github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
b8f82cb0d8
linux/security
History
Linus Torvalds b8f82cb0d8 Landlock update for v7.1-rc1 
-----BEGIN PGP SIGNATURE-----
 
 iIYEABYKAC4WIQSVyBthFV4iTW/VU1/l49DojIL20gUCadfgCxAcbWljQGRpZ2lr
 b2QubmV0AAoJEOXj0OiMgvbSl5cA/0QZjJ+4V2DVzJQM5qzmNK9He9uYaOs7F2Ks
 xRvg7IebAPwMEcVY+CVQxD+YGj08UgM753yx4CRbhsu4k5mowEEJDQ==
 =Lz9R
 -----END PGP SIGNATURE-----

Merge tag 'landlock-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux

Pull Landlock update from Mickaël Salaün:
 "This adds a new Landlock access right for pathname UNIX domain sockets
  thanks to a new LSM hook, and a few fixes"

* tag 'landlock-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux: (23 commits)
  landlock: Document fallocate(2) as another truncation corner case
  landlock: Document FS access right for pathname UNIX sockets
  selftests/landlock: Simplify ruleset creation and enforcement in fs_test
  selftests/landlock: Check that coredump sockets stay unrestricted
  selftests/landlock: Audit test for LANDLOCK_ACCESS_FS_RESOLVE_UNIX
  selftests/landlock: Test LANDLOCK_ACCESS_FS_RESOLVE_UNIX
  selftests/landlock: Replace access_fs_16 with ACCESS_ALL in fs_test
  samples/landlock: Add support for named UNIX domain socket restrictions
  landlock: Clarify BUILD_BUG_ON check in scoping logic
  landlock: Control pathname UNIX domain socket resolution by path
  landlock: Use mem_is_zero() in is_layer_masks_allowed()
  lsm: Add LSM hook security_unix_find
  landlock: Fix kernel-doc warning for pointer-to-array parameters
  landlock: Fix formatting in tsync.c
  landlock: Improve kernel-doc "Return:" section consistency
  landlock: Add missing kernel-doc "Return:" sections
  selftests/landlock: Fix format warning for __u64 in net_test
  selftests/landlock: Skip stale records in audit_match_record()
  selftests/landlock: Drain stale audit records on init
  selftests/landlock: Fix socket file descriptor leaks in audit helpers
  ...
2026-04-13 15:42:19 -07:00
..
apparmor vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
bpf lsm: replace the name field with a pointer to the lsm_id struct 2025-10-22 19:24:18 -04:00
integrity EVM: add comment describing why ino field is still unsigned long 2026-03-17 15:38:49 +01:00
ipe treewide: change inode->i_ino from unsigned long to u64 2026-03-06 14:31:28 +01:00
keys Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
landlock landlock: Clarify BUILD_BUG_ON check in scoping logic 2026-04-07 18:51:07 +02:00
loadpin Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
lockdown lockdown: move initcalls to the LSM framework 2025-10-22 19:24:27 -04:00
safesetid Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
selinux selinux/stable-7.1 PR 20260410 2026-04-13 15:34:52 -07:00
smack treewide: change inode->i_ino from unsigned long to u64 2026-03-06 14:31:28 +01:00
tomoyo treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
yama Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
commoncap_test.c security: Add KUnit tests for kuid_root_in_ns and vfsuid_root_in_currentns 2026-01-09 11:28:28 -06:00
commoncap.c security: Add KUnit tests for kuid_root_in_ns and vfsuid_root_in_currentns 2026-01-09 11:28:28 -06:00
device_cgroup.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
inode.c securityfs: use kstrdup_const() to manage symlink targets 2026-03-17 17:13:36 -04:00
Kconfig proc: make PROC_MEM_FORCE_PTRACE the Kconfig default 2026-04-13 09:12:37 -07:00
Kconfig.hardening rust: add bitmap API. 2025-09-22 15:52:44 -04:00
lsm_audit.c treewide: change inode->i_ino from unsigned long to u64 2026-03-06 14:31:28 +01:00
lsm_init.c lsm: add backing_file LSM hooks 2026-04-03 16:53:50 -04:00
lsm_notifier.c lsm: split the notifier code out into lsm_notifier.c 2025-10-22 19:24:15 -04:00
lsm_syscalls.c lsm: rework lsm_active_cnt and lsm_idlist[] 2025-10-22 19:24:19 -04:00
lsm.h lsm: add backing_file LSM hooks 2026-04-03 16:53:50 -04:00
Makefile lsm: split the init code out into lsm_init.c 2025-10-22 19:24:16 -04:00
min_addr.c lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
security.c Landlock update for v7.1-rc1 2026-04-13 15:42:19 -07:00