summaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2017-04-13BACKPORT: UPSTREAM: selinux: fix off-by-one in setprocattrStephen Smalley1-1/+1
2017-02-07BACKPORT: commoncap: don't alloc the credential unless needed in cap_task_prctlTetsuo Handa1-43/+31
2016-11-29vfs: Add permission2 for filesystems with per mount permissionsDaniel Rosenberg1-1/+1
2016-10-04UPSTREAM: KEYS: Fix crash when attempt to garbage collect an uninstantiated k...David Howells1-2/+4
2016-10-04UPSTREAM: KEYS: Fix race between key destruction and finding a keyring by nameDavid Howells1-4/+4
2016-09-24BACKPORT: audit: consistently record PIDs with task_tgid_nr()Paul Moore1-2/+2
2016-09-09UPSTREAM: capabilities: ambient capabilitiesAndy Lutomirski2-10/+93
2016-07-14UPSTREAM: KEYS: potential uninitialized variableDan Carpenter1-1/+1
2016-07-08UPSTREAM: KEYS: close race between key lookup and freeingSasha Levin1-2/+2
2016-06-01FROMLIST: security,perf: Allow further restriction of perf_event_openJeff Vander Stoep1-0/+9
2016-04-07BACKPORT: selinux: restrict kernel module loadingJeff Vander Stoep2-1/+34
2016-02-04selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tablesLorenzo Colitti1-3/+4
2016-01-22UPSTREAM: selinux: fix bug in conditional rules handlingStephen Smalley1-2/+2
2016-01-20UPSTREAM: KEYS: Fix keyring ref leak in join_session_keyring()Yevgeny Pats1-0/+1
2015-10-29selinux: Android kernel compatibility with M userspaceJeff Vander Stoep1-8/+61
2015-10-29selinux: extended permissions for ioctlsJeff Vander Stoep11-60/+834
2015-10-29security: add ioctl specific auditing to lsm_auditJeff Vander Stoep1-0/+15
2015-10-29selinux: remove unnecessary pointer reassignmentJeff Vander Stoep1-4/+2
2015-10-28Revert "security: lsm_audit: add ioctl specific auditing"Jeff Vander Stoep1-15/+0
2015-10-28Revert "SELinux: per-command whitelisting of ioctls"Jeff Vander Stoep11-810/+64
2015-10-28Revert "SELinux: use deletion-safe iterator to free list"Jeff Vander Stoep1-4/+2
2015-10-28Revert "SELinux: ss: Fix policy write for ioctl operations"Jeff Vander Stoep1-3/+0
2015-09-28selinux: do not check open perm on ftruncate callJeff Vander Stoep1-1/+2
2015-05-22selinux: enable genfscon labeling for sysfs and pstore filesStephen Smalley1-1/+3
2015-05-21selinux: enable per-file labeling for debugfs files.Stephen Smalley2-22/+22
2015-04-29SELinux: ss: Fix policy write for ioctl operationsJeff Vander Stoep1-0/+3
2015-04-21SELinux: use deletion-safe iterator to free listJeff Vander Stoep1-2/+4
2015-04-13selinux: add SOCK_DIAG_BY_FAMILY to the list of netlink message typesPaul Moore1-0/+2
2015-04-13selinux/nlmsg: add XFRM_MSG_MAPPINGNicolas Dichtel1-0/+1
2015-04-13selinux/nlmsg: add XFRM_MSG_MIGRATENicolas Dichtel1-0/+1
2015-04-13selinux/nlmsg: add XFRM_MSG_REPORTNicolas Dichtel1-0/+1
2015-04-13selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFONicolas Dichtel1-0/+2
2015-04-13selinux/nlmsg: add XFRM_MSG_GETSPDINFONicolas Dichtel1-0/+1
2015-04-13selinux/nlmsg: add XFRM_MSG_NEWSPDINFONicolas Dichtel1-0/+1
2015-04-13SELinux: per-command whitelisting of ioctlsJeff Vander Stoep11-64/+810
2015-04-13security: lsm_audit: add ioctl specific auditingJeff Vander Stoep1-0/+15
2015-01-21selinux: Remove obsolete selinux_audit_data initialization.Stephen Smalley1-2/+0
2015-01-20selinux: make the netif cache namespace awarePaul Moore4-36/+46
2015-01-20selinux: correctly label /proc inodes in use before the policy is loadedPaul Moore1-9/+27
2015-01-20selinux: fix inode security list corruptionStephen Smalley1-1/+1
2015-01-20selinux: put the mmap() DAC controls before the MAC controlsPaul Moore1-12/+8
2015-01-20selinux: reduce the number of calls to synchronize_net() when flushing cachesPaul Moore7-42/+23
2015-01-14[PATCH 5/5] pstore: selinux: add security in-core xattr support for pstore an...Mark Salyzyn1-9/+5
2015-01-14SELinux: Update policy version to support constraints infoRichard Haines4-10/+101
2015-01-13Add security hooks to binder and implement the hooks for SELinux.Stephen Smalley4-0/+111
2015-01-13Revert "Add security hooks to binder and implement the hooks for SELinux."Riley Andrews4-111/+0
2014-10-07sched: move no_new_privs into new atomic flagsKees Cook1-2/+2
2014-09-03nick kvfree() from apparmorAl Viro2-15/+0
2014-09-03apparmor: no need to delay vfree()Al Viro1-21/+3
2014-06-24SELinux: Enable setting security contexts on rootfs inodes.Stephen Smalley1-0/+7