| [net-next,v3,2/8] sysfs, kobject: allow creating kobject belonging to arbitrary users |
|
|
|
2018-07-20 |
Tyler Hicks |
|
New |
| [net-next,v3,1/8] kernfs: allow creating kernfs objects with arbitrary uid/gid |
|
|
|
2018-07-20 |
Tyler Hicks |
|
New |
| [net-next,v2,7/7] bridge: make sure objects belong to container's owner |
|
|
|
2018-07-13 |
Tyler Hicks |
|
New |
| [net-next,v2,6/7] net: Create reusable function for getting ownership info of sysfs inodes |
|
|
|
2018-07-13 |
Tyler Hicks |
|
New |
| [net-next,v2,5/7] net-sysfs: make sure objects belong to contrainer's owner |
|
|
|
2018-07-13 |
Tyler Hicks |
|
New |
| [net-next,v2,4/7] driver core: set up ownership of class devices in sysfs |
|
1 |
|
2018-07-13 |
Tyler Hicks |
|
New |
| [net-next,v2,3/7] kobject: kset_create_and_add() - fetch ownership info from parent |
|
1 |
|
2018-07-13 |
Tyler Hicks |
|
New |
| [net-next,v2,2/7] sysfs, kobject: allow creating kobject belonging to arbitrary users |
|
1 |
|
2018-07-13 |
Tyler Hicks |
|
New |
| [net-next,v2,1/7] kernfs: allow creating kernfs objects with arbitrary uid/gid |
|
|
|
2018-07-13 |
Tyler Hicks |
|
New |
| ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns |
|
|
|
2018-07-05 |
Tyler Hicks |
|
New |
| Revert "vfs: Allow userns root to call mknod on owned filesystems." |
|
|
|
2018-07-05 |
Christian Brauner |
|
New |
| [v4,1/4] seccomp: add a return code to trap to userspace |
|
|
|
2018-06-22 |
Jann Horn via Containers |
|
New |
| [v4,4/4] seccomp: add support for passing fds via USER_NOTIF |
|
|
|
2018-06-21 |
Tycho Andersen |
|
New |
| [v4,3/4] seccomp: add a way to get a listener fd from ptrace |
|
|
|
2018-06-21 |
Tycho Andersen |
|
New |
| [v4,2/4] seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE |
|
|
|
2018-06-21 |
Tycho Andersen |
|
New |
| [v4,1/4] seccomp: add a return code to trap to userspace |
|
|
|
2018-06-21 |
Tycho Andersen |
|
New |
| [v2] proc: Simplify and fix proc by removing the kernel mount |
|
|
1 |
2018-06-17 |
Eric W. Biederman |
|
New |
| [CFT] proc: Simplify and fix proc by removing the kernel mount |
|
|
|
2018-06-16 |
Eric W. Biederman |
|
New |
| [v3,1/1] shiftfs: uid/gid shifting bind mount |
|
|
|
2018-06-15 |
James Bottomley |
|
New |
| shiftfs status and future development |
|
|
|
2018-06-15 |
Seth Forshee |
|
New |
| [merged] selftests: uevent filtering |
|
|
|
2018-06-09 |
Christian Brauner |
|
New |
| [net-next,2/2,merged] netns: restrict uevents] |
|
|
|
2018-06-09 |
Christian Brauner |
|
New |
| [net-next,1/2,merged] uevent: add alloc_uevent_skb() helper |
|
|
|
2018-06-09 |
Christian Brauner |
|
New |
| [ghau51/ghau40,v3,6/6] libaudit: add support to get the task audit container identifier |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v3,5/6] start normalization containerid support |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v3,4/6] add ausearch containerid support |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v3,3/6] auditctl: add support for AUDIT_CONTID filter |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v3,2/6] AUDIT_CONTAINER message type basic support |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v3,1/6] AUDIT_CONTAINER_ID message type basic support |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [RFC,ghak90,(was,ghak32),V3,10/10] rfkill: fix spelling mistake contidion to condition |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [RFC,ghak90,(was,ghak32),V3,09/10] debug audit: read container ID of a process |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [RFC,ghak90,(was,ghak32),V3,08/10] audit: NETFILTER_PKT: record each container ID associated with... |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [RFC,ghak90,(was,ghak32),V3,07/10] audit: add support for containerid to network namespaces |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [RFC,ghak90,(was,ghak32),V3,06/10] audit: add containerid filtering |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [RFC,ghak90,(was,ghak32),V3,05/10] audit: add containerid support for tty_audit |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [RFC,ghak90,(was,ghak32),V3,04/10] audit: add support for non-syscall auxiliary records |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [RFC,ghak90,(was,ghak32),V3,03/10] audit: add containerid support for ptrace and signals |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [RFC,ghak90,(was,ghak32),V3,02/10] audit: log container info of syscalls |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [RFC,ghak90,(was,ghak32),V3,01/10] audit: add container id |
|
|
|
2018-06-06 |
Richard Guy Briggs |
|
New |
| [v3,4/4] seccomp: add support for passing fds via USER_NOTIF |
|
|
|
2018-05-31 |
Tycho Andersen |
|
New |
| [v3,3/4] seccomp: add a way to get a listener fd from ptrace |
|
|
|
2018-05-31 |
Tycho Andersen |
|
New |
| [v3,2/4] seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE |
|
|
|
2018-05-31 |
Tycho Andersen |
|
New |
| [v3,1/4] seccomp: add a return code to trap to userspace |
|
|
|
2018-05-31 |
Tycho Andersen |
|
New |
| fuse: Allow fully unprivileged mounts |
|
|
|
2018-05-29 |
Eric W. Biederman |
|
New |
| [REVIEW,v2,3/6] fs: Allow superblock owner to replace invalid owners of inodes |
2 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,6/6] fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems |
1 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,5/6] capabilities: Allow privileged user in s_user_ns to set security.* xattrs |
2 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,4/6] fs: Allow superblock owner to access do_remount_sb() |
3 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,3/6] fs: Allow superblock owner to replace invalid owners of inodes |
1 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,2/6] vfs: Allow userns root to call mknod on owned filesystems. |
2 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [REVIEW,1/6] vfs: Don't allow changing the link count of an inode with an invalid uid or gid |
2 |
|
|
2018-05-23 |
Eric W. Biederman |
|
New |
| [RFC] bpf: tracing: new helper bpf_get_current_cgroup_ino |
|
|
|
2018-05-23 |
Y Song |
|
New |
| [v2,4/4] seccomp: add support for passing fds via USER_NOTIF |
|
|
|
2018-05-17 |
Tycho Andersen |
|
New |
| [v2,3/4] seccomp: add a way to get a listener fd from ptrace |
|
|
|
2018-05-17 |
Tycho Andersen |
|
New |
| [v2,2/4] seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE |
|
|
|
2018-05-17 |
Tycho Andersen |
|
New |
| [v2,1/4] seccomp: add a return code to trap to userspace |
|
|
|
2018-05-17 |
Tycho Andersen |
|
New |
| [RFC] bpf: tracing: new helper bpf_get_current_cgroup_ino |
|
|
|
2018-05-13 |
Alban Crequy |
|
New |
| [RFC,v4,5/5] ima: namespace audit status flags |
|
|
|
2018-05-11 |
Stefan Berger |
|
New |
| [RFC,v4,4/5] ima: extend IMA audit policy rules with attribute to audit namespaces |
|
|
|
2018-05-11 |
Stefan Berger |
|
New |
| [RFC,v4,3/5] ima: differentiate auditing policy rules from "audit" actions |
|
|
|
2018-05-11 |
Stefan Berger |
|
New |
| [RFC,v4,2/5] ima: Add ns_status for storing namespaced iint data |
|
|
|
2018-05-11 |
Stefan Berger |
|
New |
| [RFC,v4,1/5] ima: Add IMA namespace support |
|
|
|
2018-05-11 |
Stefan Berger |
|
New |
| fuse: Ensure posix acls are translated outside of init_user_ns |
1 |
|
|
2018-05-04 |
Eric W. Biederman |
|
New |
| [GIT,PULL] userns bug fix for 4.17-rc3 |
2 |
|
|
2018-04-24 |
Eric W. Biederman |
|
New |
| [RFC,ghak32,V2,11/13] audit: add support for containerid to network namespaces |
|
|
|
2018-04-21 |
Paul Moore |
|
New |
| [net-next,2/2,MERGED] netns: send uevent messages |
|
|
|
2018-04-05 |
Christian Brauner |
|
New |
| [net-next,1/2,MERGED] net: add uevent socket member |
|
|
|
2018-04-05 |
Christian Brauner |
|
New |
| [RFC,WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible |
|
|
|
2018-04-04 |
Alban Crequy |
|
New |
| [RFC] ipc: Remove IPCMNI |
|
|
|
2018-03-29 |
Eric W. Biederman |
|
New |
| [RFC,v3,3/3] ima: mamespace audit status flags |
|
|
|
2018-03-27 |
Stefan Berger |
|
New |
| [RFC,v3,2/3] ima: Add ns_status for storing namespaced iint data |
|
|
|
2018-03-27 |
Stefan Berger |
|
New |
| [RFC,v3,1/3] ima: extend clone() with IMA namespace support |
|
|
|
2018-03-27 |
Stefan Berger |
|
New |
| [GIT,PULL] Revert "mqueue: switch to on-demand creation of internal mount" |
|
|
|
2018-03-25 |
Eric W. Biederman |
|
New |
| [REVIEW,13/11] ipc/smack: Tidy up from the change in type of the ipc security hooks |
|
|
|
2018-03-24 |
Eric W. Biederman |
|
New |
| [REVIEW,12/11] ipc: Directly call the security hook in ipc_ops.associate |
|
1 |
|
2018-03-24 |
Eric W. Biederman |
|
New |
| [2/2] mqueuefs: Fix the permissions and permission checks when mounting mqueuefs |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [1/2] fs: Extend mount_ns with support for a fast namespace to vfsmount function |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,11/11] ipc/sem: Fix semctl(..., GETPID, ...) between pid namespaces |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,10/11] ipc/msg: Fix msgctl(..., IPC_STAT, ...) between pid namespaces |
|
1 |
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,09/11] ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces. |
|
1 |
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,08/11] ipc/util: Helpers for making the sysvipc operations pid namespace aware |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,07/11] ipc: Move IPCMNI from include/ipc.h into ipc/util.h |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,06/11] msg: Move struct msg_queue into ipc/msg.c |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,05/11] shm: Move struct shmid_kernel into ipc/shm.c |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,04/11] sem: Move struct sem and struct sem_array into ipc/sem.c |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,03/11] msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,02/11] shm/security: Pass kern_ipc_perm not shmid_kernel into the shm security hooks |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REVIEW,01/11] sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks |
|
|
|
2018-03-23 |
Eric W. Biederman |
|
New |
| [REGRESSION,v4.16-rc6] mqueue: forbid unprivileged user access to internal mount |
|
|
|
2018-03-23 |
Aleksa Sarai |
|
New |
| [ghau40,v2,5/5] start normalization containerid support |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [ghau40,v2,4/5] add ausearch containerid support |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [ghau40,v2,3/5] auditctl: add support for containerid filter |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [ghau40,v2,2/5] AUDIT_CONTAINER_INFO message type basic support |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [ghau40,v2,1/5] AUDIT_CONTAINER message type basic support |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,13/13] debug audit: read container ID of a process |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,12/13] audit: NETFILTER_PKT: record each container ID associated with a netNS |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,11/13] audit: add support for containerid to network namespaces |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,10/13] audit: add containerid support for seccomp and anom_abend records |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,09/13] audit: add containerid support for config/feature/user records |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |
| [RFC,ghak32,V2,08/13] audit: add containerid support for tty_audit |
|
|
|
2018-03-16 |
Richard Guy Briggs |
|
New |