summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2008-04-12LSM: Make the Labeled IPsec hooks more stack friendlyPaul Moore4-45/+42
2008-04-12NetLabel: Allow passing the LSM domain as a shared pointerPaul Moore2-2/+2
2008-04-10SELinux: don't BUG if fs reuses a superblockEric Paris1-4/+4
2008-04-08SELinux: more GFP_NOFS fixups to prevent selinux from re-entering the fs codeStephen Smalley3-9/+13
2008-04-04selinux: prevent rentry into the FSJosef Bacik1-2/+2
2008-04-03Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/...David S. Miller5-83/+16
2008-04-02selinux: handle files opened with flags 3 by checking ioctl permissionStephen Smalley1-0/+6
2008-03-26[NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS.YOSHIFUJI Hideaki1-1/+1
2008-03-24smackfs: remove redundant lock, fix open(,O_RDWR)Ahmed S. Darwish1-33/+2
2008-03-20file capabilities: remove cap_task_kill()Serge Hallyn3-46/+0
2008-03-19smack: do not dereference NULL ipc objectAhmed S. Darwish1-3/+6
2008-03-18make selinux_parse_opts_str() staticAdrian Bunk1-1/+2
2008-03-13smackfs: do not trust `count' in inodes write()sAhmed S. Darwish2-19/+20
2008-03-06LSM/SELinux: Interfaces to allow FS to control mount optionsEric Paris5-107/+128
2008-02-23Smack: update for file capabilitiesCasey Schaufler1-13/+74
2008-02-23file capabilities: simplify signal checkSerge E. Hallyn1-1/+1
2008-02-19Smack: unlabeled outgoing ambient packetsCasey Schaufler2-23/+74
2008-02-14d_path: Use struct path in struct avc_audit_dataJan Blunck3-25/+24
2008-02-14Embed a struct path into struct nameidata instead of nd->{dentry,mnt}Jan Blunck2-3/+3
2008-02-13Smack: check for 'struct socket' with NULL skAhmed S. Darwish1-4/+5
2008-02-11selinux: support 64-bit capabilitiesStephen Smalley5-2/+27
2008-02-07Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p)David Howells4-4/+4
2008-02-06SELinux: Remove security_get_policycaps()Paul Moore2-34/+0
2008-02-06security: allow Kconfig to set default mmap_min_addr protectionEric Paris2-1/+21
2008-02-05Smack: Simplified Mandatory Access Control KernelCasey Schaufler8-0/+4095
2008-02-05capabilities: introduce per-process capability bounding setSerge E. Hallyn1-17/+27
2008-02-05Add 64-bit capability support to the kernelAndrew Morgan2-36/+68
2008-02-05revert "capabilities: clean up file capability reading"Andrew Morton1-15/+8
2008-02-05VFS/Security: Rework inode_getsecurity and callers to return resulting bufferDavid P. Quigley3-31/+18
2008-02-01[AUDIT] add session id to audit messagesEric Paris2-9/+13
2008-02-01[PATCH] switch audit_get_loginuid() to task_struct *Al Viro2-4/+4
2008-01-31[SELinux]: Fix double free in selinux_netlbl_sock_setsid()Paul Moore1-1/+0
2008-01-30security: compile capabilities by defaultsergeh@us.ibm.com1-0/+1
2008-01-30selinux: make selinux_set_mnt_opts() staticAdrian Bunk1-2/+2
2008-01-30SELinux: Add warning messages on network denial due to errorPaul Moore3-8/+40
2008-01-30SELinux: Add network ingress and egress control permission checksPaul Moore1-122/+280
2008-01-30SELinux: Allow NetLabel to directly cache SIDsPaul Moore5-134/+55
2008-01-30SELinux: Enable dynamic enable/disable of the network access checksPaul Moore4-13/+83
2008-01-30SELinux: Better integration between peer labeling subsystemsPaul Moore6-100/+208
2008-01-30SELinux: Add a new peer class and permissions to the Flask definitionsPaul Moore4-0/+26
2008-01-30SELinux: Add a capabilities bitmap to SELinux policy version 22Paul Moore6-8/+185
2008-01-30SELinux: Add a network node caching mechanism similar to the sel_netif_*() fu...Paul Moore5-17/+416
2008-01-30SELinux: Only store the network interface's ifindexPaul Moore3-6/+15
2008-01-30SELinux: Convert the netif code to use ifindex valuesPaul Moore6-125/+155
2008-01-30NetLabel: Add IP address family information to the netlbl_skbuff_getattr() fu...Paul Moore3-15/+38
2008-01-30NetLabel: Add secid token support to the NetLabel secattr structPaul Moore2-6/+9
2008-01-28[NETFILTER]: Introduce NF_INET_ hook valuesPatrick McHardy1-2/+2
2008-01-26selinux: fix labeling of /proc/net inodesStephen Smalley1-0/+3
2008-01-25Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds8-277/+564
2008-01-24Kobject: convert remaining kobject_unregister() to kobject_put()Greg Kroah-Hartman1-1/+1