archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 05:04:51 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/security
History
Linus Torvalds c22e26bd09 Landlock update for v7.0-rc1 
-----BEGIN PGP SIGNATURE-----
 
 iIYEABYKAC4WIQSVyBthFV4iTW/VU1/l49DojIL20gUCaYyMphAcbWljQGRpZ2lr
 b2QubmV0AAoJEOXj0OiMgvbS5/gBAJIeIF/mLZQZ2HK/W58PzJGyXQDplgnTYWp2
 XnMIY/26AQCVYeEh0GFEe5oX7644bsyvJocXPrIkmJGrsit/VHuRAQ==
 =iG0O
 -----END PGP SIGNATURE-----

Merge tag 'landlock-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux

Pull landlock updates from Mickaël Salaün:

 - extend Landlock to enforce restrictions on a whole process, similarly
   to the seccomp's TSYNC flag

 - refactor data structures to simplify code and improve performance

 - add documentation to cover missing parts

* tag 'landlock-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
  mailmap: Add entry for Mickaël Salaün
  landlock: Transpose the layer masks data structure
  landlock: Add access_mask_subset() helper
  selftests/landlock: Add filesystem access benchmark
  landlock: Document audit blocker field format
  landlock: Add errata documentation section
  landlock: Add backwards compatibility for restrict flags
  landlock: Refactor TCP socket type check
  landlock: Minor reword of docs for TCP access rights
  landlock: Document LANDLOCK_RESTRICT_SELF_TSYNC
  selftests/landlock: Add LANDLOCK_RESTRICT_SELF_TSYNC tests
  landlock: Multithreading support for landlock_restrict_self()
2026-02-11 15:57:08 -08:00
..
apparmor Some filesystems use a kinda-sorta controlled dentry refcount leak to pin 2025-12-05 14:36:21 -08:00
bpf lsm: replace the name field with a pointer to the lsm_id struct 2025-10-22 19:24:18 -04:00
integrity integrity-v7.0 2026-02-11 15:53:00 -08:00
ipe ipe/stable-6.19 PR 20251202 2025-12-03 11:19:34 -08:00
keys powerpc updates for 7.0 2026-02-10 21:46:12 -08:00
landlock landlock: Transpose the layer masks data structure 2026-02-10 16:46:50 +01:00
loadpin loadpin: move initcalls to the LSM framework 2025-10-22 19:24:25 -04:00
lockdown lockdown: move initcalls to the LSM framework 2025-10-22 19:24:27 -04:00
safesetid safesetid: move initcalls to the LSM framework 2025-10-22 19:24:26 -04:00
selinux selinux: drop the BUG() in cred_has_capability() 2026-01-14 16:26:21 -05:00
smack smack: /smack/doi: accept previously used values 2025-12-30 12:17:15 -08:00
tomoyo tomoyo: Use scoped init guard 2026-01-28 20:45:25 +01:00
yama lsm: replace the name field with a pointer to the lsm_id struct 2025-10-22 19:24:18 -04:00
commoncap.c Capabilities patch for v6.19 2025-12-04 20:10:28 -08:00
device_cgroup.c device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpers 2025-11-11 19:47:24 -05:00
inode.c Some filesystems use a kinda-sorta controlled dentry refcount leak to pin 2025-12-05 14:36:21 -08:00
Kconfig lsm: CONFIG_LSM can depend on CONFIG_SECURITY 2025-09-11 16:32:04 -04:00
Kconfig.hardening rust: add bitmap API. 2025-09-22 15:52:44 -04:00
lsm.h lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
lsm_audit.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
lsm_init.c lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
lsm_notifier.c lsm: split the notifier code out into lsm_notifier.c 2025-10-22 19:24:15 -04:00
lsm_syscalls.c lsm: rework lsm_active_cnt and lsm_idlist[] 2025-10-22 19:24:19 -04:00
Makefile lsm: split the init code out into lsm_init.c 2025-10-22 19:24:16 -04:00
min_addr.c lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY 2026-01-29 13:56:53 -05:00
security.c lsm: make keys for static branch static 2026-01-06 20:57:55 -05:00