2019-03-19 |
Stephen Smalley | scripts/selinux: fix build Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2019-03-18 |
Stephen Smalley | scripts/selinux: modernize mdp Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2019-02-05 |
Stephen Smalley | selinux: fix avc audit messages Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2019-01-11 |
Stephen Smalley | selinux: stop passing MAY_NOT_BLOCK to the AVC upon... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2019-01-11 |
Stephen Smalley | selinux: avoid silent denials in permissive mode under... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2019-01-11 |
Stephen Smalley | selinux: fix GPF on invalid policy Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2018-09-04 |
Stephen Smalley | selinux: fix mounting of cgroup2 under older policies Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2018-04-09 |
Stephen Smalley | selinux: fix missing dput() before selinuxfs unmount Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2018-03-20 |
Stephen Smalley | selinux: wrap AVC state Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2018-03-20 |
Stephen Smalley | selinux: wrap selinuxfs state Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2018-03-20 |
Stephen Smalley | selinux: fix handling of uninitialized selinux state... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2018-03-06 |
Stephen Smalley | usb, signal, security: only pass the cred, not the... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2018-03-01 |
Stephen Smalley | selinux: wrap global selinux state Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-08-17 |
Stephen Smalley | lsm_audit: update my email address Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-08-17 |
Stephen Smalley | selinux: update my email address Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-08-02 |
Stephen Smalley | selinux: Generalize support for NNP/nosuid SELinux... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-07-31 |
Stephen Smalley | selinux: genheaders should fail if too many permissions... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-05-23 |
Stephen Smalley | selinux: log policy capability state when a policy... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-05-23 |
Stephen Smalley | selinux: do not check open permission on sockets Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-05-23 |
Stephen Smalley | selinux: add a map permission check for mmap Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-05-23 |
Stephen Smalley | selinux: only invoke capabilities and selinux for CAP_MAC_AD... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-03-29 |
Stephen Smalley | fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-03-05 |
Stephen Smalley | selinux: fix kernel BUG on prlimit(..., NULL, NULL) Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-03-05 |
Stephen Smalley | prlimit,security,selinux: add a security hook for prlimit Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-03-01 |
Stephen Smalley | selinux: wrap cgroup seclabel support with its own... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-03-01 |
Stephen Smalley | timerfd: Only check CAP_WAKE_ALARM when it is needed Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-02-08 |
Stephen Smalley | selinux: fix off-by-one in setprocattr Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-02-07 |
Stephen Smalley | selinux: fix off-by-one in setprocattr Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-01-12 |
Stephen Smalley | security,selinux,smack: kill security_task_wait hook Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-01-12 |
Stephen Smalley | selinux: drop unused socket security classes Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-01-09 |
Stephen Smalley | proc,security: move restriction on writing /proc/pid... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-01-09 |
Stephen Smalley | selinux: clean up cred usage and simplify Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-01-09 |
Stephen Smalley | selinux: allow context mounts on tmpfs, ramfs, devpts... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-01-09 |
Stephen Smalley | selinux: handle ICMPv6 consistently with ICMP Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2017-01-09 |
Stephen Smalley | selinux: support distinctions among all network address... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2016-11-21 |
Stephen Smalley | selinux: keep SELinux in sync with new capability definitions Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2016-11-20 |
Stephen Smalley | selinux: normalize input to /sys/fs/selinux/enforce Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2016-05-31 |
Stephen Smalley | selinux: Only apply bounds checking to source types Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2016-04-26 |
Stephen Smalley | selinux: apply execstack check on thread stacks Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2016-04-26 |
Stephen Smalley | selinux: distinguish non-init user namespace capability... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-11-24 |
Stephen Smalley | selinux: fix bug in conditional rules handling Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-10-29 |
Stephen Smalley | lkdtm: fix ACCESS_USERSPACE test Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-10-06 |
Stephen Smalley | x86/mm: Warn on W^X mappings Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-10-02 |
Stephen Smalley | x86/mm: Set NX on gap between __ex_table and rodata Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-08-07 |
Stephen Smalley | ipc: use private shmem or hugetlbfs inodes for shm... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-07-13 |
Stephen Smalley | selinux: Augment BUG_ON assertion for secclass_map. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-07-13 |
Stephen Smalley | selinux: initialize sock security class to default... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-07-10 |
Stephen Smalley | selinux: fix mprotect PROT_EXEC regression caused by... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-07-08 |
Stephen Smalley | net/tipc: initialize security state for new connection... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-06-11 |
Stephen Smalley | net/unix: support SCM_SECURITY for stream sockets Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-06-04 |
Stephen Smalley | selinux: Remove unused permission definitions Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-06-04 |
Stephen Smalley | selinux: enable genfscon labeling for sysfs and pstore... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-06-04 |
Stephen Smalley | selinux: enable per-file labeling for debugfs files. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-06-04 |
Stephen Smalley | selinux: update netlink socket classes Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-04-07 |
Stephen Smalley | selinux: increase avtab max buckets Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-04-07 |
Stephen Smalley | selinux: convert avtab hash table to flex_array Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-02-28 |
Stephen Smalley | security/yama: Remove unnecessary selects from Kconfig. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2015-01-25 |
Stephen Smalley | Add security hooks to binder and implement the hooks... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2014-10-15 |
Stephen Smalley | selinux: fix inode security list corruption Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2014-08-28 |
Stephen Smalley | selinux: Permit bounded transitions under NO_NEW_PRIVS... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2014-06-03 |
Stephen Smalley | selinux: Report permissive mode in avc: denied messages. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2014-05-01 |
Stephen Smalley | selinux: Report permissive mode in avc: denied messages. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2014-02-05 |
Stephen Smalley | SELinux: Fix kernel BUG on empty security contexts. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2013-07-25 |
Stephen Smalley | SELinux: Enable setting security contexts on rootfs... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2011-04-07 |
Stephen Smalley | selinux: Fix regression for Xorg Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2011-03-28 |
Stephen Smalley | selinux: Fix regression for Xorg Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2010-04-28 |
Stephen Smalley | selinux: generalize disabling of execmem for plt-in... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2010-04-14 |
Stephen Smalley | SELinux: Reduce max avtab size to avoid page allocation...
|
commit | commitdiff | tree |
2010-03-15 |
Stephen Smalley | SELinux: Reduce max avtab size to avoid page allocation...
|
commit | commitdiff | tree |
2010-02-02 |
Stephen Smalley | selinux: Only audit permissions specified in policy
|
commit | commitdiff | tree |
2010-01-24 |
Stephen Smalley | selinux: convert range transition list to a hashtab
|
commit | commitdiff | tree |
2010-01-17 |
Stephen Smalley | selinux: change the handling of unknown classes
|
commit | commitdiff | tree |
2009-10-20 |
Stephen Smalley | SELinux: fix locking issue introduced with c6d3aaa4e35c71a3
|
commit | commitdiff | tree |
2009-10-07 |
Stephen Smalley | selinux: drop remapping of netlink classes Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2009-10-07 |
Stephen Smalley | selinux: generate flask headers during kernel build Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2009-10-07 |
Stephen Smalley | selinux: dynamic class/perm discovery Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2009-06-22 |
Stephen Smalley | selinux: restore optimization to selinux_file_permission Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2009-05-19 |
Stephen Smalley | selinux: remove obsolete read buffer limit from sel_read_bool Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2009-05-04 |
Stephen Smalley | selinux: Fix send_sigiotask hook Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-12-19 |
Stephen Smalley | SELinux: correctly detect proc filesystems of the form...
|
commit | commitdiff | tree |
2008-09-29 |
Stephen Smalley | selinux: use default proc sid on symlinks
|
commit | commitdiff | tree |
2008-09-11 |
Stephen Smalley | Update selinux info in MAINTAINERS and Kconfig help... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-08-01 |
Stephen Smalley | Re: BUG at security/selinux/avc.c:883 (was: Re: linux... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-07-14 |
Stephen Smalley | selinux: change handling of invalid classes (Was: Re... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-07-14 |
Stephen Smalley | selinux: fix endianness bug in network node address... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-07-14 |
Stephen Smalley | selinux: simplify ioctl checking Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-07-14 |
Stephen Smalley | SELinux: enable processes with mac_admin to get the... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-07-14 |
Stephen Smalley | Security: split proc ptrace checking into read vs.... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-07-14 |
Stephen Smalley | SELinux: fix sleeping allocation in security_context_to_sid Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-07-14 |
Stephen Smalley | selinux: support deferred mapping of contexts Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-04-07 |
Stephen Smalley | SELinux: more GFP_NOFS fixups to prevent selinux from... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-04-02 |
Stephen Smalley | selinux: handle files opened with flags 3 by checking... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-02-11 |
Stephen Smalley | selinux: support 64-bit capabilities Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2008-01-26 |
Stephen Smalley | selinux: fix labeling of /proc/net inodes Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2007-12-05 |
Stephen Smalley | SELinux: detect dead booleans Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2007-12-05 |
Stephen Smalley | SELinux: do not clear f_op when removing entries Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2007-11-07 |
Stephen Smalley | SELinux: add more validity checks on policy load Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2007-08-31 |
Stephen Smalley | SELinux: clear parent death signal on SID transitions Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2007-07-12 |
Stephen Smalley | SELinux: allow preemption between transition permission... Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
2007-04-26 |
Stephen Smalley | selinux: preserve boolean values across policy reloads Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
commit | commitdiff | tree |
next |