Patch Series

Subject SELinux namespace support
Author stephen.smalley.work@gmail.com
Date 2025-08-14 13:25:52 +0000 UTC
Version
Cc horms@kernel.org netdev@vger.kernel.org omosnace@redhat.com paul@paul-moore.com selinux@vger.kernel.org stephen.smalley.work@gmail.com

Patches (42)

Name Content [All]
[PATCH v7 01/42] selinux: restore passing of selinux_state [Body]
[PATCH v7 02/42] selinux: introduce current_selinux_state [Body]
[PATCH v7 03/42] selinux: support multiple selinuxfs instances [Body]
[PATCH v7 04/42] selinux: dynamically allocate selinux namespace [Body]
[PATCH v7 05/42] netstate,selinux: create the selinux netlink socket per network namespace [Body]
[PATCH v7 06/42] selinux: limit selinux netlink notifications to init namespace [Body]
[PATCH v7 07/42] selinux: support per-task/cred selinux namespace [Body]
[PATCH v7 08/42] selinux: introduce cred_selinux_state() and use it [Body]
[PATCH v7 09/42] selinux: init inode from nearest initialized namespace [Body]
[PATCH v7 10/42] selinux: add a selinuxfs interface to unshare selinux namespace [Body]
[PATCH v7 11/42] selinux: add limits for SELinux namespaces [Body]
[PATCH v7 12/42] selinux: exempt creation of init SELinux namespace from limits [Body]
[PATCH v7 13/42] selinux: refactor selinux_state_create() [Body]
[PATCH v7 14/42] selinux: allow userspace to detect non-init SELinux namespace [Body]
[PATCH v7 15/42] selinuxfs: restrict write operations to the same selinux namespace [Body]
[PATCH v7 16/42] selinux: introduce a global SID table [Body]
[PATCH v7 17/42] selinux: wrap security server interfaces to use the global SID table [Body]
[PATCH v7 18/42] selinux: introduce a Kconfig option for SELinux namespaces [Body]
[PATCH v7 19/42] selinux: eliminate global SID table if !CONFIG_SECURITY_SELINUX_NS [Body]
[PATCH v7 20/42] selinux: maintain a small cache in the global SID table [Body]
[PATCH v7 21/42] selinux: update hook functions to use correct selinux namespace [Body]
[PATCH v7 22/42] selinux: introduce cred_task_has_perm() [Body]
[PATCH v7 23/42] selinux: introduce cred_has_extended_perms() [Body]
[PATCH v7 24/42] selinux: introduce cred_self_has_perm() [Body]
[PATCH v7 25/42] selinux: introduce cred_has_perm() [Body]
[PATCH v7 26/42] selinux: introduce cred_ssid_has_perm() and cred_other_has_perm() [Body]
[PATCH v7 27/42] selinux: introduce task_obj_has_perm() [Body]
[PATCH v7 28/42] selinux: update bprm hooks for selinux namespaces [Body]
[PATCH v7 29/42] selinux: add kerneldoc to new permission checking functions [Body]
[PATCH v7 30/42] selinux: convert selinux_file_send_sigiotask() to namespace-aware helper [Body]
[PATCH v7 31/42] selinux: rename cred_has_perm*() to cred_tsid_has_perm*() [Body]
[PATCH v7 32/42] selinux: update cred_tsid_has_perm_noaudit() to return the combined avd [Body]
[PATCH v7 33/42] selinux: convert additional checks to cred_ssid_has_perm() [Body]
[PATCH v7 34/42] selinux: introduce selinux_state_has_perm() [Body]
[PATCH v7 35/42] selinux: annotate selinuxfs permission checks [Body]
[PATCH v7 36/42] selinux: annotate process transition permission checks [Body]
[PATCH v7 37/42] selinux: convert xfrm and netlabel permission checks [Body]
[PATCH v7 38/42] selinux: switch selinux_lsm_setattr() checks to current namespace [Body]
[PATCH v7 39/42] selinux: make open_perms namespace-aware [Body]
[PATCH v7 40/42] selinux: split cred_ssid_has_perm() into two cases [Body]
[PATCH v7 41/42] selinux: convert nlmsg_sock_has_extended_perms() to namespace-aware [Body]
[PATCH v7 42/42] selinux: disallow writes to /sys/fs/selinux/user in non-init namespaces [Body]
Session 2025-08-14
ID (for dev) bfcfbf54-9d88-454a-a820-48656f60321e
Status skipped
Triaged Skipped: failed to find a base commit: series does not apply [Log]
Execution Log [Link]
Test Base Patched Verdict