linux-stable-mirror/security at c56f649646ecec3dd1a2e400e6e5ec83439d940f - linux-stable-mirror - Gitea: Git with a cup of tea

dummy/linux-stable-mirror

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ synced 2025-04-19 20:58:31 +09:00

History

Mickaël Salaün c56f649646

landlock: Log mount-related denials

Add audit support for sb_mount, move_mount, sb_umount, sb_remount, and
sb_pivot_root hooks.

The new related blocker is "fs.change_topology".

Audit event sample:

  type=LANDLOCK_DENY msg=audit(1729738800.349:44): domain=195ba459b blockers=fs.change_topology name="/" dev="tmpfs" ino=1

Remove landlock_get_applicable_domain() and get_current_fs_domain()
which are now fully replaced with landlock_get_applicable_subject().

Cc: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20250320190717.2287696-12-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>

2025-03-26 13:59:39 +01:00

..

treewide: const qualify ctl_tables where applicable

2025-01-28 13:48:37 +01:00

bpf: lsm: Remove hook to bpf_task_storage_free

2024-12-16 12:32:31 -08:00

ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr

2025-02-04 21:36:43 -05:00

ipe: fallback to platform keyring also if key in trusted keyring is rejected

2024-10-18 12:14:53 -07:00

treewide: const qualify ctl_tables where applicable

2025-01-28 13:48:37 +01:00

landlock: Log mount-related denials

2025-03-26 13:59:39 +01:00

fdget(), more trivial conversions

2024-11-03 01:28:06 -05:00

lockdown: initialize local array before use to quiet static analysis

2025-01-05 12:48:43 -05:00

safesetid: check size of policy writes

2025-01-04 22:46:09 -05:00

\n

2025-01-23 13:36:06 -08:00

lsm/stable-6.14 PR 20250121

2025-01-21 20:03:04 -08:00

tomoyo: use better patterns for procfs in learning mode

2025-01-31 00:27:44 +09:00

treewide: const qualify ctl_tables where applicable

2025-01-28 13:48:37 +01:00

commoncap.c

capabilities patches for 6.14-rc1

2025-01-23 08:00:16 -08:00

device_cgroup.c

device_cgroup: Fix kernel-doc warnings in device_cgroup

2023-06-21 09:30:49 -04:00

inode.c

lsm: Use IS_ERR_OR_NULL() helper function

2024-08-29 11:12:13 -04:00

Kconfig

lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set

2025-01-04 11:50:44 -05:00

Kconfig.hardening

hardening: Document INIT_STACK_ALL_PATTERN behavior with GCC

2025-01-08 14:17:33 -08:00

lsm_audit.c

lsm: Add audit_log_lsm_data() helper

2025-03-26 13:59:33 +01:00

lsm_syscalls.c

lsm: use 32-bit compatible data types in LSM syscalls

2024-03-14 11:31:26 -04:00

Makefile

lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set

2025-01-04 11:50:44 -05:00

min_addr.c

sysctl: treewide: constify the ctl_table argument of proc_handlers

2024-07-24 20:59:29 +02:00

security.c

AT_EXECVE_CHECK introduction for v6.14-rc1

2025-01-22 20:34:42 -08:00