| [RFC,30/30] ima: Set ML template per ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,29/30] ima: Add dummy boot aggregate to per ima namespace measurement list |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,28/30] ima: Load per ima namespace x509 certificate |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,27/30] integrity: Add key domain tag to the search criteria |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,26/30] ima: Add key domain to the ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,25/30] keys: Allow to set key domain tag separately from the key type |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,24/30] keys: Include key domain tag in the iterative search |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,23/30] keys: Add domain tag to the keyring search criteria |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,22/30] ima: Remap IDs of subject based rules if necessary |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,21/30] user namespace: Add function that checks if the UID map is defined |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,20/30] ima: Parse per ima namespace policy file |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,19/30] ima: Configure the new ima namespace from securityfs |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,18/30] ima: Change the owning user namespace of the ima namespace if necessary |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,17/30] ima: Add the violation counter to the namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,16/30] ima: Extend permissions to the ima securityfs entries |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,15/30] ima: Add a reader counter to the integrity inode data |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,14/30] ima: Add per namespace view of the measurement list |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,13/30] ima: Add a new ima template that includes namespace ID |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,12/30] ima: Check ima namespace ID during digest entry lookup |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,11/30] ima: Keep track of the measurment list per ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,10/30] ima: Add ima namespace ID to the ima ML related structures |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,09/30] ima: Enable per ima namespace policy settings |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,08/30] ima: Add integrity inode related data to the ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,07/30] ima: Extend the APIs in the integrity subsystem |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,06/30] ima: Add ima namespace to the ima subsystem APIs |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,05/30] ima: Add methods for parsing ima policy configuration string |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,04/30] ima: Add ima policy related data to the ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,03/30] ima: Bind ima namespace to the file descriptor |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,02/30] ima: Add a list of the installed ima namespaces |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,01/30] ima: Introduce ima namespace |
|
|
|
2020-08-18 |
krzysztof.struczynski@huawei.com |
|
New |
| [RFC,5/5] keys: Implement a 'container' keyring |
|
|
|
2020-07-16 |
David Howells |
|
New |
| [RFC,4/5] keys: Split the search perms between KEY_NEED_USE and KEY_NEED_SEARCH |
|
|
|
2020-07-16 |
David Howells |
|
New |
| [RFC,3/5] keys: Provide KEYCTL_GRANT_PERMISSION |
|
|
|
2020-07-16 |
David Howells |
|
New |
| [RFC,2/5] keys: Replace uid/gid/perm permissions checking with an ACL |
|
|
|
2020-07-16 |
David Howells |
|
New |
| [RFC,1/5] keys: Move permissions checking decisions into the checking code |
|
|
|
2020-07-16 |
David Howells |
|
New |
| [v7,9/9] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,8/9] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
1 |
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,7/9] fs: Expand __receive_fd() to accept existing fd |
1 |
1 |
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,6/9] pidfd: Replace open-coded receive_fd() |
1 |
1 |
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,5/9] fs: Add receive_fd() wrapper for __receive_fd() |
1 |
1 |
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,4/9] fs: Move __scm_install_fd() to __receive_fd() |
1 |
1 |
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,3/9] net/scm: Regularize compat handling of scm_detach_fds() |
1 |
|
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,2/9] pidfd: Add missing sock updates for pidfd_getfd() |
|
|
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,1/9] net/compat: Add missing sock updates for SCM_RIGHTS |
1 |
|
|
2020-07-09 |
Kees Cook |
|
New |
| [v6,4/7] pidfd: Replace open-coded partial receive_fd() |
1 |
|
|
2020-07-07 |
Christian Brauner |
|
New |
| [v6,7/7] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,6/7] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
|
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,5/7] fs: Expand __receive_fd() to accept existing fd |
1 |
1 |
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,4/7] pidfd: Replace open-coded partial receive_fd() |
|
1 |
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,3/7] fs: Add receive_fd() wrapper for __receive_fd() |
1 |
1 |
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,2/7] fs: Move __scm_install_fd() to __receive_fd() |
1 |
1 |
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,1/7] net/scm: Regularize compat handling of scm_detach_fds() |
1 |
|
|
2020-07-06 |
Kees Cook |
|
New |
| [v5,4/7] pidfd: Replace open-coded partial fd_install_received() |
|
|
|
2020-07-06 |
Christian Brauner |
|
New |
| [ghau51/ghau40,v9,11/11] libaudit: add support to get and set capcontid on a task |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,10/11] ausearch: convert contid to comma-sep/carrat-mod cnode/clist |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,09/11] contid: interpret correctly CONTAINER_ID contid field csv |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,08/11] add support for audit_signal_info2 |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,07/11] signal_info: only print context if it is available. |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,06/11] libaudit: add support to get the task audit container identifier |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,05/11] start normalization containerid support |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,04/11] add ausearch containerid support |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,03/11] auditctl: add support for AUDIT_CONTID filter |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,02/11] AUDIT_CONTAINER_ID message type basic support |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,01/11] AUDIT_CONTAINER_OP message type basic support |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,13/13] audit: add capcontid to set contid outside init_user_ns |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,12/13] audit: track container nesting |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,11/13] audit: contid check descendancy and nesting |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,10/13] audit: add support for containerid to network namespaces |
1 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,09/13] audit: add containerid filtering |
2 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,08/13] audit: add containerid support for user records |
1 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,07/13] audit: add support for non-syscall auxiliary records |
2 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,06/13] audit: add contid support for signalling the audit daemon |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,05/13] audit: log container info of syscalls |
3 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,04/13] audit: log drop of contid on exit of last task |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,03/13] audit: read container ID of a process |
2 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,02/13] audit: add container id |
3 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,01/13] audit: collect audit task parameters |
1 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [v4,2/3] nsproxy: attach to namespaces via pidfds |
|
|
|
2020-06-24 |
Michal Koutný |
|
New |
| [v5,7/7] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,6/7] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,5/7] fs: Expand __fd_install_received() to accept fd |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,4/7] pidfd: Replace open-coded partial fd_install_received() |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,3/7] fs: Add fd_install_received() wrapper for __fd_install_received() |
|
1 |
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,2/7] fs: Move __scm_install_fd() to __fd_install_received() |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,1/7] net/scm: Regularize compat handling of scm_detach_fds() |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v4,03/11] fs: Add fd_install_received() wrapper for __fd_install_received() |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [8/8,DEBUG] seccomp: Report bitmap coverage ranges |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [7/8] x86: Enable seccomp constant action bitmaps |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [6/8] x86: Provide API for local kernel TLB flushing |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [5/8] selftests/seccomp: Compare bitmap vs filter overhead |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [4/8] seccomp: Implement constant action bitmaps |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [3/8] seccomp: Introduce SECCOMP_PIN_ARCHITECTURE |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [2/8] seccomp: Use pr_fmt |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [1/8] selftests/seccomp: Improve calibration loop |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,11/11] seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,10/11] seccomp: Switch addfd to Extensible Argument ioctl |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,09/11] selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall() |
|
1 |
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,08/11] selftests/seccomp: Make kcmp() less required |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,07/11] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,06/11] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
|
|
2020-06-16 |
Kees Cook |
|
New |