| [RFC,30/30] ima: Set ML template per ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,29/30] ima: Add dummy boot aggregate to per ima namespace measurement list |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,28/30] ima: Load per ima namespace x509 certificate |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,27/30] integrity: Add key domain tag to the search criteria |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,26/30] ima: Add key domain to the ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,25/30] keys: Allow to set key domain tag separately from the key type |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,24/30] keys: Include key domain tag in the iterative search |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,23/30] keys: Add domain tag to the keyring search criteria |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,22/30] ima: Remap IDs of subject based rules if necessary |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,21/30] user namespace: Add function that checks if the UID map is defined |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,20/30] ima: Parse per ima namespace policy file |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,19/30] ima: Configure the new ima namespace from securityfs |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,18/30] ima: Change the owning user namespace of the ima namespace if necessary |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,17/30] ima: Add the violation counter to the namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,16/30] ima: Extend permissions to the ima securityfs entries |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,15/30] ima: Add a reader counter to the integrity inode data |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,14/30] ima: Add per namespace view of the measurement list |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,13/30] ima: Add a new ima template that includes namespace ID |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,12/30] ima: Check ima namespace ID during digest entry lookup |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,11/30] ima: Keep track of the measurment list per ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,10/30] ima: Add ima namespace ID to the ima ML related structures |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,09/30] ima: Enable per ima namespace policy settings |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,08/30] ima: Add integrity inode related data to the ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,07/30] ima: Extend the APIs in the integrity subsystem |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,06/30] ima: Add ima namespace to the ima subsystem APIs |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,05/30] ima: Add methods for parsing ima policy configuration string |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,04/30] ima: Add ima policy related data to the ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,03/30] ima: Bind ima namespace to the file descriptor |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,02/30] ima: Add a list of the installed ima namespaces |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,01/30] ima: Introduce ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,0/1] mount: universally disallow mounting over symlinks |
|
|
|
2020-01-13 |
Al Viro |
|
New |
| [RFC,0/1] mount: universally disallow mounting over symlinks |
|
|
|
2020-01-10 |
Al Viro |
|
New |
| [RFC,0/1] mount: universally disallow mounting over symlinks |
|
|
1 |
2020-01-01 |
Al Viro |
|
New |
| [RFC,0/1] mount: universally disallow mounting over symlinks |
|
|
|
2020-01-01 |
Al Viro |
|
New |
| [v15,3/9] namei: LOOKUP_NO_XDEV: block mountpoint crossing |
|
|
|
2019-11-13 |
Al Viro |
|
New |
| [RFC] bpf: tracing: new helper bpf_get_current_cgroup_ino |
|
|
|
2018-05-13 |
Alban Crequy |
|
New |
| [RFC,WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible |
|
|
|
2018-04-04 |
Alban Crequy |
|
New |
| [RFC,v2,2/2] proc connector: add a "get feature" op |
|
|
|
2016-10-15 |
Alban Crequy |
|
New |
| [RFC,v2,1/2] proc connector: add namespace events |
|
|
|
2016-10-15 |
Alban Crequy |
|
New |
| [v3,2/2] selftests: add openat2(2) selftests |
|
|
|
2020-01-18 |
Aleksa Sarai |
|
New |
| [v3,1/2] open: introduce openat2(2) syscall |
|
|
|
2020-01-18 |
Aleksa Sarai |
|
New |
| [RFC,1/1] mount: universally disallow mounting over symlinks |
|
|
|
2019-12-30 |
Aleksa Sarai |
|
New |
| [v2,2/2] uapi: split openat2(2) definitions from fcntl.h |
|
|
|
2019-12-20 |
Aleksa Sarai |
|
New |
| [v2,1/2] openat2: drop open_how->__padding field |
1 |
|
|
2019-12-20 |
Aleksa Sarai |
|
New |
| [2/2] openat2: drop open_how->__padding field |
|
|
|
2019-12-19 |
Aleksa Sarai |
|
New |
| [1/2] uapi: split openat2(2) definitions from fcntl.h |
|
|
|
2019-12-19 |
Aleksa Sarai |
|
New |
| [2/2] openat2: drop open_how->__padding field |
1 |
|
|
2019-12-19 |
Aleksa Sarai |
|
New |
| [1/2] uapi: split openat2(2) definitions from fcntl.h |
|
|
|
2019-12-19 |
Aleksa Sarai |
|
New |
| openat2: switch to __attribute__((packed)) for open_how |
|
|
|
2019-12-15 |
Aleksa Sarai |
|
New |
| openat2: switch to __attribute__((packed)) for open_how |
|
|
|
2019-12-13 |
Aleksa Sarai |
|
New |
| [v18,13/13] Documentation: path-lookup: include new LOOKUP flags |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,12/13] selftests: add openat2(2) selftests |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,11/13] open: introduce openat2(2) syscall |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,10/13] namei: LOOKUP_{IN_ROOT, BENEATH}: permit limited ".." resolution |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,09/13] namei: LOOKUP_IN_ROOT: chroot-like scoped resolution |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,08/13] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,07/13] namei: LOOKUP_NO_XDEV: block mountpoint crossing |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,06/13] namei: LOOKUP_NO_MAGICLINKS: block magic-link resolution |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,05/13] namei: LOOKUP_NO_SYMLINKS: block symlink resolution |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,04/13] namei: allow set_root() to produce errors |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,03/13] namei: allow nd_jump_link() to produce errors |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,02/13] nsfs: clean-up ns_get_path() signature to return int |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v18,01/13] namei: only return -ECHILD from follow_dotdot_rcu() |
|
|
|
2019-12-06 |
Aleksa Sarai |
|
New |
| [v15,9/9] Documentation: path-lookup: mention LOOKUP_MAGICLINK_JUMPED |
|
|
|
2019-11-05 |
Aleksa Sarai |
|
New |
| [v15,8/9] selftests: add openat2(2) selftests |
|
|
|
2019-11-05 |
Aleksa Sarai |
|
New |
| [v15,7/9] open: introduce openat2(2) syscall |
|
|
|
2019-11-05 |
Aleksa Sarai |
|
New |
| [v15,6/9] namei: LOOKUP_{IN_ROOT, BENEATH}: permit limited ".." resolution |
|
|
|
2019-11-05 |
Aleksa Sarai |
|
New |
| [v15,5/9] namei: LOOKUP_IN_ROOT: chroot-like scoped resolution |
|
|
|
2019-11-05 |
Aleksa Sarai |
|
New |
| [v15,4/9] namei: LOOKUP_BENEATH: O_BENEATH-like scoped resolution |
|
|
|
2019-11-05 |
Aleksa Sarai |
|
New |
| [v15,3/9] namei: LOOKUP_NO_XDEV: block mountpoint crossing |
|
|
|
2019-11-05 |
Aleksa Sarai |
|
New |
| [v15,2/9] namei: LOOKUP_NO_MAGICLINKS: block magic-link resolution |
|
|
|
2019-11-05 |
Aleksa Sarai |
|
New |
| [v15,1/9] namei: LOOKUP_NO_SYMLINKS: block symlink resolution |
|
|
|
2019-11-05 |
Aleksa Sarai |
|
New |
| [RESEND,v14,6/6] Documentation: path-lookup: mention LOOKUP_MAGICLINK_JUMPED |
|
|
|
2019-10-26 |
Aleksa Sarai |
|
New |
| [RESEND,v14,5/6] selftests: add openat2(2) selftests |
|
|
|
2019-10-26 |
Aleksa Sarai |
|
New |
| [RESEND,v14,4/6] open: introduce openat2(2) syscall |
|
|
|
2019-10-26 |
Aleksa Sarai |
|
New |
| [RESEND,v14,3/6] namei: permit ".." resolution with LOOKUP_{IN_ROOT, BENEATH} |
|
|
|
2019-10-26 |
Aleksa Sarai |
|
New |
| [RESEND,v14,2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution |
|
|
|
2019-10-26 |
Aleksa Sarai |
|
New |
| [RESEND,v14,1/6] namei: O_BENEATH-style resolution restriction flags |
|
|
|
2019-10-26 |
Aleksa Sarai |
|
New |
| [v14,6/6] Documentation: path-lookup: mention LOOKUP_MAGICLINK_JUMPED |
|
|
|
2019-10-10 |
Aleksa Sarai |
|
New |
| [v14,5/6] selftests: add openat2(2) selftests |
|
|
|
2019-10-10 |
Aleksa Sarai |
|
New |
| [v14,4/6] open: introduce openat2(2) syscall |
|
|
|
2019-10-10 |
Aleksa Sarai |
|
New |
| [v14,3/6] namei: permit ".." resolution with LOOKUP_{IN_ROOT, BENEATH} |
|
|
|
2019-10-10 |
Aleksa Sarai |
|
New |
| [v14,2/6] namei: LOOKUP_IN_ROOT: chroot-like path resolution |
|
|
|
2019-10-10 |
Aleksa Sarai |
|
New |
| [v14,1/6] namei: O_BENEATH-style resolution restriction flags |
|
|
|
2019-10-10 |
Aleksa Sarai |
|
New |
| [v13,9/9] Documentation: update path-lookup to mention trailing magic-links |
|
|
|
2019-09-30 |
Aleksa Sarai |
|
New |
| [v13,8/9] selftests: add openat2(2) selftests |
|
|
|
2019-09-30 |
Aleksa Sarai |
|
New |
| [v13,7/9] open: openat2(2) syscall |
|
|
|
2019-09-30 |
Aleksa Sarai |
|
New |
| [v13,6/9] namei: permit ".." resolution with LOOKUP_{IN_ROOT, BENEATH} |
|
|
|
2019-09-30 |
Aleksa Sarai |
|
New |
| [v13,5/9] namei: LOOKUP_IN_ROOT: chroot-like path resolution |
|
|
|
2019-09-30 |
Aleksa Sarai |
|
New |
| [v13,4/9] namei: O_BENEATH-style path resolution flags |
|
|
|
2019-09-30 |
Aleksa Sarai |
|
New |
| [v13,3/9] open: O_EMPTYPATH: procfs-less file descriptor re-opening |
|
|
|
2019-09-30 |
Aleksa Sarai |
|
New |
| [v13,2/9] procfs: switch magic-link modes to be more sane |
|
|
|
2019-09-30 |
Aleksa Sarai |
|
New |
| [v13,1/9] namei: obey trailing magic-link DAC permissions |
|
|
|
2019-09-30 |
Aleksa Sarai |
|
New |
| [v12,12/12] selftests: add openat2(2) selftests |
|
|
|
2019-09-04 |
Aleksa Sarai |
|
New |
| [v12,11/12] open: openat2(2) syscall |
|
|
|
2019-09-04 |
Aleksa Sarai |
|
New |
| [v12,10/12] namei: aggressively check for nd->root escape on ".." resolution |
|
|
|
2019-09-04 |
Aleksa Sarai |
|
New |
| [v12,09/12] namei: LOOKUP_IN_ROOT: chroot-like path resolution |
|
|
|
2019-09-04 |
Aleksa Sarai |
|
New |
| [v12,08/12] namei: O_BENEATH-style path resolution flags |
|
|
|
2019-09-04 |
Aleksa Sarai |
|
New |
| [v12,07/12] open: O_EMPTYPATH: procfs-less file descriptor re-opening |
|
|
|
2019-09-04 |
Aleksa Sarai |
|
New |
| [v12,06/12] procfs: switch magic-link modes to be more sane |
|
|
|
2019-09-04 |
Aleksa Sarai |
|
New |