summaryrefslogtreecommitdiffstats
path: root/security
Commit message (Expand)AuthorAgeFilesLines
* Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds2019-09-2810-16/+350
|\
| * security: constify some arrays in lockdown LSMMatthew Garrett2019-09-101-2/+2
| * lockdown: Print current->comm in restriction messagesMatthew Garrett2019-08-191-2/+6
| * tracefs: Restrict tracefs when the kernel is locked downMatthew Garrett2019-08-191-0/+1
| * debugfs: Restrict debugfs when the kernel is locked downDavid Howells2019-08-191-0/+1
| * kexec: Allow kexec_file() with appropriate IMA policy when locked downMatthew Garrett2019-08-193-1/+53
| * lockdown: Lock down perf when in confidentiality modeDavid Howells2019-08-191-0/+1
| * bpf: Restrict bpf when kernel lockdown is in confidentiality modeDavid Howells2019-08-191-0/+1
| * lockdown: Lock down tracing and perf kprobes when in confidentiality modeDavid Howells2019-08-191-0/+1
| * lockdown: Lock down /proc/kcoreDavid Howells2019-08-191-0/+1
| * x86/mmiotrace: Lock down the testmmiotrace moduleDavid Howells2019-08-191-0/+1
| * lockdown: Lock down module params that specify hardware parameters (eg. ioport)David Howells2019-08-191-0/+1
| * lockdown: Lock down TIOCSSERIALDavid Howells2019-08-191-0/+1
| * lockdown: Prohibit PCMCIA CIS storage when the kernel is locked downDavid Howells2019-08-191-0/+1
| * ACPI: Limit access to custom_method when the kernel is locked downMatthew Garrett2019-08-191-0/+1
| * x86/msr: Restrict MSR access when the kernel is locked downMatthew Garrett2019-08-191-0/+1
| * x86: Lock down IO port access when the kernel is locked downMatthew Garrett2019-08-191-0/+1
| * PCI: Lock down BAR access when the kernel is locked downMatthew Garrett2019-08-191-0/+1
| * hibernate: Disable when the kernel is locked downJosh Boyer2019-08-191-0/+1
| * kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCEJiri Bohac2019-08-192-2/+2
| * kexec_load: Disable at runtime if the kernel is locked downMatthew Garrett2019-08-191-0/+1
| * lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked downMatthew Garrett2019-08-191-0/+1
| * lockdown: Enforce module signatures if the kernel is locked downDavid Howells2019-08-192-0/+2
| * security: Add a static lockdown policy LSMMatthew Garrett2019-08-195-5/+224
| * security: Add a "locked down" LSM hookMatthew Garrett2019-08-191-0/+6
| * security: Support early LSMsMatthew Garrett2019-08-191-8/+42
* | Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds2019-09-2715-105/+627
|\ \
| * | ima: ima_api: Use struct_size() in kzalloc()Gustavo A. R. Silva2019-08-291-2/+2
| * | ima: use struct_size() in kzalloc()Gustavo A. R. Silva2019-08-291-3/+2
| * | ima: Fix use after free in ima_read_modsig()Thiago Jung Bauermann2019-08-281-1/+2
| * | ima: fix freeing ongoing ahash_requestSascha Hauer2019-08-051-0/+5
| * | ima: always return negative code for errorSascha Hauer2019-08-051-1/+4
| * | ima: Store the measurement again when appraising a modsigThiago Jung Bauermann2019-08-054-7/+47
| * | ima: Define ima-modsig templateThiago Jung Bauermann2019-08-058-6/+156
| * | ima: Collect modsigThiago Jung Bauermann2019-08-055-5/+60
| * | ima: Implement support for module-style appended signaturesThiago Jung Bauermann2019-08-058-23/+209
| * | ima: Factor xattr_verify() out of ima_appraise_measurement()Thiago Jung Bauermann2019-08-051-60/+81
| * | ima: Add modsig appraise_type option for module-style appended signaturesThiago Jung Bauermann2019-08-056-2/+62
| * | integrity: Select CONFIG_KEYS instead of depending on itThiago Jung Bauermann2019-08-051-1/+1
| * | ima: initialize the "template" field with the default templateMimi Zohar2019-08-011-2/+4
* | | KEYS: trusted: correctly initialize digests and fix locking issueRoberto Sassu2019-09-251-0/+5
* | | Merge tag 'smack-for-5.4-rc1' of git://github.com/cschaufler/smack-nextLinus Torvalds2019-09-232-23/+23
|\ \ \
| * | | smack: use GFP_NOFS while holding inode_smack::smk_lockEric Biggers2019-09-042-4/+4
| * | | security: smack: Fix possible null-pointer dereferences in smack_socket_sock_...Jia-Ju Bai2019-09-041-0/+2
| * | | smack: fix some kernel-doc notationsluanshi2019-09-041-18/+15
| * | | Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is setJann Horn2019-09-041-1/+2
| | |/ | |/|
* | | Merge tag 'safesetid-bugfix-5.4' of git://github.com/micah-morton/linuxLinus Torvalds2019-09-231-1/+2
|\ \ \
| * | | LSM: SafeSetID: Stop releasing uninitialized rulesetMicah Morton2019-09-171-1/+2
| | |/ | |/|
* | | Merge tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2019-09-2312-296/+346
|\ \ \
| * | | selinux: fix residual uses of current_security() for the SELinux blobStephen Smalley2019-09-042-11/+11
OpenPOWER on IntegriCloud