| [RFC,V1,05/12] audit: add containerid support for ptrace and signals |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC,V1,06/12] audit: add support for non-syscall auxiliary records |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC,V1,07/12] audit: add container aux record to watch/tree/mark |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC,V1,08/12] audit: add containerid support for tty_audit |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC,V1,09/12] audit: add containerid support for config/feature/user records |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC,V1,10/12] audit: add containerid support for seccomp and anom_abend records |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC,V1,11/12] debug audit: add container id |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC,V1,12/12] debug! audit: add container id |
|
|
|
2018-03-01 |
Richard Guy Briggs |
|
New |
| [RFC] fs/posix_acl: Update the comments and support lightweight cache skipping |
|
|
|
2018-03-02 |
Eric W. Biederman |
|
New |
| [v8,1/6] fs/posix_acl: Update the comments and support lightweight cache skipping |
|
|
|
2018-03-02 |
Eric W. Biederman |
|
New |
| [v8,2/6] fuse: Simplfiy the posix acl handling logic. |
|
|
|
2018-03-02 |
Eric W. Biederman |
|
New |
| [v8,3/6] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read |
|
|
|
2018-03-02 |
Eric W. Biederman |
|
New |
| [v8,4/6] fuse: Fail all requests with invalid uids or gids |
|
|
|
2018-03-02 |
Eric W. Biederman |
|
New |
| [v8,5/6] fuse: Support fuse filesystems outside of init_user_ns |
|
|
|
2018-03-02 |
Eric W. Biederman |
|
New |
| [v8,6/6] fuse: Restrict allow_other to the superblock's namespace or a descendant |
1 |
2 |
|
2018-03-02 |
Eric W. Biederman |
|
New |
| [RFC] auditctl: add support for containerid filter |
|
|
|
2018-03-05 |
Richard Guy Briggs |
|
New |
| audit: add containerid support for IMA-audit |
|
|
|
2018-03-05 |
Mimi Zohar |
|
New |
| [v9,1/4] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read |
|
|
|
2018-03-08 |
Eric W. Biederman |
|
New |
| [v9,2/4] fuse: Fail all requests with invalid uids or gids |
|
|
|
2018-03-08 |
Eric W. Biederman |
|
New |
| [v9,3/4] fuse: Support fuse filesystems outside of init_user_ns |
|
|
|
2018-03-08 |
Eric W. Biederman |
|
New |
| [v9,4/4] fuse: Restrict allow_other to the superblock's namespace or a descendant |
1 |
2 |
|
2018-03-08 |
Eric W. Biederman |
|
New |
| [RFC,v2,1/3] ima: extend clone() with IMA namespace support |
|
|
|
2018-03-09 |
Stefan Berger |
|
New |
| [RFC,v2,2/3] ima: Add ns_status for storing namespaced iint data |
|
|
|
2018-03-09 |
Stefan Berger |
|
New |
| [RFC,v2,3/3] ima: mamespace audit status flags |
|
|
|
2018-03-09 |
Stefan Berger |
|
New |
| [1/4,v5] devpts: hoist out check for DEVPTS_SUPER_MAGIC |
|
1 |
|
2018-03-13 |
Christian Brauner |
|
New |
| [2/4,v5] devpts: resolve devpts bind-mounts |
|
1 |
|
2018-03-13 |
Christian Brauner |
|
New |
| [3/4,v5] devpts: comment devpts_mntget() |
|
|
|
2018-03-13 |
Christian Brauner |
|
New |
| [4/4,v5] selftests: add devpts selftests |
|
|
|
2018-03-13 |
Christian Brauner |
|
New |
| [1/4,v5,RESEND] devpts: hoist out check for DEVPTS_SUPER_MAGIC |
|
|
|
2018-03-13 |
Christian Brauner |
|
New |
| [2/4,v5,RESEND] devpts: resolve devpts bind-mounts |
|
|
|
2018-03-13 |
Christian Brauner |
|
New |
| [3/4,v5,RESEND] devpts: comment devpts_mntget() |
|
|
|
2018-03-13 |
Christian Brauner |
|
New |
| [4/4,v5,RESEND] selftests: add devpts selftests |
|
|
|
2018-03-13 |
Christian Brauner |
|
New |
| [RFC] ipc: Remove IPCMNI |
|
|
|
2018-03-15 |
Eric W. Biederman |
|
New |
| [RFC,ghak32,V2,01/13] audit: add container id |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,02/13] audit: check children and threading before allowing containerid |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,03/13] audit: log container info of syscalls |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,04/13] audit: add containerid filtering |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,05/13] audit: add containerid support for ptrace and signals |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,06/13] audit: add support for non-syscall auxiliary records |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,07/13] audit: add container aux record to watch/tree/mark |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,08/13] audit: add containerid support for tty_audit |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,09/13] audit: add containerid support for config/feature/user records |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,10/13] audit: add containerid support for seccomp and anom_abend records |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,11/13] audit: add support for containerid to network namespaces |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,12/13] audit: NETFILTER_PKT: record each container ID associated with a netNS |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,13/13] debug audit: read container ID of a process |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [ghau40,v2,1/5] AUDIT_CONTAINER message type basic support |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [ghau40,v2,2/5] AUDIT_CONTAINER_INFO message type basic support |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [ghau40,v2,3/5] auditctl: add support for containerid filter |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [ghau40,v2,4/5] add ausearch containerid support |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [ghau40,v2,5/5] start normalization containerid support |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [REGRESSION,v4.16-rc6] mqueue: forbid unprivileged user access to internal mount |
|
|
|
2018-03-23 |
Aleksa Sarai |
|
New |
| [REVIEW,01/11] sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,02/11] shm/security: Pass kern_ipc_perm not shmid_kernel into the shm security hooks |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,03/11] msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,04/11] sem: Move struct sem and struct sem_array into ipc/sem.c |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,05/11] shm: Move struct shmid_kernel into ipc/shm.c |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,06/11] msg: Move struct msg_queue into ipc/msg.c |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,07/11] ipc: Move IPCMNI from include/ipc.h into ipc/util.h |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,08/11] ipc/util: Helpers for making the sysvipc operations pid namespace aware |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,09/11] ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces. |
|
1 |
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,10/11] ipc/msg: Fix msgctl(..., IPC_STAT, ...) between pid namespaces |
|
1 |
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,11/11] ipc/sem: Fix semctl(..., GETPID, ...) between pid namespaces |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [1/2] fs: Extend mount_ns with support for a fast namespace to vfsmount function |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [2/2] mqueuefs: Fix the permissions and permission checks when mounting mqueuefs |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,12/11] ipc: Directly call the security hook in ipc_ops.associate |
|
1 |
|
2018-03-24 |
Eric W. Biederman |
|
New |
| [REVIEW,13/11] ipc/smack: Tidy up from the change in type of the ipc security hooks |
|
|
|
2018-03-24 |
Eric W. Biederman |
|
New |
| [GIT,PULL] Revert "mqueue: switch to on-demand creation of internal mount" |
|
|
|
2018-03-25 |
Eric W. Biederman |
|
New |
| [RFC,v3,1/3] ima: extend clone() with IMA namespace support |
|
|
|
2018-03-27 |
Stefan Berger |
|
New |
| [RFC,v3,2/3] ima: Add ns_status for storing namespaced iint data |
|
|
|
2018-03-27 |
Stefan Berger |
|
New |
| [RFC,v3,3/3] ima: mamespace audit status flags |
|
|
|
2018-03-27 |
Stefan Berger |
|
New |
| [RFC] ipc: Remove IPCMNI |
|
|
|
2018-03-29 |
Eric W. Biederman |
|
New |
| [RFC,WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible |
|
|
|
2018-04-04 |
Alban Crequy |
|
New |
| [net-next,1/2,MERGED] net: add uevent socket member |
|
|
|
2018-04-05 |
Christian Brauner |
|
New |
| [net-next,2/2,MERGED] netns: send uevent messages |
|
|
|
2018-04-05 |
Christian Brauner |
|
New |
| [RFC,ghak32,V2,11/13] audit: add support for containerid to network namespaces |
|
|
|
2018-04-21 |
Paul Moore |
|
New |
| [GIT,PULL] userns bug fix for 4.17-rc3 |
2 |
|
|
2018-04-24 |
Eric W. Biederman |
|
New |
| fuse: Ensure posix acls are translated outside of init_user_ns |
1 |
|
|
2018-05-04 |
Eric W. Biederman |
|
New |
| [RFC,v4,1/5] ima: Add IMA namespace support |
|
|
|
2018-05-11 |
Stefan Berger |
|
New |
| [RFC,v4,2/5] ima: Add ns_status for storing namespaced iint data |
|
|
|
2018-05-11 |
Stefan Berger |
|
New |
| [RFC,v4,3/5] ima: differentiate auditing policy rules from "audit" actions |
|
|
|
2018-05-11 |
Stefan Berger |
|
New |
| [RFC,v4,4/5] ima: extend IMA audit policy rules with attribute to audit namespaces |
|
|
|
2018-05-11 |
Stefan Berger |
|
New |
| [RFC,v4,5/5] ima: namespace audit status flags |
|
|
|
2018-05-11 |
Stefan Berger |
|
New |
| [RFC] bpf: tracing: new helper bpf_get_current_cgroup_ino |
|
|
|
2018-05-13 |
Alban Crequy |
|
New |
| [v2,1/4] seccomp: add a return code to trap to userspace |
|
|
|
2018-05-17 |
Tycho Andersen |
|
New |
| [v2,2/4] seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE |
|
|
|
2018-05-17 |
Tycho Andersen |
|
New |
| [v2,3/4] seccomp: add a way to get a listener fd from ptrace |
|
|
|
2018-05-17 |
Tycho Andersen |
|
New |
| [v2,4/4] seccomp: add support for passing fds via USER_NOTIF |
|
|
|
2018-05-17 |
Tycho Andersen |
|
New |
| [RFC] bpf: tracing: new helper bpf_get_current_cgroup_ino |
|
|
|
2018-05-23 |
Y Song |
|
New |
| [REVIEW,1/6] vfs: Don't allow changing the link count of an inode with an invalid uid or gid |
2 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,2/6] vfs: Allow userns root to call mknod on owned filesystems. |
2 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,3/6] fs: Allow superblock owner to replace invalid owners of inodes |
1 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,4/6] fs: Allow superblock owner to access do_remount_sb() |
3 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,5/6] capabilities: Allow privileged user in s_user_ns to set security.* xattrs |
2 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,6/6] fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems |
1 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,v2,3/6] fs: Allow superblock owner to replace invalid owners of inodes |
2 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| fuse: Allow fully unprivileged mounts |
|
|
|
2018-05-29 |
Eric W. Biederman |
|
New |
| [v3,1/4] seccomp: add a return code to trap to userspace |
|
|
|
2018-05-31 |
Tycho Andersen |
|
New |
| [v3,2/4] seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE |
|
|
|
2018-05-31 |
Tycho Andersen |
|
New |
| [v3,3/4] seccomp: add a way to get a listener fd from ptrace |
|
|
|
2018-05-31 |
Tycho Andersen |
|
New |