[RFC PATCH v3 0/5] Hypervisor-Enforced Kernel Integrity - CR pinning
2024-05-07 1:34 UTC (10+ messages)
` [RFC PATCH v3 1/5] virt: Introduce Hypervisor Enforced Kernel Integrity (Heki)
` [RFC PATCH v3 2/5] KVM: x86: Add new hypercall to lock control registers
` [RFC PATCH v3 3/5] KVM: x86: Add notifications for Heki policy configuration and violation
` [RFC PATCH v3 4/5] heki: Lock guest control registers at the end of guest kernel init
` [RFC PATCH v3 5/5] virt: Add Heki KUnit tests
[PATCH v3] ima: Avoid blocking in RCU read-side critical section
2024-05-07 1:25 UTC
[PATCH net v3] netlabel: fix RCU annotation for IPv4 options on socket creation
2024-05-06 21:12 UTC (2+ messages)
[RFC PATCH] lsm: fixup the inode xattr capability handling
2024-05-06 20:51 UTC (10+ messages)
[PATCH v3] nfsd: set security label during create operations
2024-05-06 16:31 UTC (5+ messages)
[syzbot] [lsm?] general protection fault in smack_inode_permission
2024-05-06 8:57 UTC
[PATCH] apparmor: fix apparmor_socket_post_create() kernel-doc
2024-05-05 22:39 UTC
[PATCH v9 4/4] bpf: Only enable BPF LSM hooks when an LSM program is attached
2024-05-05 16:25 UTC (3+ messages)
[PATCH v18 00/21] Integrity Policy Enforcement LSM (IPE)
2024-05-05 0:15 UTC (25+ messages)
` [PATCH v18 01/21] security: add ipe lsm
` [PATCH v18 02/21] ipe: add policy parser
` [PATCH v18 03/21] ipe: add evaluation loop
` [PATCH v18 04/21] ipe: add LSM hooks on execution and kernel read
` [PATCH v18 05/21] initramfs|security: Add a security hook to do_populate_rootfs()
` [PATCH v18 06/21] ipe: introduce 'boot_verified' as a trust provider
` [PATCH v18 07/21] security: add new securityfs delete function
` [PATCH v18 08/21] ipe: add userspace interface
` [PATCH v18 09/21] uapi|audit|ipe: add ipe auditing support
` [PATCH v18 10/21] ipe: add permissive toggle
` [PATCH v18 11/21] block,lsm: add LSM blob and new LSM hooks for block device
` [PATCH v18 12/21] dm: add finalize hook to target_type
` [PATCH v18 13/21] dm verity: expose root hash digest and signature data to LSMs
` [PATCH v18 14/21] ipe: add support for dm-verity as a trust provider
` [PATCH v18 15/21] security: add security_inode_setintegrity() hook
` [PATCH v18 16/21] fsverity: expose verified fsverity built-in signatures to LSMs
` [PATCH v18 17/21] ipe: enable support for fs-verity as a trust provider
` [PATCH v18 18/21] scripts: add boot policy generation program
` [PATCH v18 19/21] ipe: kunit test for parser
` [PATCH v18 20/21] Documentation: add ipe documentation
` [PATCH v18 21/21] MAINTAINERS: ipe: add ipe maintainer information
[PATCH v8 0/6] DCP as trusted keys backend
2024-05-03 23:45 UTC (8+ messages)
` [PATCH v8 6/6] docs: trusted-encrypted: add DCP as new trust source
` [EXT] "
` [EXT] "
[PATCH v3 00/11] sysctl: treewide: constify ctl_table argument of sysctl handlers
2024-05-03 14:09 UTC (21+ messages)
` [PATCH v3 01/11] stackleak: don't modify ctl_table argument
` [PATCH v3 02/11] cgroup: bpf: constify ctl_table arguments and fields
` [PATCH v3 03/11] hugetlb: constify ctl_table arguments of utility functions
` [PATCH v3 04/11] utsname: constify ctl_table arguments of utility function
` [PATCH v3 05/11] neighbour: "
` [PATCH v3 06/11] ipv4/sysctl: constify ctl_table arguments of utility functions
` [PATCH v3 07/11] ipv6/addrconf: "
` [PATCH v3 08/11] ipv6/ndisc: constify ctl_table arguments of utility function
` [PATCH v3 09/11] ipvs: constify ctl_table arguments of utility functions
` [PATCH v3 10/11] sysctl: constify ctl_table arguments of utility function
` [PATCH v3 11/11] sysctl: treewide: constify the ctl_table argument of handlers
[PATCH v2] nfsd: set security label during create operations
2024-05-03 12:48 UTC (5+ messages)
[PATCH v3 1/2] proc: restrict /proc/pid/mem access via param knobs
2024-05-03 9:57 UTC (5+ messages)
` [PATCH v3 2/2] proc: add Kconfigs to restrict /proc/pid/mem access
[PATCH v4 00/12] selftests: kselftest_harness: support using xfail
2024-05-02 21:07 UTC (11+ messages)
` [PATCH v4 10/12] selftests: kselftest_harness: let PASS / FAIL provide diagnostic
[RFC][PATCH] nfsd: set security label during create operations
2024-05-02 18:28 UTC (2+ messages)
[syzbot] [keyrings?] [lsm?] possible deadlock in keyring_clear
2024-05-02 15:42 UTC
[PATCH -next] lsm: fix default return value for inode_set(remove)xattr
2024-05-01 20:47 UTC (2+ messages)
[PATCH v3 1/3] LSM: add security_execve_abort() hook
2024-05-01 20:04 UTC (8+ messages)
[PATCH] MAINTAINERS: update the LSM file list
2024-05-01 18:42 UTC (3+ messages)
[PATCH net v2] netlabel: fix RCU annotation for IPv4 options on socket creation
2024-04-30 23:30 UTC (4+ messages)
` [PATCH "
[PATCH 0/2] Forbid illegitimate binding via listen(2)
2024-04-30 16:52 UTC (6+ messages)
` [PATCH 1/2] landlock: Add hook on socket_listen()
` [PATCH 2/2] selftests/landlock: Create 'listen_zero', 'deny_listen_zero' tests
[PATCH v2] landlock: Add abstract unix socket connect restrictions
2024-04-30 15:24 UTC (4+ messages)
[PATCH v3 2/2] fs/xattr: add *at family syscalls
2024-04-30 10:09 UTC (3+ messages)
[PATCH bpf-next v3 00/11] Add check for bpf lsm return value
2024-04-30 3:56 UTC (20+ messages)
` [PATCH bpf-next v3 06/11] bpf: Fix compare error in function retval_range_within
` [PATCH bpf-next v3 07/11] bpf: Fix a false rejection caused by AND operation
WARNING in current_check_refer_path
2024-04-29 14:46 UTC (3+ messages)
` 回复:WARNING "
[PATCH v2] ima: Avoid blocking in RCU read-side critical section
2024-04-28 16:39 UTC
[PATCH 0/2] cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options
2024-04-25 21:48 UTC (9+ messages)
` [PATCH 1/2] cipso: fix total option length computation
` [PATCH 2/2] cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options
[PATCH v17 00/21] Integrity Policy Enforcement LSM (IPE)
2024-04-25 20:23 UTC (15+ messages)
` [PATCH v17 13/21] dm verity: consume root hash digest and expose signature data via LSM hook
` [PATCH v17 16/21] fsverity: expose verified fsverity built-in signatures to LSMs
` [PATCH v17 17/21] ipe: enable support for fs-verity as a trust provider
` [PATCH v17 20/21] Documentation: add ipe documentation
[linus:master] [selftests/harness] 0710a1a73f: kernel-selftests.pidfd.pidfd_setns_test.fail
2024-04-25 17:49 UTC (2+ messages)
[PATCH] MAINTAINER: Add Günther Noack as Landlock reviewer
2024-04-25 13:13 UTC (2+ messages)
[PATCH v2] tty: n_gsm: restrict tty devices to attach
2024-04-23 16:37 UTC (10+ messages)
[PATCH v3 0/7] Handle faults in KUnit tests
2024-04-23 9:22 UTC (7+ messages)
` [PATCH v3 7/7] kunit: Add tests for fault
[PATCH v4 00/14] security: digest_cache LSM
2024-04-19 23:29 UTC (25+ messages)
` [PATCH v4 01/14] lib: Add TLV parser
` [PATCH v4 02/14] security: Introduce the digest_cache LSM
` [PATCH v4 03/14] digest_cache: Add securityfs interface
` [PATCH v4 10/14] digest cache: Prefetch digest lists if requested
` [PATCH v4 13/14] selftests/digest_cache: Add selftests for digest_cache LSM
general protection fault in security_inode_getattr
2024-04-19 20:01 UTC (4+ messages)
[PATCH v15 00/11] Landlock: IOCTL support
2024-04-19 16:11 UTC (12+ messages)
` [PATCH v15 01/11] landlock: Add IOCTL access right for character and block devices
` [PATCH v15 02/11] selftests/landlock: Test IOCTL support
` [PATCH v15 03/11] selftests/landlock: Test IOCTL with memfds
` [PATCH v15 04/11] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH)
` [PATCH v15 05/11] selftests/landlock: Test IOCTLs on named pipes
` [PATCH v15 06/11] selftests/landlock: Check IOCTL restrictions for named UNIX domain sockets
` [PATCH v15 07/11] selftests/landlock: Exhaustive test for the IOCTL allow-list
` [PATCH v15 08/11] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL_DEV
` [PATCH v15 09/11] landlock: Document IOCTL support
` [PATCH v15 10/11] MAINTAINERS: Notify Landlock maintainers about changes to fs/ioctl.c
` [PATCH v15 11/11] fs/ioctl: Add a comment to keep the logic in sync with LSM policies
[PATCH v14 00/12] Landlock: IOCTL support
2024-04-19 14:49 UTC (18+ messages)
` [PATCH v14 02/12] landlock: Add IOCTL access right for character and block devices
` [PATCH v14 03/12] selftests/landlock: Test IOCTL support
` [PATCH v14 07/12] selftests/landlock: Check IOCTL restrictions for named UNIX domain sockets
` [PATCH v14 08/12] selftests/landlock: Exhaustive test for the IOCTL allow-list
[PATCH v2 1/1] mm: change inlined allocation helpers to account at the call site
2024-04-16 13:55 UTC (2+ messages)
page: next (older)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).