1. c7400e2 evm: mark evm_fixmode as __ro_after_init by Austin Kim · 3 years, 2 months ago
  2. db04fb4 selinux: fix race condition when computing ocontext SIDs by Ondrej Mosnacek · 3 years, 5 months ago
  3. 0d9f4ae binder: use cred instead of task for selinux checks by Todd Kjos · 3 years, 2 months ago
  4. df19d95 Smack: Fix wrong semantics in smk_access_entry() by Tianjia Zhang · 3 years, 6 months ago
  5. 34d099a IMA: remove the dependency on CRYPTO_MD5 by THOBY Simon · 3 years, 5 months ago
  6. 5cc1ee3 IMA: remove -Wmissing-prototypes warning by Austin Kim · 3 years, 6 months ago
  7. d8c3859 bpf: Add lockdown check for probe_write_user helper by Daniel Borkmann · 3 years, 5 months ago
  8. f4984f6 selinux: correct the return value when loads initial sids by Xiu Jianfeng · 3 years, 5 months ago
  9. 3780348 smackfs: restrict bytes count in smk_set_cipso() by Tetsuo Handa · 3 years, 9 months ago
  10. f383718 selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC by Minchan Kim · 3 years, 7 months ago
  11. 912d16a evm: fix writing <securityfs>/evm overflow by Mimi Zohar · 3 years, 8 months ago
  12. 5312426 evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded by Roberto Sassu · 3 years, 8 months ago
  13. 7b84c7d evm: Execute evm_inode_init_security() only when an HMAC key is loaded by Roberto Sassu · 3 years, 8 months ago
  14. 1573d59 integrity: Load mokx variables into the blacklist keyring by Eric Snowberg · 4 years ago
  15. 4510906 certs: Add EFI_CERT_X509_GUID support for dbx entries by Eric Snowberg · 4 years ago
  16. 31c9a4b KEYS: trusted: Fix memory leak on object td by Colin Ian King · 3 years, 8 months ago
  17. 6b4b3b8 ima: Fix the error code for restoring the PCR value by Li Huafei · 3 years, 10 months ago
  18. 09a119a security: keys: trusted: fix TPM2 authorizations by James Bottomley · 4 years ago
  19. 4c0ddc8 selinux: add proper NULL termination to the secclass_map permissions by Paul Moore · 3 years, 8 months ago
  20. f37b9c142 security: commoncap: fix -Wstringop-overread warning by Arnd Bergmann · 3 years, 9 months ago
  21. bf84ef2 KEYS: trusted: Fix TPM reservation for seal/unseal by James Bottomley · 3 years, 8 months ago
  22. a28124e selinux: fix race between old and new sidtab by Ondrej Mosnacek · 3 years, 9 months ago
  23. fd75d73 selinux: fix cond_list corruption when changing booleans by Ondrej Mosnacek · 3 years, 9 months ago
  24. 4f29b08 selinux: make nslot handling in avtab more robust by Ondrej Mosnacek · 3 years, 9 months ago
  25. 546f7fc integrity: double check iint_cache was initialized by Mimi Zohar · 3 years, 10 months ago
  26. 19c9967 selinux: fix variable scope issue in live sidtab conversion by Ondrej Mosnacek · 3 years, 10 months ago
  27. 9731e08 selinux: don't log MAC_POLICY_LOAD record on failed policy load by Ondrej Mosnacek · 3 years, 10 months ago
  28. 5d5422a Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") by Eric W. Biederman · 3 years, 10 months ago
  29. aa40f5e tomoyo: recognize kernel threads correctly by Tetsuo Handa · 4 years ago
  30. e004209 tomoyo: ignore data race while checking quota by Tetsuo Handa · 4 years ago
  31. fa5b656 smackfs: restrict bytes count in smackfs write functions by Sabyrzhan Tasbolatov · 4 years ago
  32. 67118bb KEYS: trusted: Reserve TPM for seal and unseal operations by Jarkko Sakkinen · 4 years ago
  33. 54c527c KEYS: trusted: Fix migratable=1 failing by Jarkko Sakkinen · 4 years ago
  34. 9d83cc1 KEYS: trusted: Fix incorrect handling of tpm_get_random() by Jarkko Sakkinen · 4 years ago
  35. 2fe9215 selinux: fix inconsistency between inode_getxattr and inode_listsecurity by Amir Goldstein · 4 years ago
  36. d7b0efa certs: Fix blacklist flag type confusion by David Howells · 4 years, 1 month ago
  37. 6e223a3 watch_queue: Drop references to /dev/watch_queue by Gabriel Krisman Bertazi · 4 years, 1 month ago
  38. 54b4e5d capabilities: Don't allow writing ambiguous v3 file capabilities by Eric W. Biederman · 4 years ago
  39. c365d33 ima: Free IMA measurement buffer after kexec syscall by Lakshmi Ramasubramanian · 3 years, 11 months ago
  40. 1facf24 ima: Free IMA measurement buffer on error by Lakshmi Ramasubramanian · 3 years, 11 months ago
  41. 494e9ec evm: Fix memleak in init_desc by Dinghao Liu · 4 years ago
  42. 02dee03 cap: fix conversions on getxattr by Miklos Szeredi · 4 years ago
  43. a3fddad dump_common_audit_data(): fix racy accesses to ->d_name by Al Viro · 4 years ago
  44. 0f2206e ima: Don't modify file descriptor mode on the fly by Roberto Sassu · 4 years, 1 month ago
  45. 8f939ab Smack: Handle io_uring kernel thread privileges by Casey Schaufler · 4 years ago
  46. 6e5ea34 selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling by Paul Moore · 4 years, 2 months ago
  47. f0d7de0 selinux: fix error initialization in inode_doinit_with_dentry() by Tianyue Ren · 4 years, 3 months ago
  48. 30636a5 Merge tag 'selinux-pr-20201113' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux by Linus Torvalds · 4 years, 1 month ago
  49. c350f8b selinux: Fix error return code in sel_ib_pkey_sid_slow() by Chen Zhou · 4 years, 2 months ago
  50. 4739eea ima: Replace zero-length array with flexible-array member by Gustavo A. R. Silva · 4 years, 4 months ago
  51. 81ecf91 Merge tag 'safesetid-5.10' of git://github.com/micah-morton/linux by Linus Torvalds · 4 years, 2 months ago
  52. 91989c7 task_work: cleanup notification modes by Jens Axboe · 4 years, 2 months ago
  53. 9ff9b0d Merge tag 'net-next-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next by Linus Torvalds · 4 years, 2 months ago
  54. 840e5bb Merge tag 'integrity-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity by Linus Torvalds · 4 years, 2 months ago
  55. 726eb70 Merge tag 'char-misc-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc by Linus Torvalds · 4 years, 2 months ago
  56. 7b54081 Merge tag 'selinux-pr-20201012' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux by Linus Torvalds · 4 years, 3 months ago
  57. 99a6740 Merge tag 'Smack-for-5.10' of git://github.com/cschaufler/smack-next by Linus Torvalds · 4 years, 3 months ago
  58. b274279 Merge tag 'tomoyo-pr-20201012' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1 by Linus Torvalds · 4 years, 3 months ago
  59. 03ca0ec LSM: SafeSetID: Fix warnings reported by test bot by Thomas Cedeno · 4 years, 5 months ago
  60. 5294bac LSM: SafeSetID: Add GID security policy handling by Thomas Cedeno · 4 years, 6 months ago
  61. 39a5101 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 by Linus Torvalds · 4 years, 3 months ago
  62. 85ed13e Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs by Linus Torvalds · 4 years, 3 months ago
  63. e6412f9 Merge tag 'efi-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip by Linus Torvalds · 4 years, 3 months ago
  64. a207516 tomoyo: Loosen pathname/domainname validation. by Tetsuo Handa · 4 years, 4 months ago
  65. edd6153 Smack: Remove unnecessary variable initialization by Casey Schaufler · 4 years, 3 months ago
  66. 0fa8e08 fs/kernel_file_read: Add "offset" arg for partial reads by Kees Cook · 4 years, 3 months ago
  67. 34736da IMA: Add support for file reads without contents by Scott Branden · 4 years, 3 months ago
  68. 2039bda LSM: Add "contents" flag to kernel_read_file hook by Kees Cook · 4 years, 3 months ago
  69. 4f2d99b firmware_loader: Use security_post_load_data() by Kees Cook · 4 years, 3 months ago
  70. b64fcae LSM: Introduce kernel_post_load_data() hook by Kees Cook · 4 years, 3 months ago
  71. 8853528 fs/kernel_read_file: Add file_size output argument by Kees Cook · 4 years, 3 months ago
  72. 113eeb5 fs/kernel_read_file: Switch buffer size arg to size_t by Kees Cook · 4 years, 3 months ago
  73. f7a4f68 fs/kernel_read_file: Remove redundant size argument by Kees Cook · 4 years, 3 months ago
  74. b89999d0 fs/kernel_read_file: Split into separate include file by Scott Branden · 4 years, 3 months ago
  75. c307459 fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum by Kees Cook · 4 years, 3 months ago
  76. 5d47b39 security/keys: remove compat_keyctl_instantiate_key_iov by Christoph Hellwig · 4 years, 3 months ago
  77. 89cd35c iov_iter: transparently handle compat iovecs in import_iovec by Christoph Hellwig · 4 years, 3 months ago
  78. 0b7e44d integrity: Asymmetric digsig supports SM2-with-SM3 algorithm by Tianjia Zhang · 4 years, 3 months ago
  79. 3ab0a7a Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net by David S. Miller · 4 years, 3 months ago
  80. bf0afe6 Smack: Fix build when NETWORK_SECMARK is not set by Casey Schaufler · 4 years, 3 months ago
  81. aa662fc ima: Fix NULL pointer dereference in ima_file_hash by KP Singh · 4 years, 3 months ago
  82. 726bd89 integrity: Load certs from the EFI MOK config table by Lenny Szubowicz · 4 years, 4 months ago
  83. 38a1f03 integrity: Move import of MokListRT certs to a separate routine by Lenny Szubowicz · 4 years, 4 months ago
  84. 1e484d3 Merge tag 'fixes-v5.9a' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 4 years, 3 months ago
  85. 8861d0a selinux: Add helper functions to get and set checkreqprot by Lakshmi Ramasubramanian · 4 years, 4 months ago
  86. 455b6c9 evm: Check size of security.evm before using it by Roberto Sassu · 4 years, 4 months ago
  87. 4be92db ima: Remove semicolon at the end of ima_get_binary_runtime_size() by Roberto Sassu · 4 years, 4 months ago
  88. 60386b8 ima: Don't ignore errors from crypto_shash_update() by Roberto Sassu · 4 years, 4 months ago
  89. f60c826 ima: Use kmemdup rather than kmalloc+memcpy by Alex Dewar · 4 years, 4 months ago
  90. 322dd63 Smack: Use the netlabel cache by Casey Schaufler · 4 years, 5 months ago
  91. a2af031 Smack: Set socket labels only once by Casey Schaufler · 4 years, 5 months ago
  92. 36be812 Smack: Consolidate uses of secmark into a function by Casey Schaufler · 4 years, 5 months ago
  93. e8ba53d0 selinux: access policycaps with READ_ONCE/WRITE_ONCE by Stephen Smalley · 4 years, 4 months ago
  94. 8c2f516 integrity: include keyring name for unknown key request by Bruno Meneguele · 4 years, 4 months ago
  95. e4d7e2d ima: limit secure boot feedback scope for appraise by Bruno Meneguele · 4 years, 4 months ago
  96. 7fe2bb7 integrity: invalid kernel parameters feedback by Bruno Meneguele · 4 years, 4 months ago
  97. 4afb28a ima: add check for enforced appraise option by Bruno Meneguele · 4 years, 4 months ago
  98. 44a8c4f Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net by Jakub Kicinski · 4 years, 4 months ago
  99. e44f128 integrity: Use current_uid() in integrity_audit_message() by Denis Efremov · 4 years, 4 months ago
  100. 48ce1dd ima: Fail rule parsing when asymmetric key measurement isn't supportable by Tyler Hicks · 4 years, 5 months ago