[PATCH 0/3] landlock: Restrict renameat2 with RENAME_WHITEOUT
2026-04-11 9:09 UTC (4+ messages)
` [PATCH 1/3] landlock: Require LANDLOCK_ACCESS_FS_MAKE_CHAR for RENAME_WHITEOUT
` [PATCH 2/3] selftests/landlock: Add test for RENAME_WHITEOUT denial
` [PATCH 3/3] selftests/landlock: Test OverlayFS renames w/o LANDLOCK_ACCESS_FS_MAKE_CHAR
LSM: Whiteout chardev creation sidesteps mknod hook
2026-04-11 8:36 UTC (7+ messages)
[PATCH] security: remove BUG_ON in security_skb_classify_flow
2026-04-10 23:34 UTC (4+ messages)
[GIT PULL] lsm/lsm-pr-20260410
2026-04-10 23:28 UTC (2+ messages)
[GIT PULL] selinux/selinux-pr-20260410
2026-04-10 23:26 UTC
[PATCH v3] KEYS: trusted: Debugging as a feature
2026-04-10 17:33 UTC (2+ messages)
[PATCH 04/61] ext4: Prefer IS_ERR_OR_NULL over manual NULL check
2026-04-10 15:18 UTC (2+ messages)
[RFC PATCH 00/20] BPF interface for applying Landlock rulesets
2026-04-10 12:43 UTC (27+ messages)
` [RFC PATCH 01/20] landlock: Move operations from syscall into ruleset code
` [RFC PATCH 02/20] execve: Add set_nnp_on_point_of_no_return
` [RFC PATCH 03/20] landlock: Implement LANDLOCK_RESTRICT_SELF_NO_NEW_PRIVS
` [RFC PATCH 04/20] selftests/landlock: Cover LANDLOCK_RESTRICT_SELF_NO_NEW_PRIVS
` [RFC PATCH 05/20] landlock: Make ruleset deferred free RCU safe
` [RFC PATCH 06/20] bpf: lsm: Add Landlock kfuncs
` [RFC PATCH 07/20] bpf: arraymap: Implement Landlock ruleset map
` [RFC PATCH 08/20] bpf: Add Landlock ruleset map type
` [RFC PATCH 09/20] bpf: syscall: Handle Landlock ruleset maps
` [RFC PATCH 10/20] bpf: verifier: Add Landlock ruleset map support
` [RFC PATCH 11/20] selftests/bpf: Add Landlock kfunc declarations
` [RFC PATCH 12/20] selftests/landlock: Rename gettid wrapper for BPF reuse
` [RFC PATCH 13/20] selftests/bpf: Enable Landlock in selftests kernel
` [RFC PATCH 14/20] selftests/bpf: Add Landlock kfunc test program
` [RFC PATCH 15/20] selftests/bpf: Add Landlock kfunc test runner
` [RFC PATCH 16/20] landlock: Bump ABI version
` [RFC PATCH 17/20] tools: bpftool: Add documentation for landlock_ruleset
` [RFC PATCH 18/20] landlock: Document LANDLOCK_RESTRICT_SELF_NO_NEW_PRIVS
` [RFC PATCH 19/20] bpf: Document BPF_MAP_TYPE_LANDLOCK_RULESET
` [RFC PATCH 20/20] MAINTAINERS: update entry for the Landlock subsystem
[bug report] apparmor: add support loading per permission tagging
2026-04-10 10:16 UTC
[RFC PATCH v1 00/11] Landlock: Namespace and capability control
2026-04-10 9:35 UTC (14+ messages)
` [RFC PATCH v1 01/11] security: add LSM blob and hooks for namespaces
` [RFC PATCH v1 02/11] security: Add LSM_AUDIT_DATA_NS for namespace audit records
` [RFC PATCH v1 04/11] landlock: Wrap per-layer access masks in struct layer_rights
` [RFC PATCH v1 05/11] landlock: Enforce namespace entry restrictions
[PATCH v2 0/4] Firmware LSM hook
2026-04-09 21:04 UTC (3+ messages)
[PATCH 00/61] treewide: Use IS_ERR_OR_NULL over manual NULL check - refactor
2026-04-09 18:16 UTC (2+ messages)
[GIT PULL] Landlock update for v7.1-rc1
2026-04-09 17:31 UTC
[PATCH v4 0/3] Fix incorrect overlayfs mmap() and mprotect() LSM access controls
2026-04-09 13:32 UTC (15+ messages)
` [PATCH v4 1/3] fs: prepare for adding LSM blob to backing_file
` [PATCH v4 2/3] lsm: add backing_file LSM hooks
` [PATCH v4 3/3] selinux: fix overlayfs mmap() and mprotect() access checks
[PATCH v2] KEYS: trusted: Debugging as a feature
2026-04-09 0:41 UTC (5+ messages)
[PATCH v2 0/2] Add support for ML-DSA signature for EVM and IMA
2026-04-08 17:41 UTC (3+ messages)
` [PATCH v2 1/2] integrity: Refactor asymmetric_verify for reusability
` [PATCH v2 2/2] integrity: Add support for sigv3 verification using ML-DSA keys
[PATCH 0/3] Add support for ML-DSA signature for EVM and IMA
2026-04-08 17:25 UTC (6+ messages)
` [PATCH 1/3] crypto: public_key: Remove check for valid hash_algo for ML-DSA keys
` [PATCH 2/3] integrity: Refactor asymmetric_verify for reusability
` [PATCH 3/3] integrity: Add support for sigv3 verification using ML-DSA keys
[RFC PATCH v4 00/19] Support socket access-control
2026-04-08 10:26 UTC (2+ messages)
[PATCH v2] KEYS: trusted: Debugging as a feature
2026-04-08 8:24 UTC (3+ messages)
[PATCH v2 1/2] landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()
2026-04-07 19:02 UTC (3+ messages)
` [PATCH v2 2/2] landlock: Allow TSYNC with LOG_SUBDOMAINS_OFF and fd=-1
[PATCH v1 1/2] landlock: Fix log_subdomains_off inheritance across fork()
2026-04-07 19:00 UTC (7+ messages)
` [PATCH v1 2/2] landlock: Allow TSYNC with LOG_SUBDOMAINS_OFF and fd=-1
[PATCH v5 0/3] Trim N entries of IMA event logs
2026-04-07 16:19 UTC (5+ messages)
` [PATCH v5 1/3] ima: make ima event log trimming configurable
` [PATCH v5 2/3] ima: trim N IMA event log records
` [PATCH v5 3/3] ima: add new critical data record to measure log trim
[PATCH v2 00/17] Landlock tracepoints
2026-04-07 13:00 UTC (20+ messages)
` [PATCH v2 01/17] landlock: Prepare ruleset and domain type split
` [PATCH v2 02/17] landlock: Move domain query functions to domain.c
` [PATCH v2 03/17] landlock: Split struct landlock_domain from struct landlock_ruleset
` [PATCH v2 04/17] landlock: Split denial logging from audit into common framework
` [PATCH v2 05/17] tracing: Add __print_untrusted_str()
` [PATCH v2 06/17] landlock: Add create_ruleset and free_ruleset tracepoints
` [PATCH v2 07/17] landlock: Add landlock_add_rule_fs and landlock_add_rule_net tracepoints
` [PATCH v2 08/17] landlock: Add restrict_self and free_domain tracepoints
` [PATCH v2 09/17] landlock: Add tracepoints for rule checking
` [PATCH v2 10/17] landlock: Set audit_net.sk for socket access checks
` [PATCH v2 11/17] landlock: Add landlock_deny_access_fs and landlock_deny_access_net
` [PATCH v2 12/17] landlock: Add tracepoints for ptrace and scope denials
` [PATCH v2 13/17] selftests/landlock: Add trace event test infrastructure and tests
` [PATCH v2 14/17] selftests/landlock: Add filesystem tracepoint tests
` [PATCH v2 15/17] selftests/landlock: Add network "
` [PATCH v2 16/17] selftests/landlock: Add scope and ptrace "
` [PATCH v2 17/17] landlock: Document tracepoints
[PATCH] evm: zero-initialize the evm_xattrs read buffer
2026-04-07 6:09 UTC
[PATCH v8 0/9] Implement LANDLOCK_ADD_RULE_QUIET
2026-04-06 15:52 UTC (10+ messages)
` [PATCH v8 1/9] landlock: Add a place for flags to layer rules
` [PATCH v8 2/9] landlock: Add API support and docs for the quiet flags
` [PATCH v8 3/9] landlock: Suppress logging when quiet flag is present
` [PATCH v8 4/9] samples/landlock: Add quiet flag support to sandboxer
` [PATCH v8 5/9] selftests/landlock: Replace hard-coded 16 with a constant
` [PATCH v8 6/9] selftests/landlock: add tests for quiet flag with fs rules
` [PATCH v8 7/9] selftests/landlock: add tests for quiet flag with net rules
` [PATCH v8 8/9] selftests/landlock: Add tests for quiet flag with scope
` [PATCH v8 9/9] selftests/landlock: Add tests for invalid use of quiet flag
[PATCH v3 0/3] landlock: Refactor layer masks
2026-04-06 15:14 UTC (3+ messages)
` [PATCH v3 3/3] landlock: transpose the layer masks data structure
[PATCH v3 0/5] Fix Landlock audit test flakiness
2026-04-03 17:08 UTC (13+ messages)
` [PATCH v3 1/5] selftests/landlock: Fix snprintf truncation checks in audit helpers
` [PATCH v3 2/5] selftests/landlock: Fix socket file descriptor leaks "
` [PATCH v3 3/5] selftests/landlock: Drain stale audit records on init
` [PATCH v3 4/5] selftests/landlock: Skip stale records in audit_match_record()
` [PATCH v3 5/5] selftests/landlock: Fix format warning for __u64 in net_test
[PATCH] apparmor: Fix two bugs of aa_setup_dfa_engine's fail handling
2026-04-03 3:51 UTC
LSM namespacing API
2026-04-02 21:04 UTC (11+ messages)
[PATCH] landlock: Document fallocate(2) as another truncation corner case
2026-04-02 18:16 UTC (4+ messages)
[PATCH v8 00/12] landlock: UNIX connect() control by pathname and scope
2026-04-02 18:09 UTC (16+ messages)
` [PATCH v8 01/12] lsm: Add LSM hook security_unix_find
` [PATCH v8 03/12] landlock: Replace union access_masks_all with helper functions
` [PATCH v8 04/12] landlock: Control pathname UNIX domain socket resolution by path
` [PATCH v8 10/12] selftests/landlock: Check that coredump sockets stay unrestricted
` [PATCH v8 11/12] selftests/landlock: fs_test: Simplify ruleset creation and enforcement
` [PATCH v8 12/12] landlock: Document FS access right for pathname UNIX sockets
[PATCH v6.1] apparmor: fix unprivileged local user can do privileged policy management
2026-04-02 8:03 UTC (3+ messages)
[PATCH v5.10-v5.15] apparmor: fix unprivileged local user can do privileged policy management
2026-04-02 5:47 UTC
[PATCH v4 00/13] ima: Introduce staging mechanism
2026-04-01 17:52 UTC (9+ messages)
` [PATCH v4 09/13] ima: Add support for staging measurements with prompt
` [PATCH v4 11/13] ima: Support staging and deleting N measurements entries
[PATCH v2 0/4] Fix Landlock audit test flakiness
2026-04-01 16:14 UTC (5+ messages)
` [PATCH v2 1/4] selftests/landlock: Fix snprintf truncation checks in audit helpers
` [PATCH v2 2/4] selftests/landlock: Fix socket file descriptor leaks "
` [PATCH v2 3/4] selftests/landlock: Drain stale audit records on init
` [PATCH v2 4/4] selftests/landlock: Skip stale records in audit_match_record()
[PATCH v3 6/9] security: Hornet LSM
2026-03-31 23:49 UTC (3+ messages)
[PATCH v3 0/9] Reintrodce Hornet LSM
2026-03-31 22:04 UTC (6+ messages)
` [PATCH v3 4/9] lsm: framework for BPF integrity verification
[PATCH v3 0/2] Fix incorrect overlayfs mmap() and mprotect() LSM access controls
2026-03-31 2:13 UTC (7+ messages)
` [PATCH v3 1/2] lsm: add backing_file LSM hooks
` [PATCH v3 2/2] selinux: fix overlayfs mmap() and mprotect() access checks
[PATCH 0/7] lsm: Replace security_sb_mount with granular mount hooks
2026-03-30 20:04 UTC (18+ messages)
` [PATCH 6/7] tomoyo: Convert from sb_mount to "
page: next (older)
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox