summaryrefslogtreecommitdiffstats
Commit message (Expand)AuthorAgeFilesLines
* netlabel: Implement CALIPSO config functions for SMACK.Huw Davies2016-06-274-0/+238
* calipso: Add a label cache.Huw Davies2016-06-278-12/+360
* calipso: Add validation of CALIPSO option.Huw Davies2016-06-273-0/+74
* netlabel: Pass a family parameter to netlbl_skbuff_err().Huw Davies2016-06-276-12/+19
* calipso: Allow the lsm to label the skbuff directly.Huw Davies2016-06-276-4/+308
* ipv6: constify the skb pointer of ipv6_find_tlv().Huw Davies2016-06-272-2/+2
* calipso: Allow request sockets to be relabelled by the lsm.Huw Davies2016-06-276-8/+163
* ipv6: Allow request socks to contain IPv6 options.Huw Davies2016-06-274-7/+27
* netlabel: Prevent setsockopt() from changing the hop-by-hop option.Huw Davies2016-06-271-1/+16
* calipso: Set the calipso socket label to match the secattr.Huw Davies2016-06-2710-10/+728
* netlabel: Move bitmap manipulation functions to the NetLabel core.Huw Davies2016-06-273-79/+85
* ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.Huw Davies2016-06-272-0/+55
* netlabel: Add support for removing a CALIPSO DOI.Huw Davies2016-06-274-0/+150
* netlabel: Add support for creating a CALIPSO protocol domain mapping.Huw Davies2016-06-274-5/+89
* netlabel: Add support for enumerating the CALIPSO DOI list.Huw Davies2016-06-274-0/+165
* netlabel: Add support for querying a CALIPSO DOI.Huw Davies2016-06-274-0/+193
* netlabel: Initial support for the CALIPSO netlink protocol.Huw Davies2016-06-2712-2/+604
* netlabel: Add an address family to domain hash entries.Huw Davies2016-06-276-58/+192
* netlabel: Mark rcu pointers with __rcu.Huw Davies2016-06-272-4/+4
* selinux: fix type mismatchHeinrich Schuchardt2016-06-151-1/+1
* netlabel: handle sparse category maps in netlbl_catmap_getlong()Paul Moore2016-06-091-5/+4
* selinux: import NetLabel category bitmaps correctlyPaul Moore2016-06-091-1/+1
* iucv: properly clone LSM attributes to newly created child socketsPaul Moore2016-06-071-1/+4
* netlabel: add address family checks to netlbl_{sock,req}_delattr()Paul Moore2016-06-061-2/+10
* selinux: Only apply bounds checking to source typesStephen Smalley2016-05-311-48/+22
* LSM: LoadPin: provide enablement CONFIGKees Cook2016-05-172-6/+15
* Merge branch 'stable-4.7' of git://git.infradead.org/users/pcmoore/selinux in...James Morris2016-05-066-61/+128
|\
| * selinux: apply execstack check on thread stacksStephen Smalley2016-04-261-2/+3
| * selinux: distinguish non-init user namespace capability checksStephen Smalley2016-04-262-17/+25
| * selinux: check ss_initialized before revalidating an inode labelPaul Moore2016-04-191-1/+1
| * selinux: delay inode label lookup as long as possiblePaul Moore2016-04-191-8/+13
| * selinux: don't revalidate an inode's label when explicitly setting itPaul Moore2016-04-191-2/+11
| * selinux: Change bool variable name to index.Prarit Bhargava2016-04-142-4/+4
| * selinux: restrict kernel module loadingJeff Vander Stoep2016-04-052-1/+48
| * selinux: consolidate the ptrace parent lookup codePaul Moore2016-04-051-21/+17
| * selinux: simply inode label states to INVALID and INITIALIZEDPaul Moore2016-04-052-4/+3
| * selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram()Paul Moore2016-04-051-3/+5
| * netlabel: fix a problem with netlbl_secattr_catmap_setrng()Janak Desai2016-04-051-1/+1
* | Merge tag 'keys-next-20160505' of git://git.kernel.org/pub/scm/linux/kernel/g...James Morris2016-05-0656-717/+1341
|\ \
| * \ Merge branch 'keys-trust' into keys-nextDavid Howells2016-05-0441-517/+673
| |\ \
| | * | IMA: Use the the system trusted keyrings instead of .ima_mokDavid Howells2016-04-115-64/+34
| | * | certs: Add a secondary system keyring that can be added to dynamicallyDavid Howells2016-04-113-16/+88
| | * | KEYS: Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTEDDavid Howells2016-04-117-59/+9
| | * | KEYS: Move the point of trust determination to __key_link()David Howells2016-04-119-76/+100
| | * | KEYS: Make the system trusted keyring depend on the asymmetric key typeDavid Howells2016-04-112-1/+2
| | * | X.509: Move the trust validation code out to its own fileDavid Howells2016-04-114-80/+116
| | * | X.509: Use verify_signature() if we have a struct key * to useDavid Howells2016-04-111-2/+1
| | * | KEYS: Generalise x509_request_asymmetric_key()David Howells2016-04-115-39/+37
| | * | KEYS: Move x509_request_asymmetric_key() to asymmetric_type.cDavid Howells2016-04-114-95/+94
| | * | KEYS: Add a facility to restrict new links into a keyringDavid Howells2016-04-1115-52/+198
OpenPOWER on IntegriCloud