linux-security-module  

Messages by Date

• 2015/12/17 Re: [PATCH v1 3/7] ima: load policy using path Luis R. Rodriguez
• 2015/12/17 Re: Problems loading firmware using built-in drivers with kernels that use initramfs. Luis R. Rodriguez
• 2015/12/17 Re: [PATCH 1/4] firmware: generalize "firmware" as "system data" helpers Luis R. Rodriguez
• 2015/12/17 Re: [PATCH]: Smack: type confusion in smak sendmsg() handler Casey Schaufler
• 2015/12/17 selinux: security_bounded_transition fails Hannu Savolainen
• 2015/12/17 Re: [PATCH v1 4/7] ima: measure and appraise kexec image and initramfs Mimi Zohar
• 2015/12/17 [PATCH]: Smack: type confusion in smak sendmsg() handler Roman Kubiak
• 2015/12/16 Re: [PATCH v1 4/7] ima: measure and appraise kexec image and initramfs Dave Young
• 2015/12/15 Re: Exposing secid to secctx mapping to user-space Daniel Cashman
• 2015/12/15 Re: Exposing secid to secctx mapping to user-space Joe Nall
• 2015/12/15 Re: Exposing secid to secctx mapping to user-space Casey Schaufler
• 2015/12/15 Re: Exposing secid to secctx mapping to user-space Stephen Smalley
• 2015/12/15 Re: Exposing secid to secctx mapping to user-space Joe Nall
• 2015/12/15 Re: Exposing secid to secctx mapping to user-space Stephen Smalley
• 2015/12/15 Re: Exposing secid to secctx mapping to user-space Casey Schaufler
• 2015/12/15 Re: Exposing secid to secctx mapping to user-space Stephen Smalley
• 2015/12/14 RE: Exposing secid to secctx mapping to user-space Roberts, William C
• 2015/12/14 Re: Exposing secid to secctx mapping to user-space Stephen Smalley
• 2015/12/14 RE: Exposing secid to secctx mapping to user-space Roberts, William C
• 2015/12/14 Re: Exposing secid to secctx mapping to user-space Casey Schaufler
• 2015/12/14 Re: Exposing secid to secctx mapping to user-space Stephen Smalley
• 2015/12/14 Re: Exposing secid to secctx mapping to user-space Casey Schaufler
• 2015/12/14 Re: Exposing secid to secctx mapping to user-space Mike Palmiotto
• 2015/12/14 Re: [PATCH v2 2/2] integrity: convert digsig to akcipher api Tadeusz Struk
• 2015/12/14 Re: [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy Jarkko Sakkinen
• 2015/12/14 Re: [PATCH v2 1/3] keys, trusted: fix: *do not* allow duplicate key options Jarkko Sakkinen
• 2015/12/14 Re: [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy Mimi Zohar
• 2015/12/14 Re: [PATCH v2 1/3] keys, trusted: fix: *do not* allow duplicate key options Mimi Zohar
• 2015/12/14 Re: [PATCH v2 2/2] integrity: convert digsig to akcipher api Mimi Zohar
• 2015/12/13 SELinux/audit kernel repo process changes Paul Moore
• 2015/12/13 Re: Exposing secid to secctx mapping to user-space Paul Moore
• 2015/12/13 [PATCH v2 0/3] TPM 2.0 trusted key features for v4.5 Jarkko Sakkinen
• 2015/12/13 [PATCH v2 1/3] keys, trusted: fix: *do not* allow duplicate key options Jarkko Sakkinen
• 2015/12/13 [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy Jarkko Sakkinen
• 2015/12/13 [PATCH v2 2/3] keys, trusted: select hash algorithm for TPM2 chips Jarkko Sakkinen
• 2015/12/12 [PATCH v2 0/2] crypto: KEYS: convert public key to akcipher api Tadeusz Struk
• 2015/12/12 [PATCH v2 2/2] integrity: convert digsig to akcipher api Tadeusz Struk
• 2015/12/12 [PATCH v2 1/2] crypto: KEYS: convert public key to the akcipher api Tadeusz Struk
• 2015/12/11 Re: Exposing secid to secctx mapping to user-space Casey Schaufler
• 2015/12/11 Re: Exposing secid to secctx mapping to user-space Stephen Smalley
• 2015/12/11 RE: Exposing secid to secctx mapping to user-space Roberts, William C
• 2015/12/11 Re: Exposing secid to secctx mapping to user-space Casey Schaufler
• 2015/12/11 Re: [PATCH] X.509: Fix leap year handling again and support leap seconds Rudolf Polzer
• 2015/12/11 Re: Exposing secid to secctx mapping to user-space Paul Moore
• 2015/12/11 Re: [PATCH v3] capabilities.7, prctl.2: Document ambient capabilities Michael Kerrisk (man-pages)
• 2015/12/11 Exposing secid to secctx mapping to user-space Daniel Cashman
• 2015/12/11 Re: [PATCH] X.509: Fix the time validation [ver #3] Josh Boyer
• 2015/12/11 Re: [PATCH] X.509: Fix the time validation [ver #3] David Howells
• 2015/12/10 Re: [PATCH 0/2] crypto: KEYS: convert public key to akcipher api Mimi Zohar
• 2015/12/10 [RFC PATCH] VFS: Remove security module inode blob allocation overhead - unmundged Casey Schaufler
• 2015/12/10 [RFC PATCH] VFS: Remove security module inode blob allocation overhead Casey Schaufler
• 2015/12/10 Re: [PATCH v1 7/7] ima: require signed IMA policy Mimi Zohar
• 2015/12/10 Re: [PATCH 0/2] crypto: KEYS: convert public key to akcipher api Mimi Zohar
• 2015/12/10 Re: [PATCH v1 7/7] ima: require signed IMA policy Petko Manolov
• 2015/12/10 Re: [PATCH 0/2] crypto: KEYS: convert public key to akcipher api Tadeusz Struk
• 2015/12/10 Re: [PATCH 0/2] crypto: KEYS: convert public key to akcipher api Mimi Zohar
• 2015/12/10 Re: [PATCH] X.509: Fix the time validation [ver #3] Alexander Holler
• 2015/12/10 Re: [PATCH] X.509: Fix the time validation [ver #3] Greg Kroah-Hartman
• 2015/12/10 Re: [PATCH] X.509: Fix the time validation [ver #3] Alexander Holler
• 2015/12/10 Re: [PATCH 2/2] security/integrity: make ima/ima_mok.c explicitly non-modular Mimi Zohar
• 2015/12/10 Re: [PATCH] X.509: Fix the time validation [ver #3] Alexander Holler
• 2015/12/10 Re: [PATCH] X.509: Fix the time validation [ver #3] Greg Kroah-Hartman
• 2015/12/10 Re: [PATCH] X.509: Fix the time validation [ver #3] Alexander Holler
• 2015/12/10 Re: [PATCH 0/2] security: clarify that some code is really non-modular David Howells
• 2015/12/10 Re: [PATCH] X.509: Fix leap year handling again and support leap seconds David Howells
• 2015/12/10 Re: [PATCH] X.509: Fix leap year handling again and support leap seconds David Howells
• 2015/12/10 Re: [PATCH] X.509: Fix the time validation [ver #3] Alexander Holler
• 2015/12/09 [PATCH 1/2] crypto: KEYS: convert public key to the akcipher api Tadeusz Struk
• 2015/12/09 [PATCH 2/2] integrity: convert digsig to akcipher api Tadeusz Struk
• 2015/12/09 [PATCH 0/2] crypto: KEYS: convert public key to akcipher api Tadeusz Struk
• 2015/12/09 [PATCH 2/2] security/integrity: make ima/ima_mok.c explicitly non-modular Paul Gortmaker
• 2015/12/09 [PATCH 1/2] security/keys: make big_key.c explicitly non-modular Paul Gortmaker
• 2015/12/09 [PATCH 0/2] security: clarify that some code is really non-modular Paul Gortmaker
• 2015/12/09 Re: [PATCH 2/2] keys, trusted: seal with a policy Mimi Zohar
• 2015/12/09 Re: [PATCH 2/2] keys, trusted: seal with a policy Jarkko Sakkinen
• 2015/12/08 Update robert
• 2015/12/08 Re: [PATCH 2/2] keys, trusted: seal with a policy Mimi Zohar
• 2015/12/08 Re: [PATCH 2/2] keys, trusted: seal with a policy Jarkko Sakkinen
• 2015/12/08 Re: [PATCH v1 1/7] ima: update appraise flags after policy update completes Mimi Zohar
• 2015/12/08 Re: [PATCH v1 4/7] ima: measure and appraise kexec image and initramfs Mimi Zohar
• 2015/12/08 Re: [PATCH v1 1/7] ima: update appraise flags after policy update completes Petko Manolov
• 2015/12/08 Re: [PATCH v1 4/7] ima: measure and appraise kexec image and initramfs Vivek Goyal
• 2015/12/08 [PATCH v1 7/7] ima: require signed IMA policy Mimi Zohar
• 2015/12/08 [PATCH v1 6/7] ima: measure and appraise the IMA policy itself Mimi Zohar
• 2015/12/08 [PATCH v1 5/7] ima: measure and appraise firmware (improvement) Mimi Zohar
• 2015/12/08 [PATCH v1 4/7] ima: measure and appraise kexec image and initramfs Mimi Zohar
• 2015/12/08 [PATCH v1 2/7] ima: separate 'security.ima' reading functionality from collect Mimi Zohar
• 2015/12/08 [PATCH v1 1/7] ima: update appraise flags after policy update completes Mimi Zohar
• 2015/12/08 [PATCH v1 0/7] ima: measuring/appraising files read by the kernel Mimi Zohar
• 2015/12/08 [PATCH v1 3/7] ima: load policy using path Mimi Zohar
• 2015/12/08 Re: [PATCH 2/2] keys, trusted: seal with a policy Jarkko Sakkinen
• 2015/12/07 Re: [PATCH 2/2] keys, trusted: seal with a policy James Morris
• 2015/12/07 [PATCH] Smack: File receive for sockets Casey Schaufler
• 2015/12/07 Re: [PATCH 1/2] security: let security modules use PTRACE_MODE_* with bitmasks Casey Schaufler
• 2015/12/07 [PATCH v2 02/18] block_dev: Check permissions towards block device inode when mounting Seth Forshee
• 2015/12/07 [PATCH v2 00/19] Support fuse mounts in user namespaces Seth Forshee
• 2015/12/07 [PATCH v2 01/18] block_dev: Support checking inode permissions in lookup_bdev() Seth Forshee
• 2015/12/07 [PATCH v2 03/18] fs: Treat foreign mounts as nosuid Seth Forshee
• 2015/12/07 [PATCH v2 04/18] selinux: Add support for unprivileged mounts from user namespaces Seth Forshee
• 2015/12/07 [PATCH v2 06/18] Smack: Handle labels consistently in untrusted mounts Seth Forshee
• 2015/12/07 [PATCH v2 05/18] userns: Replace in_userns with current_in_userns Seth Forshee
• 2015/12/07 [PATCH v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes Seth Forshee
• 2015/12/07 [PATCH v2 08/18] cred: Reject inodes with invalid ids in set_create_file_as() Seth Forshee
• 2015/12/07 [PATCH v2 07/18] fs: Check for invalid i_uid in may_follow_link() Seth Forshee
• 2015/12/07 [PATCH v2 10/18] fs: Update posix_acl support to handle user namespace mounts Seth Forshee
• 2015/12/07 [PATCH v2 09/18] fs: Refuse uid/gid changes which don't map into s_user_ns Seth Forshee
• 2015/12/07 Re: [PATCH 1/2] security: let security modules use PTRACE_MODE_* with bitmasks Kees Cook
• 2015/12/07 [PATCH v2 12/18] fs: Don't remove suid for CAP_FSETID in s_user_ns Seth Forshee
• 2015/12/07 [PATCH v2 15/18] fuse: Add support for pid namespaces Seth Forshee
• 2015/12/07 Re: [PATCH 2/2] ptrace: use fsuid, fsgid, effective creds for fs access checks Kees Cook
• 2015/12/07 [PATCH v2 14/18] capabilities: Allow privileged user in s_user_ns to set security.* xattrs Seth Forshee
• 2015/12/07 [PATCH v2 18/18] fuse: Allow user namespace mounts Seth Forshee
• 2015/12/07 [PATCH 1/2] security: let security modules use PTRACE_MODE_* with bitmasks Jann Horn
• 2015/12/07 [PATCH v2 16/18] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
• 2015/12/07 [PATCH 2/2] ptrace: use fsuid, fsgid, effective creds for fs access checks Jann Horn
• 2015/12/07 [PATCH v2 17/18] fuse: Restrict allow_other to the superblock's namespace or a descendant Seth Forshee
• 2015/12/07 Re: [PATCH] ptrace: use fsuid, fsgid, effective creds for fs access checks Jann Horn
• 2015/12/07 [PATCH v2 13/18] fs: Allow superblock owner to access do_remount_sb() Seth Forshee
• 2015/12/07 Re: [PATCH] ptrace: use fsuid, fsgid, effective creds for fs access checks Jann Horn
• 2015/12/07 Re: [PATCH] ptrace: use fsuid, fsgid, effective creds for fs access checks Kees Cook
• 2015/12/07 Re: [PATCH 2/2] keys, trusted: seal with a policy Jarkko Sakkinen
• 2015/12/05 [PATCH] ptrace: use fsuid, fsgid, effective creds for fs access checks Jann Horn
• 2015/12/04 Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Seth Forshee
• 2015/12/04 Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Andreas Dilger
• 2015/12/04 Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Serge E. Hallyn
• 2015/12/04 Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Theodore Ts'o
• 2015/12/04 Re: [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps Serge E. Hallyn
• 2015/12/04 Re: [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant Serge E. Hallyn
• 2015/12/04 Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Serge E. Hallyn
• 2015/12/04 Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Seth Forshee
• 2015/12/04 Re: [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant Seth Forshee
• 2015/12/04 Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
• 2015/12/04 Re: [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps Seth Forshee
• 2015/12/04 Re: [PATCH RFC] Introduce new security.nscapability xattr Serge E. Hallyn
• 2015/12/04 [PATCH v1 1/1] selinux: use absolute path to include directory Andy Shevchenko
• 2015/12/04 Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Serge E. Hallyn
• 2015/12/04 Re: [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant Serge E. Hallyn
• 2015/12/04 Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Theodore Ts'o
• 2015/12/04 Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Serge E. Hallyn
• 2015/12/04 Re: [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns Serge E. Hallyn
• 2015/12/04 Re: [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps Serge E. Hallyn
• 2015/12/04 Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Serge E. Hallyn
• 2015/12/04 Re: [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb() Serge E. Hallyn
• 2015/12/04 Re: [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns Serge E. Hallyn
• 2015/12/04 Re: [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes Serge E. Hallyn
• 2015/12/04 Re: [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts Serge E. Hallyn
• 2015/12/04 Re: [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns Seth Forshee
• 2015/12/04 Re: [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns Serge E. Hallyn
• 2015/12/04 Re: [PATCH 05/19] userns: Replace in_userns with current_in_userns Serge E. Hallyn
• 2015/12/04 Re: [PATCH 03/19] fs: Treat foreign mounts as nosuid Serge E. Hallyn
• 2015/12/04 Re: [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as() Serge E. Hallyn
• 2015/12/04 Re: [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link() Serge E. Hallyn
• 2015/12/04 Re: [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting Serge E. Hallyn
• 2015/12/04 Re: [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev() Serge E. Hallyn
• 2015/12/04 Re: [PATCH v3] capabilities.7, prctl.2: Document ambient capabilities Andy Lutomirski
• 2015/12/04 Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
• 2015/12/04 Re: [PATCH v3] capabilities.7, prctl.2: Document ambient capabilities Michael Kerrisk (man-pages)
• 2015/12/04 Re: [patch] Smack: harmless underflow in smk_set_cipso() Dan Carpenter
• 2015/12/03 Re: [patch] Smack: harmless underflow in smk_set_cipso() Casey Schaufler
• 2015/12/02 Re: [RFC] KEYS: Exposing {a,}symmetric key ops to userspace and other bits Mimi Zohar
• 2015/12/02 Re: [PATCH v6 0/3] IMA policy read/write and new IMA keyrings; Mimi Zohar
• 2015/12/02 [PATCH 05/19] userns: Replace in_userns with current_in_userns Seth Forshee
• 2015/12/02 [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link() Seth Forshee
• 2015/12/02 [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev() Seth Forshee
• 2015/12/02 [PATCH v6 3/3] Allows reading back the current IMA policy. Petko Manolov
• 2015/12/02 [PATCH v6 1/3] IMA policy can now be updated multiple times. Petko Manolov
• 2015/12/02 [PATCH v6 2/3] Create IMA machine owner and blacklist keyrings; Petko Manolov
• 2015/12/02 [PATCH 03/19] fs: Treat foreign mounts as nosuid Seth Forshee
• 2015/12/02 [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting Seth Forshee
• 2015/12/02 [PATCH 00/19] Support fuse mounts in user namespaces Seth Forshee
• 2015/12/02 [PATCH 06/19] Smack: Handle labels consistently in untrusted mounts Seth Forshee
• 2015/12/02 [PATCH v6 0/3] IMA policy read/write and new IMA keyrings; Petko Manolov
• 2015/12/02 [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb() Seth Forshee
• 2015/12/02 [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts Seth Forshee
• 2015/12/02 [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns Seth Forshee
• 2015/12/02 [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns Seth Forshee
• 2015/12/02 [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as() Seth Forshee
• 2015/12/02 [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Seth Forshee
• 2015/12/02 [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes Seth Forshee
• 2015/12/02 [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
• 2015/12/02 [PATCH 16/19] fuse: Add support for pid namespaces Seth Forshee
• 2015/12/02 [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant Seth Forshee
• 2015/12/02 [PATCH 19/19] fuse: Allow user namespace mounts Seth Forshee
• 2015/12/02 [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps Seth Forshee
• 2015/12/02 [PATCH 04/19] selinux: Add support for unprivileged mounts from user namespaces Seth Forshee
• 2015/12/01 Re: keyring timestamps Mark D. Baushke
• 2015/12/01 Re: keyring timestamps Petko Manolov
• 2015/12/01 Re: keyring timestamps David Howells
• 2015/12/01 Re: keyring timestamps Mimi Zohar
• 2015/12/01 keyring timestamps Petko Manolov
• 2015/12/01 Re: [PATCH 1/2] KEYS: Reserve an extra certificate symbol for inserting without recompiling Mehmet Kayaalp
• 2015/12/01 Re: [PATCH] X.509: Fix leap year handling again and support leap seconds David Howells
• 2015/12/01 Re: [PATCH] X.509: Fix leap year handling again and support leap seconds Rudolf Polzer
• 2015/12/01 [PATCH] X.509: Fix leap year handling again and support leap seconds David Howells
• 2015/11/30 Re: [PATCH RFC] Introduce new security.nscapability xattr Serge E. Hallyn
• 2015/11/30 Re: [PATCH RFC] Introduce new security.nscapability xattr Eric W. Biederman
• 2015/11/30 [PATCH RFC] Introduce new security.nscapability xattr Serge E. Hallyn
• 2015/11/30 Re: [PATCH] evm: EVM_LOAD_X509 depends on EVM Mimi Zohar
• 2015/11/30 Re: [GIT PULL] security: KEYS: Fix handling of stored error in a negatively instantiated user key Josh Boyer
• 2015/11/27 [PATCH] evm: EVM_LOAD_X509 depends on EVM Arnd Bergmann

• Earlier messages
• Later messages