| [2/3] Enable capabilities of files from shared filesystem |
|
1 |
|
2017-06-22 |
Stefan Berger |
|
New |
| [3/3] Enable security.selinux in user namespaces |
|
|
|
2017-06-22 |
Stefan Berger |
|
New |
| xattr: fix kstrdup.cocci warnings |
|
|
|
2017-06-24 |
kernel test robot |
|
New |
| [1/8] signal/alpha: Document a conflict with SI_USER for SIGTRAP |
|
|
|
2017-06-30 |
Eric W. Biederman |
|
New |
| [2/8] signal/ia64: Document a conflict with SI_USER with SIGFPE |
|
|
|
2017-06-30 |
Eric W. Biederman |
|
New |
| [3/8] signal/sparc: Document a conflict with SI_USER with SIGFPE |
|
|
|
2017-06-30 |
Eric W. Biederman |
|
New |
| [4/8] signal/mips: Document a conflict with SI_USER with SIGFPE |
|
|
|
2017-06-30 |
Eric W. Biederman |
|
New |
| [5/8] signal/testing: Don't look for __SI_FAULT in userspace |
|
|
|
2017-06-30 |
Eric W. Biederman |
|
New |
| [6/8] signal/x86: Fix SIGSYS handling in copy_siginfo_to_user32 |
|
|
|
2017-06-30 |
Eric W. Biederman |
|
New |
| [7/8] fcntl: Don't use ambiguous SIG_POLL si_codes |
|
|
|
2017-06-30 |
Eric W. Biederman |
|
New |
| [8/8] signal: Remove kernel interal si_code magic |
|
|
|
2017-06-30 |
Eric W. Biederman |
|
New |
| [1/8] signal/alpha: Document a conflict with SI_USER for SIGTRAP |
|
|
|
2017-07-02 |
Helge Deller |
|
New |
| [CRIU] BUG: Dentry ffff9f795a08fe60{i=af565f, n=lo} still in use (1) [unmount of proc proc] |
|
|
1 |
2017-07-06 |
Eric W. Biederman |
|
New |
| [v2] xattr: Enable security.capability in user namespaces |
|
1 |
|
2017-07-11 |
Stefan Berger |
|
New |
| [GIT,PULL] sysctl fixes for v4.13-rc1 |
|
|
1 |
2017-07-13 |
Eric W. Biederman |
|
New |
| [1/7] signal/alpha: Document a conflict with SI_USER for SIGTRAP |
1 |
|
|
2017-07-18 |
Eric W. Biederman |
|
New |
| [2/7] signal/ia64: Document a conflict with SI_USER with SIGFPE |
|
|
|
2017-07-18 |
Eric W. Biederman |
|
New |
| [3/7] signal/sparc: Document a conflict with SI_USER with SIGFPE |
|
|
|
2017-07-18 |
Eric W. Biederman |
|
New |
| [4/7] signal/mips: Document a conflict with SI_USER with SIGFPE |
|
|
|
2017-07-18 |
Eric W. Biederman |
|
New |
| [5/7] signal/testing: Don't look for __SI_FAULT in userspace |
|
|
|
2017-07-18 |
Eric W. Biederman |
|
New |
| [6/7] fcntl: Don't use ambiguous SIG_POLL si_codes |
|
|
|
2017-07-18 |
Eric W. Biederman |
|
New |
| [7/7] signal: Remove kernel interal si_code magic |
|
|
|
2017-07-18 |
Eric W. Biederman |
|
New |
| [RFC,1/5] ima: extend clone() with IMA namespace support |
|
|
|
2017-07-20 |
Mehmet Kayaalp |
|
New |
| [RFC,2/5] ima: Add ns_status for storing namespaced iint data |
|
|
|
2017-07-20 |
Mehmet Kayaalp |
|
New |
| [RFC,3/5] ima: mamespace audit status flags |
|
|
|
2017-07-20 |
Mehmet Kayaalp |
|
New |
| [RFC,4/5] ima: differentiate auditing policy rules from "audit" actions |
|
|
|
2017-07-20 |
Mehmet Kayaalp |
|
New |
| [RFC,5/5] ima: Add ns_mnt, dev, ino fields to IMA audit measurement msgs |
|
|
|
2017-07-20 |
Mehmet Kayaalp |
|
New |
| [PATCH_v4.1_1/3] Make call_usermodehelper_exec possible to set namespaces |
|
|
|
2017-08-02 |
Cao Shufeng |
|
New |
| [PATCH_v4.1_2/3] Limit dump_pipe program's permission to init for container |
|
|
|
2017-08-02 |
Cao Shufeng |
|
New |
| [PATCH_v4.1_3/3] Make core_pattern support namespace |
|
|
|
2017-08-02 |
Cao Shufeng |
|
New |
| [RFC] security: Make the selinux setxattr and removexattr hooks behave |
|
|
|
2017-09-28 |
Eric W. Biederman |
|
New |
| selinux: Perform both commoncap and selinux xattr checks |
1 |
1 |
|
2017-10-02 |
Eric W. Biederman |
|
New |
| KEYS: allow changing key ownership with CAP_SYS_ADMIN in a NS |
|
|
|
2017-10-03 |
Dimitri John Ledkov |
|
New |
| [1/5] userns: Don't special case a count of 0 |
|
|
|
2017-10-31 |
Eric W. Biederman |
|
New |
| [2/5] userns: Simplify the user and group mapping functions |
|
|
|
2017-10-31 |
Eric W. Biederman |
|
New |
| [3/5] userns: Don't read extents twice in m_start |
|
|
|
2017-10-31 |
Eric W. Biederman |
|
New |
| [4/5] userns: Make map_id_down a wrapper for map_id_range_down |
|
|
|
2017-10-31 |
Eric W. Biederman |
|
New |
| [5/5] userns: Simplify insert_extent |
|
|
|
2017-10-31 |
Eric W. Biederman |
|
New |
| [3/5] userns: Don't read extents twice in m_start |
|
|
|
2017-11-01 |
Peter Zijlstra |
|
New |
| [GIT,PULL] signal bug fix for v4.14-rc8 |
|
|
|
2017-11-01 |
Eric W. Biederman |
|
New |
| [1/1] userns: Fix/clarify memory ordering |
|
|
|
2017-11-02 |
Christian Brauner |
|
New |
| scsi: require CAP_SYS_ADMIN to write to procfs interface |
|
|
|
2017-11-04 |
Aleksa Sarai |
|
New |
| [v2] scsi: require CAP_SYS_ADMIN to write to procfs interface |
|
|
|
2017-11-04 |
Aleksa Sarai |
|
New |
| [v3] scsi: require CAP_SYS_ADMIN to write to procfs interface |
|
|
|
2017-11-05 |
Aleksa Sarai |
|
New |
| [1/9] iscsi: create per-net iscsi netlink kernel sockets |
|
|
|
2017-11-07 |
Chris Leech |
|
New |
| [2/9] iscsi: associate endpoints with a host |
|
|
|
2017-11-07 |
Chris Leech |
|
New |
| [3/9] iscsi: sysfs filtering by network namespace |
|
|
|
2017-11-07 |
Chris Leech |
|
New |
| [4/9] iscsi: make all iSCSI netlink multicast namespace aware |
|
|
|
2017-11-07 |
Chris Leech |
|
New |
| [5/9] iscsi: set netns for iscsi_tcp hosts |
|
|
|
2017-11-07 |
Chris Leech |
|
New |
| [6/9] iscsi: check net namespace for all iscsi lookups |
|
|
|
2017-11-07 |
Chris Leech |
|
New |
| [7/9] iscsi: convert flashnode devices from bus to class |
|
|
|
2017-11-07 |
Chris Leech |
|
New |
| [8/9] iscsi: rename iscsi_bus_flash_* to iscsi_flash_* |
|
|
|
2017-11-07 |
Chris Leech |
|
New |
| [9/9] iscsi: filter flashnode sysfs by net namespace |
|
|
|
2017-11-07 |
Chris Leech |
|
New |
| user_namespaces.7: Record new 340 line idmap limit |
|
|
|
2017-11-19 |
Christian Brauner |
|
New |
| [PATCH_v4.1,1/3] Make call_usermodehelper_exec possible to set namespaces |
|
|
|
2017-11-22 |
Cao Shufeng |
|
New |
| [PATCH_v4.1,2/3] Limit dump_pipe program's permission to init for container |
|
|
|
2017-11-22 |
Cao Shufeng |
|
New |
| [PATCH_v4.1,3/3] Make core_pattern support namespace |
|
|
|
2017-11-22 |
Cao Shufeng |
|
New |
| [1/2] userns: Don't fail follow_automount based on s_user_ns |
|
|
|
2017-11-30 |
Eric W. Biederman |
|
New |
| [2/2] autofs4: Modify autofs_wait to use current_uid() and current_gid() |
|
|
|
2017-11-30 |
Eric W. Biederman |
|
New |
| [01/11] block_dev: Support checking inode permissions in lookup_bdev() |
1 |
|
|
2017-12-22 |
Dongsu Park |
|
New |
| [02/11] mtd: Check permissions towards mtd block device inode when mounting |
1 |
|
|
2017-12-22 |
Dongsu Park |
|
New |
| [03/11] fs: Allow superblock owner to change ownership of inodes |
|
1 |
|
2017-12-22 |
Dongsu Park |
|
New |
| [04/11] fs: Don't remove suid for CAP_FSETID for userns root |
|
|
|
2017-12-22 |
Dongsu Park |
|
New |
| [05/11] fs: Allow superblock owner to access do_remount_sb() |
1 |
|
|
2017-12-22 |
Dongsu Park |
|
New |
| [06/11] capabilities: Allow privileged user in s_user_ns to set security.* xattrs |
|
1 |
|
2017-12-22 |
Dongsu Park |
|
New |
| [07/11] fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems |
|
1 |
|
2017-12-22 |
Dongsu Park |
|
New |
| [08/11] fuse: Support fuse filesystems outside of init_user_ns |
1 |
|
|
2017-12-22 |
Dongsu Park |
|
New |
| [09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant |
|
2 |
|
2017-12-22 |
Dongsu Park |
|
New |
| [10/11] fuse: Allow user namespace mounts |
|
1 |
|
2017-12-22 |
Dongsu Park |
|
New |
| [11/11] evm: Don't update hmacs in user ns mounts |
|
|
|
2017-12-22 |
Dongsu Park |
|
New |
| [GIT,PULL] pid bug fix for v4.15-rc7 |
|
|
|
2018-01-03 |
Eric W. Biederman |
|
New |
| [RFC,1/3] seccomp: add a return code to trap to userspace |
|
|
|
2018-02-04 |
Tycho Andersen |
|
New |
| [RFC,2/3] seccomp: hoist out filter resolving logic |
|
|
|
2018-02-04 |
Tycho Andersen |
|
New |
| [RFC,3/3] seccomp: add a way to get a listener fd from ptrace |
|
|
|
2018-02-04 |
Tycho Andersen |
|
New |
| [net-next,1/3] bpf, seccomp: Add eBPF filter capabilities |
|
|
|
2018-02-13 |
Sargun Dhillon |
|
New |
| [net-next,2/3] seccomp, ptrace: Add a mechanism to retrieve attached eBPF seccomp filters |
|
|
|
2018-02-13 |
Sargun Dhillon |
|
New |
| [net-next,3/3] bpf: Add eBPF seccomp sample programs |
|
|
|
2018-02-13 |
Sargun Dhillon |
|
New |
| plan9 semantics on Linux - mount namespaces |
|
|
|
2018-02-14 |
Richard Weinberger |
|
New |
| [net-next,v2,1/2] bpf, seccomp: Add eBPF filter capabilities |
|
|
|
2018-02-17 |
Sargun Dhillon |
|
New |
| [net-next,v2,2/2] bpf: Add eBPF seccomp sample programs |
|
|
|
2018-02-17 |
Sargun Dhillon |
|
New |
| [net-next,v2,1/2] bpf, seccomp: Add eBPF filter capabilities |
|
|
|
2018-02-19 |
Sargun Dhillon |
|
New |
| [v6,1/5] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read |
|
|
|
2018-02-21 |
Eric W. Biederman |
|
New |
| [v6,2/5] fuse: Fail all requests with invalid uids or gids |
|
|
|
2018-02-21 |
Eric W. Biederman |
|
New |
| [v6,3/5] fuse: Support fuse filesystems outside of init_user_ns |
|
|
|
2018-02-21 |
Eric W. Biederman |
|
New |
| [v6,4/5] fuse: Ensure posix acls are translated outside of init_user_ns |
|
|
|
2018-02-21 |
Eric W. Biederman |
|
New |
| [v6,5/5] fuse: Restrict allow_other to the superblock's namespace or a descendant |
1 |
2 |
|
2018-02-21 |
Eric W. Biederman |
|
New |
| [net-next,v3,1/2] bpf, seccomp: Add eBPF filter capabilities |
|
|
|
2018-02-26 |
Sargun Dhillon |
|
New |
| [net-next,v3,2/2] bpf: Add eBPF seccomp sample programs |
|
|
|
2018-02-26 |
Sargun Dhillon |
|
New |
| [v7,1/7] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read |
|
|
|
2018-02-26 |
Eric W. Biederman |
|
New |
| [v7,2/7] fuse: Fail all requests with invalid uids or gids |
|
|
|
2018-02-26 |
Eric W. Biederman |
|
New |
| [v7,3/7] fs/posix_acl: Document that get_acl respects ACL_DONT_CACHE |
|
|
|
2018-02-26 |
Eric W. Biederman |
|
New |
| [v7,4/7] fuse: Cache a NULL acl when FUSE_GETXATTR returns -ENOSYS |
|
|
|
2018-02-26 |
Eric W. Biederman |
|
New |
| [v7,5/7] fuse: Simplfiy the posix acl handling logic. |
|
|
|
2018-02-26 |
Eric W. Biederman |
|
New |
| [v7,6/7] fuse: Support fuse filesystems outside of init_user_ns |
|
|
|
2018-02-26 |
Eric W. Biederman |
|
New |
| [v7,7/7] fuse: Restrict allow_other to the superblock's namespace or a descendant |
1 |
2 |
|
2018-02-26 |
Eric W. Biederman |
|
New |
| [v7,3/7] fs/posix_acl: Document that get_acl respects ACL_DONT_CACHE |
|
|
|
2018-02-27 |
Eric W. Biederman |
|
New |
| [RFC,V1,01/12] audit: add container id |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC,V1,02/12] audit: log container info of syscalls |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC,V1,03/12] audit: add containerid filtering |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC,V1,04/12] audit: read container ID of a process |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |