torvalds/linux
3
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-04-08 23:49:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ae2483a26017d24f505caa87935fb8f17117bbfa
linux/security
History
Mickaël Salaün ae2483a260 landlock: Prepare to use credential instead of domain for filesystem 
This cosmetic change is needed for audit support, specifically to be
able to filter according to cross-execution boundaries.

Add landlock_get_applicable_subject(), mainly a copy of
landlock_get_applicable_domain(), which will fully replace it in a
following commit.

Optimize current_check_access_path() to only handle the access request.

Partially replace get_current_fs_domain() with explicit calls to
landlock_get_applicable_subject().  The remaining ones will follow with
more changes.

Remove explicit domain->num_layers check which is now part of the
landlock_get_applicable_subject() call.

Cc: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20250320190717.2287696-5-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
2025-03-26 13:59:35 +01:00
..
apparmor
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
bpf
bpf: lsm: Remove hook to bpf_task_storage_free
2024-12-16 12:32:31 -08:00
integrity
ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr
2025-02-04 21:36:43 -05:00
ipe
ipe: fallback to platform keyring also if key in trusted keyring is rejected
2024-10-18 12:14:53 -07:00
keys
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
landlock
landlock: Prepare to use credential instead of domain for filesystem
2025-03-26 13:59:35 +01:00
loadpin
fdget(), more trivial conversions
2024-11-03 01:28:06 -05:00
lockdown
lockdown: initialize local array before use to quiet static analysis
2025-01-05 12:48:43 -05:00
safesetid
safesetid: check size of policy writes
2025-01-04 22:46:09 -05:00
selinux
Merge tag 'fsnotify_hsm_for_v6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2025-01-23 13:36:06 -08:00
smack
Merge tag 'lsm-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm
2025-01-21 20:03:04 -08:00
tomoyo
tomoyo: use better patterns for procfs in learning mode
2025-01-31 00:27:44 +09:00
yama
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
commoncap.c
Merge tag 'caps-6.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux
2025-01-23 08:00:16 -08:00
device_cgroup.c
device_cgroup: Fix kernel-doc warnings in device_cgroup
2023-06-21 09:30:49 -04:00
inode.c
lsm: Use IS_ERR_OR_NULL() helper function
2024-08-29 11:12:13 -04:00
Kconfig
lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set
2025-01-04 11:50:44 -05:00
Kconfig.hardening
hardening: Document INIT_STACK_ALL_PATTERN behavior with GCC
2025-01-08 14:17:33 -08:00
lsm_audit.c
lsm: Add audit_log_lsm_data() helper
2025-03-26 13:59:33 +01:00
lsm_syscalls.c
lsm: use 32-bit compatible data types in LSM syscalls
2024-03-14 11:31:26 -04:00
Makefile
lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set
2025-01-04 11:50:44 -05:00
min_addr.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
security.c
Merge tag 'AT_EXECVE_CHECK-v6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2025-01-22 20:34:42 -08:00