| [RFC,5/5] keys: Implement a 'container' keyring |
|
|
|
2020-07-16 |
David Howells |
|
New |
| [RFC,4/5] keys: Split the search perms between KEY_NEED_USE and KEY_NEED_SEARCH |
|
|
|
2020-07-16 |
David Howells |
|
New |
| [RFC,3/5] keys: Provide KEYCTL_GRANT_PERMISSION |
|
|
|
2020-07-16 |
David Howells |
|
New |
| [RFC,2/5] keys: Replace uid/gid/perm permissions checking with an ACL |
|
|
|
2020-07-16 |
David Howells |
|
New |
| [RFC,1/5] keys: Move permissions checking decisions into the checking code |
|
|
|
2020-07-16 |
David Howells |
|
New |
| [v7,9/9] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,8/9] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
1 |
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,7/9] fs: Expand __receive_fd() to accept existing fd |
1 |
1 |
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,6/9] pidfd: Replace open-coded receive_fd() |
1 |
1 |
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,5/9] fs: Add receive_fd() wrapper for __receive_fd() |
1 |
1 |
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,4/9] fs: Move __scm_install_fd() to __receive_fd() |
1 |
1 |
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,3/9] net/scm: Regularize compat handling of scm_detach_fds() |
1 |
|
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,2/9] pidfd: Add missing sock updates for pidfd_getfd() |
|
|
|
2020-07-09 |
Kees Cook |
|
New |
| [v7,1/9] net/compat: Add missing sock updates for SCM_RIGHTS |
1 |
|
|
2020-07-09 |
Kees Cook |
|
New |
| [v6,4/7] pidfd: Replace open-coded partial receive_fd() |
1 |
|
|
2020-07-07 |
Christian Brauner |
|
New |
| [v6,7/7] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,6/7] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
|
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,5/7] fs: Expand __receive_fd() to accept existing fd |
1 |
1 |
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,4/7] pidfd: Replace open-coded partial receive_fd() |
|
1 |
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,3/7] fs: Add receive_fd() wrapper for __receive_fd() |
1 |
1 |
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,2/7] fs: Move __scm_install_fd() to __receive_fd() |
1 |
1 |
|
2020-07-06 |
Kees Cook |
|
New |
| [v6,1/7] net/scm: Regularize compat handling of scm_detach_fds() |
1 |
|
|
2020-07-06 |
Kees Cook |
|
New |
| [v5,4/7] pidfd: Replace open-coded partial fd_install_received() |
|
|
|
2020-07-06 |
Christian Brauner |
|
New |
| [ghau51/ghau40,v9,11/11] libaudit: add support to get and set capcontid on a task |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,10/11] ausearch: convert contid to comma-sep/carrat-mod cnode/clist |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,09/11] contid: interpret correctly CONTAINER_ID contid field csv |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,08/11] add support for audit_signal_info2 |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,07/11] signal_info: only print context if it is available. |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,06/11] libaudit: add support to get the task audit container identifier |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,05/11] start normalization containerid support |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,04/11] add ausearch containerid support |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,03/11] auditctl: add support for AUDIT_CONTID filter |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,02/11] AUDIT_CONTAINER_ID message type basic support |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghau51/ghau40,v9,01/11] AUDIT_CONTAINER_OP message type basic support |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,13/13] audit: add capcontid to set contid outside init_user_ns |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,12/13] audit: track container nesting |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,11/13] audit: contid check descendancy and nesting |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,10/13] audit: add support for containerid to network namespaces |
1 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,09/13] audit: add containerid filtering |
2 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,08/13] audit: add containerid support for user records |
1 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,07/13] audit: add support for non-syscall auxiliary records |
2 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,06/13] audit: add contid support for signalling the audit daemon |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,05/13] audit: log container info of syscalls |
3 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,04/13] audit: log drop of contid on exit of last task |
|
|
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,03/13] audit: read container ID of a process |
2 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,02/13] audit: add container id |
3 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [ghak90,V9,01/13] audit: collect audit task parameters |
1 |
1 |
|
2020-06-27 |
Richard Guy Briggs |
|
New |
| [v4,2/3] nsproxy: attach to namespaces via pidfds |
|
|
|
2020-06-24 |
Michal Koutný |
|
New |
| [v5,7/7] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,6/7] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,5/7] fs: Expand __fd_install_received() to accept fd |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,4/7] pidfd: Replace open-coded partial fd_install_received() |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,3/7] fs: Add fd_install_received() wrapper for __fd_install_received() |
|
1 |
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,2/7] fs: Move __scm_install_fd() to __fd_install_received() |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v5,1/7] net/scm: Regularize compat handling of scm_detach_fds() |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [v4,03/11] fs: Add fd_install_received() wrapper for __fd_install_received() |
|
|
|
2020-06-17 |
Kees Cook |
|
New |
| [8/8,DEBUG] seccomp: Report bitmap coverage ranges |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [7/8] x86: Enable seccomp constant action bitmaps |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [6/8] x86: Provide API for local kernel TLB flushing |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [5/8] selftests/seccomp: Compare bitmap vs filter overhead |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [4/8] seccomp: Implement constant action bitmaps |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [3/8] seccomp: Introduce SECCOMP_PIN_ARCHITECTURE |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [2/8] seccomp: Use pr_fmt |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [1/8] selftests/seccomp: Improve calibration loop |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,11/11] seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,10/11] seccomp: Switch addfd to Extensible Argument ioctl |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,09/11] selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall() |
|
1 |
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,08/11] selftests/seccomp: Make kcmp() less required |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,07/11] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,06/11] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,05/11] fs: Expand __fd_install_received() to accept fd |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,04/11] pidfd: Replace open-coded partial fd_install_received() |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,03/11] fs: Add fd_install_received() wrapper for __fd_install_received() |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,02/11] fs: Move __scm_install_fd() to __fd_install_received() |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [v4,01/11] net/scm: Regularize compat handling of scm_detach_fds() |
|
|
|
2020-06-16 |
Kees Cook |
|
New |
| [RFC] seccomp: Add extensibility mechanism to read notifications |
|
|
|
2020-06-13 |
Sargun Dhillon |
|
New |
| [v3,1/4] fs, net: Standardize on file_receive helper to move fds across processes |
|
|
|
2020-06-11 |
Kees Cook |
|
New |
| [v3,4/4] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-06-03 |
Sargun Dhillon |
|
New |
| [v3,3/4] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
|
|
2020-06-03 |
Sargun Dhillon |
|
New |
| [v3,2/4] pid: Use file_receive helper to copy FDs |
|
|
|
2020-06-03 |
Sargun Dhillon |
|
New |
| [v3,1/4] fs, net: Standardize on file_receive helper to move fds across processes |
|
|
|
2020-06-03 |
Sargun Dhillon |
|
New |
| [v3] seccomp: Add find_notification helper |
1 |
1 |
|
2020-06-01 |
Sargun Dhillon |
|
New |
| [v3,4/4] tests: test seccomp filter notifications |
|
|
|
2020-05-31 |
Christian Brauner |
|
New |
| [v3,3/4] seccomp: notify about unused filter |
|
|
|
2020-05-31 |
Christian Brauner |
|
New |
| [v3,2/4] seccomp: release filter after task is fully dead |
|
|
|
2020-05-31 |
Christian Brauner |
|
New |
| [v3,1/4] seccomp: rename "usage" to "refs" and document |
|
|
|
2020-05-31 |
Christian Brauner |
|
New |
| [v2,1/2] seccomp: notify user trap about unused filter |
|
|
|
2020-05-29 |
Christian Brauner |
|
New |
| [v2,2/2] tests: test seccomp filter notifications |
|
|
|
2020-05-28 |
Christian Brauner |
|
New |
| [v2,1/2] seccomp: notify user trap about unused filter |
|
|
|
2020-05-28 |
Christian Brauner |
|
New |
| [1/2] seccomp: notify user trap about unused filter |
|
|
|
2020-05-28 |
Christian Brauner |
|
New |
| [v2,3/3] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-05-28 |
Sargun Dhillon |
|
New |
| [v2,2/3] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
|
1 |
2020-05-28 |
Sargun Dhillon |
|
New |
| [v2,1/3] seccomp: Add find_notification helper |
1 |
|
|
2020-05-28 |
Sargun Dhillon |
|
New |
| [2/2] tests: test seccomp filter notifications |
|
|
|
2020-05-27 |
Christian Brauner |
|
New |
| [1/2] seccomp: notify user trap about unused filter |
|
|
|
2020-05-27 |
Christian Brauner |
|
New |
| [5/5] selftests/seccomp: Add test for addfd move semantics |
|
|
|
2020-05-24 |
Sargun Dhillon |
|
New |
| [4/5] seccomp: Add SECCOMP_ADDFD_FLAG_MOVE flag to add fd ioctl |
|
|
|
2020-05-24 |
Sargun Dhillon |
|
New |
| [3/5] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD |
|
|
|
2020-05-24 |
Sargun Dhillon |
|
New |
| [2/5] seccomp: Introduce addfd ioctl to seccomp user notifier |
|
|
|
2020-05-24 |
Sargun Dhillon |
|
New |
| [1/5] seccomp: Add find_notification helper |
|
|
|
2020-05-24 |
Sargun Dhillon |
|
New |