- 56305aa exec: Compute file based creds only once by Eric W. Biederman · 4 years, 7 months ago
- a786832 exec: Add a per bprm->file version of per_clear by Eric W. Biederman · 4 years, 7 months ago
- e32f887 Merge commit a4ae32c71fe9 ("exec: Always set cap_ambient in cap_bprm_set_creds") by Eric W. Biederman · 4 years, 7 months ago
- a4ae32c exec: Always set cap_ambient in cap_bprm_set_creds by Eric W. Biederman · 4 years, 7 months ago
- 112b714 exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds by Eric W. Biederman · 4 years, 8 months ago
- 9d22167 Merge branch 'next-lsm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 5 years ago
- c5eaab1 security/commoncap: Use xattr security prefix len by Carmeli Tamir · 5 years ago
- d1c5947 security: Make capability_hooks static by YueHaibing · 6 years ago
- 2874c5f treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 by Thomas Gleixner · 6 years ago
- be37f21 Merge tag 'audit-pr-20190305' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit by Linus Torvalds · 6 years ago
- e88ed48 LSM: Update function documentation for cap_capable by Micah Morton · 6 years ago
- 2fec30e audit: add support for fcaps v3 by Richard Guy Briggs · 6 years ago
- c1a85a0 LSM: generalize flag passing to security_capable by Micah Morton · 6 years ago
- d117a15 capability: Initialize as LSM_ORDER_FIRST by Kees Cook · 6 years ago
- 876979c security: audit and remove any unnecessary uses of module.h by Paul Gortmaker · 6 years ago
- e42f6f9 Merge tag 'v4.19-rc2' into next-general by James Morris · 6 years ago
- 4408e300a security/capabilities: remove check for -EINVAL by Christian Brauner · 6 years ago
- 355139a cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() by Eddie.Horng · 6 years ago
- b1d749c5 capabilities: Allow privileged user in s_user_ns to set security.* xattrs by Eric W. Biederman · 8 years ago
- 1f57817 commoncap: Handle memory allocation failure. by Tetsuo Handa · 7 years ago
- dc32b5c capabilities: fix buffer overread on very short xattr by Eric Biggers · 7 years ago
- 55b3a0c Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 7 years ago
- dbbbe11 capabilities: audit log other surprising conditions by Richard Guy Briggs · 7 years ago
- 588fb2c capabilities: fix logic for effective root or real root by Richard Guy Briggs · 7 years ago
- c0d1ade capabilities: invert logic for clarity by Richard Guy Briggs · 7 years ago
- 02ebbaf capabilities: remove a layer of conditional logic by Richard Guy Briggs · 7 years ago
- 9fbc2c7 capabilities: move audit log decision to function by Richard Guy Briggs · 7 years ago
- 81a6a01 capabilities: use intuitive names for id changes by Richard Guy Briggs · 7 years ago
- 9304b46 capabilities: use root_priveleged inline to clarify logic by Richard Guy Briggs · 7 years ago
- fc7eadf capabilities: rename has_cap to has_fcap by Richard Guy Briggs · 7 years ago
- 4c7e715 capabilities: intuitive names for cap gain status by Richard Guy Briggs · 7 years ago
- db1a892 capabilities: factor out cap_bprm_set_creds privileged root by Richard Guy Briggs · 7 years ago
- 76ba89c7 commoncap: move assignment of fs_ns to avoid null pointer dereference by Colin Ian King · 7 years ago
- a302824 Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 7 years ago
- ab5348c security: fix description of values returned by cap_inode_need_killpriv by Stefan Berger · 7 years ago
- dd198ce Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace by Linus Torvalds · 7 years ago
- 8db6c34 Introduce v3 namespaced file capabilities by Serge E. Hallyn · 8 years ago
- ee67ae7 commoncap: Move cap_elevated calculation into bprm_set_creds by Kees Cook · 7 years ago
- 46d98eb commoncap: Refactor to remove bprm_secureexec hook by Kees Cook · 7 years ago
- 64db4c7 security: Use user_namespace::level to avoid redundant iterations in cap_capable() by Kirill Tkhai · 8 years ago
- ca97d93 security: mark LSM hooks as __ro_after_init by James Morris · 8 years ago
- f1ef09f Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace by Linus Torvalds · 8 years ago
- 9227dd2 exec: Remove LSM_UNSAFE_PTRACE_CAP by Eric W. Biederman · 8 years ago
- 2052313 exec: Test the ptracer's saved cred to see if the tracee can gain caps by Eric W. Biederman · 8 years ago
- 7016942 exec: Don't reset euid and egid when the tracee has CAP_SETUID by Eric W. Biederman · 8 years ago
- d69dece5 LSM: Add /sys/kernel/security/lsm by Casey Schaufler · 8 years ago
- 5d6c319 xattr: Add __vfs_{get,set,remove}xattr helpers by Andreas Gruenbacher · 8 years ago
- 380cf5b fs: Treat foreign mounts as nosuid by Andy Lutomirski · 9 years ago
- d07b846 fs: Limit file caps to the user namespace of the super block by Seth Forshee · 9 years ago
- 7f427d3 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs by Linus Torvalds · 9 years ago
- 457db29 security: Introduce security_settime64() by Baolin Wang · 9 years ago
- ce23e64 ->getxattr(): pass dentry and inode as separate arguments by Al Viro · 9 years ago
- caaee62 ptrace: use fsuid, fsgid, effective creds for fs access checks by Jann Horn · 9 years ago
- 746bf6d capabilities: add a securebit to disable PR_CAP_AMBIENT_RAISE by Andy Lutomirski · 9 years ago
- 5831905 capabilities: ambient capabilities by Andy Lutomirski · 9 years ago
- b1d9e6b LSM: Switch to lists of hooks by Casey Schaufler · 10 years ago
- c6f493d VFS: security/: d_backing_inode() annotations by David Howells · 10 years ago
- f4a4a8b file->f_path.dentry is pinned down for as long as the file is open... by Al Viro · 10 years ago
- b583043 kill f_dentry uses by Al Viro · 10 years ago
- 7d8b6c6 CAPABILITIES: remove undefined caps from all processes by Eric Paris · 10 years ago
- 6d6f332 commoncap: don't alloc the credential unless needed in cap_task_prctl by Tetsuo Handa · 10 years ago
- f54fb86 capabilities: allow nice if we are privileged by Serge Hallyn · 11 years ago
- 160da84 userns: Allow PR_CAPBSET_DROP in a user namespace. by Eric W. Biederman · 12 years ago
- 182be68 kill f_vfsmnt by Al Viro · 12 years ago
- 520d9ea Fix cap_capable to only allow owners in the parent user namespace to have caps. by Eric W. Biederman · 12 years ago
- e546785 split ->file_mmap() into ->mmap_addr()/->mmap_file() by Al Viro · 13 years ago
- d007794 split cap_mmap_addr() out of cap_file_mmap() by Al Viro · 13 years ago
- 644473e Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace by Linus Torvalds · 13 years ago
- 898bfc1 Merge tag 'v3.4-rc5' into next by James Morris · 13 years ago
- 18815a1 userns: Convert capabilities related permsion checks by Eric W. Biederman · 13 years ago
- 078de5f userns: Store uid and gid values in struct cred with kuid_t and kgid_t types by Eric W. Biederman · 13 years ago
- 783291e userns: Simplify the user_namespace by making userns->creator a kuid. by Eric W. Biederman · 13 years ago
- 51b79be security: fix compile error in commoncap.c by Jonghwan Choi · 13 years ago
- d52fc5d fcaps: clear the same personality flags as suid when fcaps are used by Eric Paris · 13 years ago
- 259e5e6 Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs by Andy Lutomirski · 13 years ago
- aeb3ae9 userns: Add an explicit reference to the parent user namespace by Eric W. Biederman · 13 years ago
- c4a4d60 userns: Use cred->user_ns instead of cred->user->user_ns by Eric W. Biederman · 13 years ago
- 4040153 security: trim security.h by Al Viro · 13 years ago
- c49c41a Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security by Linus Torvalds · 13 years ago
- fd77846 security: remove the security_netlink_recv hook as it is equivalent to capable() by Eric Paris · 13 years ago
- 6a9de49 capabilities: remove the task from capable LSM hook entirely by Eric Paris · 13 years ago
- 7d8db18 capabilities: initialize has_cap by Serge Hallyn · 13 years ago
- 4d49f67 capabilities: do not grant full privs for setuid w/ file caps + no effective caps by Zhi Li · 13 years ago
- 4bf2ea7 capabilities: do not special case exec of init by Eric Paris · 14 years ago
- 8409cca userns: allow ptrace from non-init user namespaces by Serge E. Hallyn · 14 years ago
- 3486740 userns: security: make capabilities relative to the user namespace by Serge E. Hallyn · 14 years ago
- 7a63628 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 by Linus Torvalds · 14 years ago
- 01a16b2 netlink: kill eff_cap from struct netlink_skb_parms by Patrick McHardy · 14 years ago
- 1e6d767 time: Correct the *settime* parameters by Richard Cochran · 14 years ago
- 12b3052 capabilities/syslog: open code cap_syslog logic to fix build failure by Eric Paris · 14 years ago
- eaf06b2 Restrict unprivileged access to kernel syslog by Dan Rosenberg · 14 years ago
- b0ae198 security: remove unused parameter from security_task_setscheduler() by KOSAKI Motohiro · 14 years ago
- d762746 Make do_execve() take a const filename pointer by David Howells · 14 years ago
- c5b60b5 security: whitespace coding style fixes by Justin P. Mattock · 15 years ago
- 6f262d8 Security: Fix the comment of cap_file_mmap() by wzt.wzt@gmail.com · 15 years ago
- f40a708 syslog: clean up needless comment by Kees Cook · 15 years ago
- d78ca3c syslog: use defined constants instead of raw numbers by Kees Cook · 15 years ago
- 0023459 syslog: distinguish between /proc/kmsg and syscalls by Kees Cook · 15 years ago
- b3a222e remove CONFIG_SECURITY_FILE_CAPABILITIES compile option by Serge E. Hallyn · 15 years ago
- 3e1c251 security: remove root_plug by James Morris · 15 years ago