, Daniel J Walsh
        
        Re: [PATCH v3 0/7] User namespace mount updates, J. Bruce Fields
[PATCH] policycoreutils: Require at least one argument for 'semanage permissive -d', Petr Lautrbach
- Re: [PATCH] policycoreutils: Require at least one argument for 'semanage permissive -d', James Carter
[PATCH] policycoreutils: improve sepolicy command line interface, Petr Lautrbach
- Re: [PATCH] policycoreutils: improve sepolicy command line interface, James Carter
the user space object manager code seems to fragile, Dominick Grift
- Re: the user space object manager code seems to fragile, Dominick Grift
[PATCH] policycoreutils/sandbox: Fix sandbox to propagate specified MCS/MLS Security Level., Miroslav Grepl
- Re: [PATCH] policycoreutils/sandbox: Fix sandbox to propagate specified MCS/MLS Security Level., James Carter
CIL: question with regard to CIL ioctl filtering support and neverallow, Dominick Grift
- Re: CIL: question with regard to CIL ioctl filtering support and neverallow, Steve Lawrence
[PATCH v3] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm(), Vladis Dronov
- Re: [PATCH v3] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm(), Paul Moore
[PATCH] sepolgen: Use key function in sort(), Petr Lautrbach
- Re: [PATCH] sepolgen: Use key function in sort(), Joshua Brindle
[PATCH] secilc: Add support for unordered classes, ykhodorkovskiy
- Re: [PATCH] secilc: Add support for unordered classes, Dominick Grift
- Re: [PATCH] secilc: Add support for unordered classes, Dominick Grift
- Re: [PATCH] secilc: Add support for unordered classes, James Carter
get_default_context() hit the SIMPLE_TRANSACTION_LIMIT, Miroslav Grepl
- Re: get_default_context() hit the SIMPLE_TRANSACTION_LIMIT, Stephen Smalley
  - Re: get_default_context() hit the SIMPLE_TRANSACTION_LIMIT, Miroslav Grepl
[PATCH] libselinux, policycoreutils: Man page warning fixes, Ville Skyttä
- Re: [PATCH] libselinux, policycoreutils: Man page warning fixes, Stephen Smalley
neverallow rules and self negation, Nick Kralevich
- Re: neverallow rules and self negation, James Carter
  - Re: neverallow rules and self negation, Nick Kralevich
    - Re: neverallow rules and self negation, Joshua Brindle
- Re: neverallow rules and self negation, Stephen Smalley
Wrong audit message type when policy is reloaded, Laurent Bigonville
- Re: Wrong audit message type when policy is reloaded, Stephen Smalley
  - Re: Wrong audit message type when policy is reloaded, Laurent Bigonville
New SELinux userspace release supporting extended ioctl permissions?, Paul Moore
- Re: New SELinux userspace release supporting extended ioctl permissions?, Dominick Grift
  - Re: New SELinux userspace release supporting extended ioctl permissions?, Joshua Brindle
    - RE: New SELinux userspace release supporting extended ioctl permissions?, Roberts, William C
    - Re: New SELinux userspace release supporting extended ioctl permissions?, Paul Moore
  - Re: New SELinux userspace release supporting extended ioctl permissions?, Jeffrey Vander Stoep
    - Re: New SELinux userspace release supporting extended ioctl permissions?, Dominick Grift
      - Re: New SELinux userspace release supporting extended ioctl permissions?, Jeffrey Vander Stoep
    - RE: New SELinux userspace release supporting extended ioctl permissions?, Roberts, William C
[selinux-testsuite PATCH 0/4] inet_socket and mmap patches, Jan Stancek
- [selinux-testsuite PATCH 1/4] tests/inet_socket: check 'ip xfrm policy ctx' support, Jan Stancek
  - Re: [selinux-testsuite PATCH 1/4] tests/inet_socket: check 'ip xfrm policy ctx' support, Paul Moore
    - Re: [selinux-testsuite PATCH 1/4] tests/inet_socket: check 'ip xfrm policy ctx' support, Jan Stancek
      - Re: [selinux-testsuite PATCH 1/4] tests/inet_socket: check 'ip xfrm policy ctx' support, Paul Moore
- [selinux-testsuite PATCH 2/4] inet_socket: secon: use current pid, Jan Stancek
  - Re: [selinux-testsuite PATCH 2/4] inet_socket: secon: use current pid, Paul Moore
- [selinux-testsuite PATCH 4/4] mmap/mprotect_file_private_execmod: clear READ_IMPLIES_EXEC, Jan Stancek
  - Re: [selinux-testsuite PATCH 4/4] mmap/mprotect_file_private_execmod: clear READ_IMPLIES_EXEC, Paul Moore
- [selinux-testsuite PATCH 3/4] mmap/mprotect_heap: make sure memory is allocated from heap, Jan Stancek
  - Re: [selinux-testsuite PATCH 3/4] mmap/mprotect_heap: make sure memory is allocated from heap, Paul Moore
    - Re: [selinux-testsuite PATCH 3/4] mmap/mprotect_heap: make sure memory is allocated from heap, Jan Stancek
  - [selinux-testsuite PATCH v2 3/4] mmap/mprotect_heap: make sure memory is allocated from heap, Jan Stancek
    - Re: [selinux-testsuite PATCH v2 3/4] mmap/mprotect_heap: make sure memory is allocated from heap, Paul Moore
selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x, Jan Stancek
- Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x, Stephen Smalley
  - Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x, Paul Moore
    - Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x, Stephen Smalley
      - Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x, Paul Moore
        
        Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x, Jan Stancek
        
        Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x, Stephen Smalley
        
        Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x, Jan Stancek
        
        Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x, Stephen Smalley
        
        Re: selinux-testsuite: mmap execmod test failure on RHEL6.7 s390x, Jan Stancek
[PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm(), Vladis Dronov
- Re: [PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm(), Paul Moore
  - Re: [PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm(), Vladis Dronov
- <Possible follow-ups>
- Re: [PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm(), Paul Moore
  - Re: [PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm(), Vladis Dronov
[PATCH] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm(), Vladis Dronov
[PATCH v5 0/7] Inode security label invalidation, Andreas Gruenbacher
- [PATCH v5 1/7] selinux: Remove unused variable in selinux_inode_init_security, Andreas Gruenbacher
- [PATCH v5 2/7] security: Make inode argument of inode_getsecurity non-const, Andreas Gruenbacher
- [PATCH v5 3/7] security: Make inode argument of inode_getsecid non-const, Andreas Gruenbacher
- [PATCH v5 4/7] selinux: Add accessor functions for inode->i_security, Andreas Gruenbacher
- [PATCH v5 6/7] selinux: Revalidate invalid inode security labels, Andreas Gruenbacher
  - Re: [PATCH v5 6/7] selinux: Revalidate invalid inode security labels, Paul Moore
    - Re: [PATCH v5 6/7] selinux: Revalidate invalid inode security labels, Andreas Gruenbacher
    - Re: [PATCH v5 6/7] selinux: Revalidate invalid inode security labels, Stephen Smalley
- [PATCH v5 5/7] security: Add hook to invalidate inode security labels, Andreas Gruenbacher
- [PATCH v5 7/7] gfs2: Invalide security labels of inodes when they go invalid, Andreas Gruenbacher
- Re: [PATCH v5 0/7] Inode security label invalidation, Paul Moore
[PATCH v4 0/7] Inode security label invalidation, Andreas Gruenbacher
- [PATCH v4 3/7] security: Make inode argument of inode_getsecid non-const, Andreas Gruenbacher
  - Re: [PATCH v4 3/7] security: Make inode argument of inode_getsecid non-const, Stephen Smalley
- [PATCH v4 6/7] selinux: Revalidate invalid inode security labels, Andreas Gruenbacher
  - Re: [PATCH v4 6/7] selinux: Revalidate invalid inode security labels, Stephen Smalley
    - Re: [PATCH v4 6/7] selinux: Revalidate invalid inode security labels, Andreas Gruenbacher
      - Re: [PATCH v4 6/7] selinux: Revalidate invalid inode security labels, Paul Moore
        
        Re: [PATCH v4 6/7] selinux: Revalidate invalid inode security labels, Andreas Gruenbacher
  - Re: [PATCH v4 6/7] selinux: Revalidate invalid inode security labels, Andreas Gruenbacher
- [PATCH v4 4/7] selinux: Add accessor functions for inode->i_security, Andreas Gruenbacher
  - Re: [PATCH v4 4/7] selinux: Add accessor functions for inode->i_security, Stephen Smalley
- [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid, Andreas Gruenbacher
  - Re: [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid, Bob Peterson
  - Re: [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid, Steven Whitehouse
- [PATCH v4 5/7] security: Add hook to invalidate inode security labels, Andreas Gruenbacher
  - Re: [PATCH v4 5/7] security: Add hook to invalidate inode security labels, Stephen Smalley
- [PATCH v4 1/7] selinux: Remove unused variable in selinux_inode_init_security, Andreas Gruenbacher
- [PATCH v4 2/7] security: Make inode argument of inode_getsecurity non-const, Andreas Gruenbacher
  - Re: [PATCH v4 2/7] security: Make inode argument of inode_getsecurity non-const, Stephen Smalley
[PATCH v3] selinux: export validatetrans decisions, Andrew Perepechko
- Re: [PATCH v3] selinux: export validatetrans decisions, Stephen Smalley
- Re: [PATCH v3] selinux: export validatetrans decisions, Paul Moore
[sandbox] init script of sandbox returns an improper return code in status function, Keigo Noha
Macro help, Dan
- Re: Macro help, Steve Lawrence
  - Re: Macro help, Dan
[PATCH] Load libsepol.so.1 instead of libsepol.so, Laurent Bigonville
- Re: [PATCH] Load libsepol.so.1 instead of libsepol.so, Stephen Smalley
[PATCH v3] libselinux: label_file: fix memory leaks and uninitialized jump, william . c . roberts
- Re: [PATCH v3] libselinux: label_file: fix memory leaks and uninitialized jump, Stephen Smalley
[PATCH v2] selinux: export validatetrans decisions, Andrew Perepechko
- Re: [PATCH v2] selinux: export validatetrans decisions, Stephen Smalley
[PATCH v2] fix memory leaks and uninitialized jump, william . c . roberts
- Re: [PATCH v2] fix memory leaks and uninitialized jump, Stephen Smalley
  - Re: [PATCH v2] fix memory leaks and uninitialized jump, William Roberts
[PATCH] selinux: export validatetrans decisions, Andrew Perepechko
- Re: [PATCH] selinux: export validatetrans decisions, Stephen Smalley
  - Re: [PATCH] selinux: export validatetrans decisions, Andrew Perepechko
    - Re: [PATCH] selinux: export validatetrans decisions, Stephen Smalley
      - Re: [PATCH] selinux: export validatetrans decisions, Andrew Perepechko
        
        Re: [PATCH] selinux: export validatetrans decisions, Andrew Perepechko
[PATCH] selinux-testsuite: unix_socket: fix uninitialized sockaddr len arguments, Stephen Smalley
[PATCH v3 0/7] Inode security label invalidation, Andreas Gruenbacher
- [PATCH v3 1/7] selinux: Remove unused variable in selinux_inode_init_security, Andreas Gruenbacher
  - Re: [PATCH v3 1/7] selinux: Remove unused variable in selinux_inode_init_security, Stephen Smalley
- [PATCH v3 5/7] security: Add hook to invalidate inode security labels, Andreas Gruenbacher
  - Re: [PATCH v3 5/7] security: Add hook to invalidate inode security labels, James Morris
  - Re: [PATCH v3 5/7] security: Add hook to invalidate inode security labels, James Morris
- [PATCH v3 2/7] selinux: Add accessor functions for inode->i_security, Andreas Gruenbacher
  - Re: [PATCH v3 2/7] selinux: Add accessor functions for inode->i_security, Stephen Smalley
    - Re: [PATCH v3 2/7] selinux: Add accessor functions for inode->i_security, Andreas Gruenbacher
- [PATCH v3 4/7] selinux: Push dentry down from {dentry, path, file}_has_perm, Andreas Gruenbacher
- [PATCH v3 7/7] gfs2: Invalide security labels of inodes when they go invalid, Andreas Gruenbacher
- [PATCH v3 6/7] selinux: Revalidate invalid inode security labels, Andreas Gruenbacher
- [PATCH v3 3/7] selinux: Get rid of file_path_has_perm, Andreas Gruenbacher
  - Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm, Stephen Smalley
    - Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm, Andreas Gruenbacher
      - Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm, Stephen Smalley
        
        Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm, Stephen Smalley
        
        Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm, Andreas Gruenbacher
- Re: [PATCH v3 0/7] Inode security label invalidation, Stephen Smalley
- Re: [PATCH v3 0/7] Inode security label invalidation, Paul Moore
  - Re: [PATCH v3 0/7] Inode security label invalidation, Andreas Gruenbacher
[PATCH] fix memory leaks and uninitialized jump, william . c . roberts
- RE: [PATCH] fix memory leaks and uninitialized jump, Roberts, William C
  - Re: [PATCH] fix memory leaks and uninitialized jump, Stephen Smalley
    - Re: [PATCH] fix memory leaks and uninitialized jump, William Roberts
- Re: [PATCH] fix memory leaks and uninitialized jump, Stephen Smalley
  - Re: [PATCH] fix memory leaks and uninitialized jump, William Roberts
setoolsv4: tracking origin of a policy element, Elena Reshetova
- Re: setoolsv4: tracking origin of a policy element, Christopher J. PeBenito
  - Re: setoolsv4: tracking origin of a policy element, Filippo Bonazzi
    - Re: setoolsv4: tracking origin of a policy element, Christopher J. PeBenito
[PATCH] sepolgen: Reset line numbers when parsing files, Nicolas Iooss
- Re: [PATCH] sepolgen: Reset line numbers when parsing files, Stephen Smalley
[PATCH V3] libselinux: Add selinux_restorecon function, Richard Haines
[PATCH V2] libselinux: Replace selabel_digest hash function, Richard Haines
- Re: [PATCH V2] libselinux: Replace selabel_digest hash function, Stephen Smalley
[GIT PULL] SELinux patches for 4.4, Paul Moore
- Re: [GIT PULL] SELinux patches for 4.4, Paul Moore
- Re: [GIT PULL] SELinux patches for 4.4, James Morris
[PATCH] libselinux: Replace selabel_digest hash function, Richard Haines
- Re: [PATCH] libselinux: Replace selabel_digest hash function, Stephen Smalley
Static analysis to assist policy creation?, Andrew Ruef
- Re: Static analysis to assist policy creation?, Jason Zaman
- Re: Static analysis to assist policy creation?, Miroslav Grepl
how to troubleshoot SELinux when auditd won't start?, Bond Masuda
- Re: how to troubleshoot SELinux when auditd won't start?, Jason Zaman
- Re: how to troubleshoot SELinux when auditd won't start?, Daniel J Walsh
did libselinux grow a new build dependency? (openssl-devel: openssl.h), Dominick Grift
- Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Richard Haines
  - Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Dominick Grift
    - Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Richard Haines
      - Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Stephen Smalley
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Stephen Smalley
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Richard Haines
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Stephen Smalley
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), William Roberts
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Richard Haines
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), William Roberts
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Richard Haines
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Joshua Brindle
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Stephen Smalley
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Joshua Brindle
        
        Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h), Jason Zaman
[PATCH] libselinux: Fix selabel_open(3) services if no digest requested, Richard Haines
does load_policy default to loading the lowest polvers available?, Dominick Grift
- Re: does load_policy default to loading the lowest polvers available?, Stephen Smalley
  - Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
    - Re: does load_policy default to loading the lowest polvers available?, Stephen Smalley
      - Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
        
        Re: does load_policy default to loading the lowest polvers available?, Stephen Smalley
        
        Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
        
        Re: does load_policy default to loading the lowest polvers available?, Stephen Smalley
        
        Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
        
        Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
        
        Re: does load_policy default to loading the lowest polvers available?, Stephen Smalley
        
        Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
        
        Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
        
        Re: does load_policy default to loading the lowest polvers available?, Stephen Smalley
        
        Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
        
        Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
        
        Re: does load_policy default to loading the lowest polvers available?, Christopher J. PeBenito
        
        Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
        
        Re: does load_policy default to loading the lowest polvers available?, Richard Haines
        
        Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
        
        Re: does load_policy default to loading the lowest polvers available?, Stephen Smalley
- <Possible follow-ups>
- Re: does load_policy default to loading the lowest polvers available?, Dominick Grift
[PATCH v4 00/11] Smack namespace, Lukasz Pawelczyk
- [PATCH v4 05/11] smack: extend capability functions and fix 2 checks, Lukasz Pawelczyk
  - Re: [PATCH v4 05/11] smack: extend capability functions and fix 2 checks, Casey Schaufler
- [PATCH v4 04/11] lsm: inode_pre_setxattr hook, Lukasz Pawelczyk
  - Re: [PATCH v4 04/11] lsm: inode_pre_setxattr hook, Casey Schaufler
  - Re: [PATCH v4 04/11] lsm: inode_pre_setxattr hook, John Johansen
- [PATCH v4 03/11] lsm: add file opener's cred to a setprocattr arguments, Lukasz Pawelczyk
  - Re: [PATCH v4 03/11] lsm: add file opener's cred to a setprocattr arguments, Casey Schaufler
  - Re: [PATCH v4 03/11] lsm: add file opener's cred to a setprocattr arguments, Al Viro
    - Re: [PATCH v4 03/11] lsm: add file opener's cred to a setprocattr arguments, Lukasz Pawelczyk
- [PATCH v4 06/11] smack: don't use implicit star to display smackfs/syslog, Lukasz Pawelczyk
  - Re: [PATCH v4 06/11] smack: don't use implicit star to display smackfs/syslog, Casey Schaufler
- [PATCH v4 08/11] smack: misc cleanups in preparation for a namespace patch, Lukasz Pawelczyk
  - Re: [PATCH v4 08/11] smack: misc cleanups in preparation for a namespace patch, Casey Schaufler
- [PATCH v4 01/11] user_ns: 3 new LSM hooks for user namespace operations, Lukasz Pawelczyk
  - Re: [PATCH v4 01/11] user_ns: 3 new LSM hooks for user namespace operations, Casey Schaufler
- [PATCH v4 10/11] smack: namespace implementation, Lukasz Pawelczyk
  - Re: [PATCH v4 10/11] smack: namespace implementation, Casey Schaufler
- [PATCH v4 11/11] smack: documentation for the Smack namespace, Lukasz Pawelczyk
  - Re: [PATCH v4 11/11] smack: documentation for the Smack namespace, Casey Schaufler
- [PATCH v4 07/11] smack: abstraction layer for 2 common Smack operations, Lukasz Pawelczyk
  - Re: [PATCH v4 07/11] smack: abstraction layer for 2 common Smack operations, Casey Schaufler
- [PATCH v4 02/11] lsm: /proc/$PID/attr/label_map file and getprocattr_seq hook, Lukasz Pawelczyk
  - Re: [PATCH v4 02/11] lsm: /proc/$PID/attr/label_map file and getprocattr_seq hook, Casey Schaufler
- [PATCH v4 09/11] smack: namespace groundwork, Lukasz Pawelczyk
  - Re: [PATCH v4 09/11] smack: namespace groundwork, Casey Schaufler
- Re: [PATCH v4 00/11] Smack namespace, Lukasz Pawelczyk
[PATCH v2 0/7] User namespace mount updates, Seth Forshee
- [PATCH v2 2/7] block_dev: Check permissions towards block device inode when mounting, Seth Forshee
- [PATCH v2 1/7] block_dev: Support checking inode permissions in lookup_bdev(), Seth Forshee
- [PATCH v2 5/7] selinux: Add support for unprivileged mounts from user namespaces, Seth Forshee
  - Re: [PATCH v2 5/7] selinux: Add support for unprivileged mounts from user namespaces, Stephen Smalley
- [PATCH v2 7/7] Smack: Handle labels consistently in untrusted mounts, Seth Forshee
  - Re: [PATCH v2 7/7] Smack: Handle labels consistently in untrusted mounts, Casey Schaufler
    - Re: [PATCH v2 7/7] Smack: Handle labels consistently in untrusted mounts, Seth Forshee
- [PATCH v2 6/7] userns: Replace in_userns with current_in_userns, Seth Forshee
- [PATCH v2 4/7] fs: Treat foreign mounts as nosuid, Seth Forshee
- [PATCH v2 3/7] mtd: Check permissions towards mtd block device inode when mounting, Seth Forshee
[PATCH] libselinux: Fix parallel build with swig python, Jason Zaman
- Re: [PATCH] libselinux: Fix parallel build with swig python, Stephen Smalley
[RFC PATCH v3 0/5] kdbus LSM/SELinux hooks, Paul Moore
- [RFC PATCH v3 5/5] selinux: introduce kdbus access controls, Paul Moore
  - Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls, Paul Moore
  - Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls, Stephen Smalley
    - Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls, Paul Moore
      - Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls, Stephen Smalley
        
        Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls, Paul Moore
- [RFC PATCH v3 1/5] kdbus: add creator credentials to the endpoints, Paul Moore
  - Re: [RFC PATCH v3 1/5] kdbus: add creator credentials to the endpoints, Stephen Smalley
    - Re: [RFC PATCH v3 1/5] kdbus: add creator credentials to the endpoints, Paul Moore
- [RFC PATCH v3 4/5] selinux: introduce kdbus names into the policy, Paul Moore
  - Re: [RFC PATCH v3 4/5] selinux: introduce kdbus names into the policy, Stephen Smalley
- [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names, Paul Moore
  - Re: [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names, Stephen Smalley
    - Re: [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names, Steve Grubb
      - Re: [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names, Stephen Smalley
- [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus, Paul Moore
  - Re: [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus, Stephen Smalley
    - Re: [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus, Paul Moore
      - Re: [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus, Stephen Smalley
        
        Re: [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus, Paul Moore
[RFC PATCH v2 0/5] kdbus LSM/SELinux hooks, Paul Moore
- [RFC PATCH v2 3/5] lsm: add support for auditing kdbus service names, Paul Moore
- [RFC PATCH v2 1/5] kdbus: add creator credentials to the endpoints, Paul Moore
- [RFC PATCH v2 4/5] selinux: introduce kdbus names into the policy, Paul Moore
- [RFC PATCH v2 2/5] lsm: introduce hooks for kdbus, Paul Moore
- [RFC PATCH v2 5/5] selinux: introduce kdbus access controls, Paul Moore
  - Re: [RFC PATCH v2 5/5] selinux: introduce kdbus access controls, Nicolas Iooss
    - Re: [RFC PATCH v2 5/5] selinux: introduce kdbus access controls, Paul Moore
[PATCH] security: selinux: Use a kmem_cache for allocation struct file_security_struct, Sangwoo
- Re: [PATCH] security: selinux: Use a kmem_cache for allocation struct file_security_struct, Stephen Smalley
- Re: [PATCH] security: selinux: Use a kmem_cache for allocation struct file_security_struct, Paul Moore
[PATCH v2 1/2] security: Add hook to invalidate inode security labels, Andreas Gruenbacher
- Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels, Stephen Smalley
  - Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels, Andreas Gruenbacher
    - Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels, Stephen Smalley
- Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels, Casey Schaufler
  - Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels, Andreas Gruenbacher
Computer Science and SE Linux, Russell Coker
- Re: Computer Science and SE Linux, Thomas Rozenbroek
  - Re: Computer Science and SE Linux, Russell Coker
    - Re: Computer Science and SE Linux, Hal Martin
MAP_STACK and execstack, Nick Kralevich
- Re: MAP_STACK and execstack, Stephen Smalley
  - Re: MAP_STACK and execstack, Nick Kralevich
    - Re: MAP_STACK and execstack, Stephen Smalley
av_decision on audit callback, Roberts, William C
- Re: av_decision on audit callback, Stephen Smalley
  - Re: av_decision on audit callback, Stephen Smalley
    - RE: av_decision on audit callback, Roberts, William C
      - Re: av_decision on audit callback, Stephen Smalley
        
        RE: av_decision on audit callback, Roberts, William C
        
        Re: av_decision on audit callback, Stephen Smalley
        
        RE: av_decision on audit callback, Roberts, William C
[PATCH 1/3] Fix newrole to not drop capabilities from the bounding set., Stephen Smalley
- [PATCH 2/3] policycoreutils/newrole: Set keepcaps around setresuid calls., Stephen Smalley
- [PATCH 3/3] Open stdin as read/write, Stephen Smalley
[PATCH 0/5] User namespace mount updates, Seth Forshee
- [PATCH 2/5] fs: Treat foreign mounts as nosuid, Seth Forshee
- [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Seth Forshee
  - Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Mike Snitzer
    - Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Seth Forshee
      - Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Mike Snitzer
        
        Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Seth Forshee
        
        Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Seth Forshee
        
        Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Eric W. Biederman
        
        Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Jan Kara
        
        Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Seth Forshee
  - Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Eric W. Biederman
    - Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting, Seth Forshee
- [PATCH 3/5] selinux: Add support for unprivileged mounts from user namespaces, Seth Forshee
- [PATCH 5/5] Smack: Handle labels consistently in untrusted mounts, Seth Forshee
- [PATCH 4/5] userns: Replace in_userns with current_in_userns, Seth Forshee
[RFC PATCH V3] libselinux: Add selabel_digest function, Richard Haines
- Re: [RFC PATCH V3] libselinux: Add selabel_digest function, Stephen Smalley
  - Re: [RFC PATCH V3] libselinux: Add selabel_digest function, Richard Haines
    - Re: [RFC PATCH V3] libselinux: Add selabel_digest function, Stephen Smalley
[PATCH 0/5] Security: Provide unioned file support, David Howells
- [PATCH 2/5] Overlayfs: Use copy-up security hooks, David Howells
- [PATCH 5/5] SELinux: Check against union label for file operations, David Howells
- [PATCH 3/5] SELinux: Stub in copy-up handling, David Howells
- [PATCH 4/5] SELinux: Handle opening of a unioned file, David Howells
- [PATCH 1/5] Security: Provide copy-up security hooks for unioned files, David Howells
- Re: [PATCH 0/5] Security: Provide unioned file support, Stephen Smalley
  - Re: [PATCH 0/5] Security: Provide unioned file support, Stephen Smalley
    - Re: [PATCH 0/5] Security: Provide unioned file support, Daniel J Walsh
[PATCH 1/2] selinux: ioctl_has_perm should be static, Geliang Tang
- Re: [PATCH 1/2] selinux: ioctl_has_perm should be static, Jeffrey Vander Stoep
- Re: [PATCH 1/2] selinux: ioctl_has_perm should be static, Stephen Smalley
- Re: [PATCH 1/2] selinux: ioctl_has_perm should be static, Paul Moore
[PATCH 0/5] selinux: minor cleanup suggestions, Rasmus Villemoes
- [PATCH 1/5] selinux: introduce security_context_str_to_sid, Rasmus Villemoes
  - Re: [PATCH 1/5] selinux: introduce security_context_str_to_sid, Stephen Smalley
  - Re: [PATCH 1/5] selinux: introduce security_context_str_to_sid, Paul Moore
- [PATCH 4/5] selinux: use kstrdup() in security_get_bools(), Rasmus Villemoes
  - Re: [PATCH 4/5] selinux: use kstrdup() in security_get_bools(), Stephen Smalley
  - Re: [PATCH 4/5] selinux: use kstrdup() in security_get_bools(), Paul Moore
- [PATCH 5/5] selinux: use sprintf return value, Rasmus Villemoes
  - Re: [PATCH 5/5] selinux: use sprintf return value, Stephen Smalley
    - Re: [PATCH 5/5] selinux: use sprintf return value, Rasmus Villemoes
  - Re: [PATCH 5/5] selinux: use sprintf return value, Paul Moore
- [PATCH 2/5] selinux: remove pointless cast in selinux_inode_setsecurity(), Rasmus Villemoes
  - Re: [PATCH 2/5] selinux: remove pointless cast in selinux_inode_setsecurity(), Stephen Smalley
  - Re: [PATCH 2/5] selinux: remove pointless cast in selinux_inode_setsecurity(), Paul Moore
- [PATCH 3/5] selinux: use kmemdup in security_sid_to_context_core(), Rasmus Villemoes
  - Re: [PATCH 3/5] selinux: use kmemdup in security_sid_to_context_core(), Stephen Smalley
  - Re: [PATCH 3/5] selinux: use kmemdup in security_sid_to_context_core(), Paul Moore
- Re: [PATCH 0/5] selinux: minor cleanup suggestions, Stephen Smalley
[RFC PATCH V2] libselinux: Add selinux_restorecon function, Richard Haines
- Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function, Nir Soffer
  - Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function, Richard Haines
- Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function, Stephen Smalley
  - Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function, Richard Haines
    - Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function, Stephen Smalley
newrole not working when built with LSPP_PRIV=y, Laurent Bigonville
- Re: newrole not working when built with LSPP_PRIV=y, Stephen Smalley
  - Re: newrole not working when built with LSPP_PRIV=y, Laurent Bigonville
    - Re: newrole not working when built with LSPP_PRIV=y, Stephen Smalley
selinux network control question, Dominick Grift
- Re: selinux network control question, Stephen Smalley
  - Re: selinux network control question, Dominick Grift
    - Re: selinux network control question, Stephen Smalley
      - Re: selinux network control question, Dominick Grift
  - Re: selinux network control question, Dominick Grift
Cil Macros, Dan
- Re: Cil Macros, James Carter
  - Re: Cil Macros, Dan
    - Re: Cil Macros, James Carter
      - Re: Cil Macros, Dan
      - Re: Cil Macros, Dan
Find attributes for a type with sepol, Roberts, William C
- Re: Find attributes for a type with sepol, James Carter
  - Re: Find attributes for a type with sepol, Stephen Smalley
    - Re: Find attributes for a type with sepol, Joshua Brindle
      - Re: Find attributes for a type with sepol, William Roberts
        
        Re: Find attributes for a type with sepol, Joshua Brindle
        
        Re: Find attributes for a type with sepol, William Roberts
        
        Re: Find attributes for a type with sepol, Joshua Brindle
        
        Re: Find attributes for a type with sepol, William Roberts
        
        Re: Find attributes for a type with sepol, William Roberts
        
        Re: Find attributes for a type with sepol, Stephen Smalley
        
        Re: Find attributes for a type with sepol, William Roberts
        
        Re: Find attributes for a type with sepol, Stephen Smalley
[RFC PATCH v1 0/3] Another take on the kdbus LSM hooks, Paul Moore
- [RFC PATCH v1 1/3] lsm: introduce hooks for kdbus, Paul Moore
  - Re: [RFC PATCH v1 1/3] lsm: introduce hooks for kdbus, Stephen Smalley
    - Re: [RFC PATCH v1 1/3] lsm: introduce hooks for kdbus, Paul Moore
  - Re: [RFC PATCH v1 1/3] lsm: introduce hooks for kdbus, Stephen Smalley
    - Re: [RFC PATCH v1 1/3] lsm: introduce hooks for kdbus, Paul Moore
- [RFC PATCH v1 2/3] selinux: introduce kdbus names into the policy, Paul Moore
- [RFC PATCH v1 3/3] selinux: introduce kdbus access controls, Paul Moore
[PATCH v4 0/7] Initial support for user namespace owned mounts, Seth Forshee
- [PATCH v4 1/7] fs: Add user namesapace member to struct super_block, Seth Forshee
  - Re: [PATCH v4 1/7] fs: Add user namesapace member to struct super_block, Eric W. Biederman
    - Re: [PATCH v4 1/7] fs: Add user namesapace member to struct super_block, Seth Forshee
      - Re: [PATCH v4 1/7] fs: Add user namesapace member to struct super_block, Eric W. Biederman
  - [PATCH] fs: fix a posible leak of allocated superblock, Pavel Tikhomirov
    - Re: [PATCH] fs: fix a posible leak of allocated superblock, Seth Forshee
- [PATCH v4 2/7] userns: Simpilify MNT_NODEV handling., Seth Forshee
- [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting, Seth Forshee
  - Re: [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting, Eric W. Biederman
    - Re: [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting, Seth Forshee
      - Re: [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting, Eric W. Biederman
        
        Re: [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting, Seth Forshee
        
        Re: [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting, Eric W. Biederman
- [PATCH v4 5/7] fs: Treat foreign mounts as nosuid, Seth Forshee
- [PATCH v4 4/7] fs: Limit file caps to the user namespace of the super block, Seth Forshee
  - Re: [PATCH v4 4/7] fs: Limit file caps to the user namespace of the super block, Eric W. Biederman
    - Re: [PATCH v4 4/7] fs: Limit file caps to the user namespace of the super block, Seth Forshee
      - Re: [PATCH v4 4/7] fs: Limit file caps to the user namespace of the super block, Eric W. Biederman
- [PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces, Seth Forshee
  - Re: [PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces, Eric W. Biederman
  - Re: [PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces, Casey Schaufler
  - Re: [PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces, Eric W. Biederman
    - Re: [PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces, Seth Forshee
- [PATCH v4 7/7] selinux: Add support for unprivileged mounts from user namespaces, Seth Forshee
[PATCH v2] libselinux: flush the class/perm string mapping cache on policy reload, Stephen Smalley
- Re: [PATCH v2] libselinux: flush the class/perm string mapping cache on policy reload, Petr Lautrbach
[PATCH] libselinux: flush the class/perm string mapping cache on policy reload, Stephen Smalley
[RFC PATCH] selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default, Paul Moore
- Re: [RFC PATCH] selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default, Stephen Smalley
  - Re: [RFC PATCH] selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default, Paul Moore
- Re: [RFC PATCH] selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default, Paul Moore
overlayfs+selinux error: OPNOTSUPP, Matthew Cengia
- Re: overlayfs+selinux error: OPNOTSUPP, Stephen Smalley
  - Re: overlayfs+selinux error: OPNOTSUPP, Stephen Smalley
    - Re: overlayfs+selinux error: OPNOTSUPP, Matthew Cengia
      - Re: overlayfs+selinux error: OPNOTSUPP, Stephen Smalley
  - Re: overlayfs+selinux error: OPNOTSUPP, Russell Coker
    - Re: overlayfs+selinux error: OPNOTSUPP, Stephen Smalley
    - Re: overlayfs+selinux error: OPNOTSUPP, Matthew Cengia
[PATCH] libselinux: Fix restorecon when path has no context, Nir Soffer
- Re: [PATCH] libselinux: Fix restorecon when path has no context, Stephen Smalley
How can i remove net_raw capability from unconfined?, Gmail
- Re: How can i remove net_raw capability from unconfined?, Stephen Smalley
[RFC PATCH] libselinux: Add selinux_restorecon function, Richard Haines
[RFC PATCH V2] libselinux: Add selabel_digest function, Richard Haines
- Re: [RFC PATCH V2] libselinux: Add selabel_digest function, Stephen Smalley
[PATCH] Add neverallow support for ioctl extended permissions, Jeff Vander Stoep
- Re: [PATCH] Add neverallow support for ioctl extended permissions, Nick Kralevich
- Re: [PATCH] Add neverallow support for ioctl extended permissions, Stephen Smalley
  - Re: [PATCH] Add neverallow support for ioctl extended permissions, Stephen Smalley
[PATCH v2] selinux: do not check open perm on ftruncate call, Jeff Vander Stoep
- Re: [PATCH v2] selinux: do not check open perm on ftruncate call, Stephen Smalley
- Re: [PATCH v2] selinux: do not check open perm on ftruncate call, Paul Moore
[PATCH] selinux: do not check open perm on ftruncate call, Jeff Vander Stoep
http process running as initrc_t, Divya Vyas
- Re: http process running as initrc_t, Miroslav Grepl
[PATCH v3 0/7] Initial support for user namespace owned mounts, Seth Forshee
- [PATCH v3 1/7] fs: Add user namesapace member to struct super_block, Seth Forshee
- [PATCH v3 2/7] userns: Simpilify MNT_NODEV handling., Seth Forshee
  - Re: [PATCH v3 2/7] userns: Simpilify MNT_NODEV handling., Andy Lutomirski
    - Re: [PATCH v3 2/7] userns: Simpilify MNT_NODEV handling., Eric W. Biederman
      - Re: [PATCH v3 2/7] userns: Simpilify MNT_NODEV handling., Andy Lutomirski
- [PATCH v3 3/7] fs: Verify access of user towards block device file when mounting, Seth Forshee
- [PATCH v3 4/7] fs: Limit file caps to the user namespace of the super block, Seth Forshee
- [PATCH v3 5/7] fs: Treat foreign mounts as nosuid, Seth Forshee
  - Re: [PATCH v3 5/7] fs: Treat foreign mounts as nosuid, Andy Lutomirski
    - Re: [PATCH v3 5/7] fs: Treat foreign mounts as nosuid, Seth Forshee
      - Re: [PATCH v3 5/7] fs: Treat foreign mounts as nosuid, Andy Lutomirski
- [PATCH v3 6/7] Smack: Add support for unprivileged mounts from user namespaces, Seth Forshee
  - Re: [PATCH v3 6/7] Smack: Add support for unprivileged mounts from user namespaces, Casey Schaufler
    - Re: [PATCH v3 6/7] Smack: Add support for unprivileged mounts from user namespaces, Seth Forshee
- [PATCH v3 7/7] selinux: Add support for unprivileged mounts from user namespaces, Seth Forshee
ftruncate triggering open denial, Jeffrey Vander Stoep
- Re: ftruncate triggering open denial, Stephen Smalley
  - Re: ftruncate triggering open denial, Jeffrey Vander Stoep
remove unconfined user, Divya Vyas
- Re: remove unconfined user, Miroslav Grepl
Neverallow in http policy, Divya Vyas
- Re: Neverallow in http policy, Jason Zaman
  - Re: Neverallow in http policy, Divya Vyas
    - Re: Neverallow in http policy, Jason Zaman
[PATCH v2] libsepol/cil: improve recursion detection, Steve Lawrence
- Re: [PATCH v2] libsepol/cil: improve recursion detection, James Carter
[PATCH] libselinux: Free memory when processing media and x specfiles, Richard Haines
- Re: [PATCH] libselinux: Free memory when processing media and x specfiles, Stephen Smalley
[PATCH] libselinux: Fix mmap memory release for file labeling, Richard Haines
- Re: [PATCH] libselinux: Fix mmap memory release for file labeling, Stephen Smalley
[PATCH] libsepol/cil: improve recursion detection, Steve Lawrence
- Re: [PATCH] libsepol/cil: improve recursion detection, James Carter
  - Re: [PATCH] libsepol/cil: improve recursion detection, Steve Lawrence
    - Re: [PATCH] libsepol/cil: improve recursion detection, James Carter
Policy disable error, Divya Vyas

[Index of Archives] [Selinux Refpolicy] [Fedora Users] [Fedora Desktop] [Kernel] [KDE Users] [Gnome Users]