<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-next.git/security, branch master</title>
<subtitle>Linux kernel latest source</subtitle>
<id>http://mirrors.hust.edu.cn/git/linux-next.git/atom?h=master</id>
<link rel='self' href='http://mirrors.hust.edu.cn/git/linux-next.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/'/>
<updated>2026-07-03T15:36:50+00:00</updated>
<entry>
<title>Merge branch 'next' of https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git</title>
<updated>2026-07-03T15:36:50+00:00</updated>
<author>
<name>Mark Brown</name>
<email>broonie@kernel.org</email>
</author>
<published>2026-07-03T15:36:50+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=81386b286ffded3a8ca5d55143d4f0e99169cfa8'/>
<id>urn:sha1:81386b286ffded3a8ca5d55143d4f0e99169cfa8</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Merge branch 'master' of git://git.code.sf.net/p/tomoyo/tomoyo.git</title>
<updated>2026-07-03T15:21:11+00:00</updated>
<author>
<name>Mark Brown</name>
<email>broonie@kernel.org</email>
</author>
<published>2026-07-03T15:21:11+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=e1c68a43919d23be3c16bd28e080b381f769eadf'/>
<id>urn:sha1:e1c68a43919d23be3c16bd28e080b381f769eadf</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Merge branch 'next' of https://github.com/cschaufler/smack-next</title>
<updated>2026-07-03T15:21:09+00:00</updated>
<author>
<name>Mark Brown</name>
<email>broonie@kernel.org</email>
</author>
<published>2026-07-03T15:21:09+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=586fdefdc281411252ac7266aa4aeb69dd300dd9'/>
<id>urn:sha1:586fdefdc281411252ac7266aa4aeb69dd300dd9</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Merge branch 'next' of https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git</title>
<updated>2026-07-03T15:21:06+00:00</updated>
<author>
<name>Mark Brown</name>
<email>broonie@kernel.org</email>
</author>
<published>2026-07-03T15:21:06+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=37f71c4f5c1c30edc4e587d2305c45878f472559'/>
<id>urn:sha1:37f71c4f5c1c30edc4e587d2305c45878f472559</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Merge branch 'apparmor-next' of https://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor</title>
<updated>2026-07-03T15:21:04+00:00</updated>
<author>
<name>Mark Brown</name>
<email>broonie@kernel.org</email>
</author>
<published>2026-07-03T15:21:04+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=46a4d1c0c08ce2fde17ead398c297d35254f0c07'/>
<id>urn:sha1:46a4d1c0c08ce2fde17ead398c297d35254f0c07</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Merge branch 'next' of https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git</title>
<updated>2026-07-03T15:21:03+00:00</updated>
<author>
<name>Mark Brown</name>
<email>broonie@kernel.org</email>
</author>
<published>2026-07-03T15:21:03+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=ec41272ccead3e90d8dd16f82dca7f561852b2f8'/>
<id>urn:sha1:ec41272ccead3e90d8dd16f82dca7f561852b2f8</id>
<content type='text'>
</content>
</entry>
<entry>
<title>lsm: clarify security_task_prctl() hook documentation</title>
<updated>2026-07-02T18:59:24+00:00</updated>
<author>
<name>Bill Roberts</name>
<email>bill.roberts@arm.com</email>
</author>
<published>2026-06-15T20:03:25+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=149b192e376d746bf7b8e1e02541c2256c3b17f0'/>
<id>urn:sha1:149b192e376d746bf7b8e1e02541c2256c3b17f0</id>
<content type='text'>
The task_prctl hook comment incorrectly described the hook as checking
whether a prctl operation is allowed. In reality, the hook exists for
LSMs to handle LSM-specific prctl operations.

Update the function description and kernel-doc comment to reflect the
actual behavior. The old wording appears to have been copied from other
permission-check hooks despite differing semantics.

Signed-off-by: Bill Roberts &lt;bill.roberts@arm.com&gt;
Acked-by: Casey Schaufler &lt;casey@schaufler-ca.com&gt;
Reviewed-by: Serge Hallyn &lt;serge@hallyn.com&gt;
[PM: subj tweak, comment tweak -&gt; "prctl to prctl()" ]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
</entry>
<entry>
<title>Automated merge of 'dev' into 'next'</title>
<updated>2026-07-02T16:36:41+00:00</updated>
<author>
<name>Paul Moore</name>
<email>paul@paul-moore.com</email>
</author>
<published>2026-07-02T16:36:41+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=ae3d476caeba0bb7779334b1ce9d9a795ed602d2'/>
<id>urn:sha1:ae3d476caeba0bb7779334b1ce9d9a795ed602d2</id>
<content type='text'>
* dev:
  selinux: tighten type validation during policy load
  selinux: drop unnecessary goto and label from avc_alloc_node()
  selinux: convert int flags to bool flags in ss/services.c
  selinux: clean up selinuxfs resources on init failure
  selinux: hooks: use kmalloc() to allocate path buffer
</content>
</entry>
<entry>
<title>selinux: tighten type validation during policy load</title>
<updated>2026-07-02T16:36:15+00:00</updated>
<author>
<name>Stephen Smalley</name>
<email>stephen.smalley.work@gmail.com</email>
</author>
<published>2026-05-07T16:16:34+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=ef0740b4b75fe48fb411b2a76aafbab0cdd6b0ba'/>
<id>urn:sha1:ef0740b4b75fe48fb411b2a76aafbab0cdd6b0ba</id>
<content type='text'>
Tighten type validation during policy load to improve robustness in
the face of ill-formed policies.

Signed-off-by: Stephen Smalley &lt;stephen.smalley.work@gmail.com&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
</entry>
<entry>
<title>landlock: Fix TCP Fast Open connection bypass</title>
<updated>2026-07-02T14:55:13+00:00</updated>
<author>
<name>Matthieu Buffet</name>
<email>matthieu@buffet.re</email>
</author>
<published>2026-07-01T21:46:27+00:00</published>
<link rel='alternate' type='text/html' href='http://mirrors.hust.edu.cn/git/linux-next.git/commit/?id=ab897e584fcb5e99ea00e72ec0dacaf62fb7778a'/>
<id>urn:sha1:ab897e584fcb5e99ea00e72ec0dacaf62fb7778a</id>
<content type='text'>
The documentation of the socket_connect() LSM hook states that it
controls connecting a socket to a remote address. It has not been the
case since the addition of TCP Fast Open (RFC 7413) support, which
allows opening a TCP connection (thus, setting a socket's destination
address) via the MSG_FASTOPEN flag passed to
sendto()/sendmsg()/sendmmsg(). The problem then got duplicated into
MPTCP.

Landlock did not take it into account when its TCP support was added,
leaving a bypass of TCP connect policy.

Ideally a call to the LSM hook would be added in the fastopen code path,
in order to fix this generically. But connect() hooks are designed to
run with the socket locked, unlike sendmsg() hooks.

Closes: https://github.com/landlock-lsm/linux/issues/41
Fixes: fff69fb03dde ("landlock: Support network rules with TCP bind and connect")
Signed-off-by: Matthieu Buffet &lt;matthieu@buffet.re&gt;
Link: https://patch.msgid.link/20260701214628.33319-1-matthieu@buffet.re
[mic: Wrap commit message]
Signed-off-by: Mickaël Salaün &lt;mic@digikod.net&gt;
</content>
</entry>
</feed>
