security subsystem · Supported

Maintainers

• M Paul Moore <paul@paul-moore.com>
• M James Morris <jmorris@namei.org>
• M "Serge E. Hallyn" <serge@hallyn.com>

Paths

• F include/linux/lsm/
• F include/linux/lsm_audit.h
• F include/linux/lsm_hook_defs.h
• F include/linux/lsm_hooks.h
• F include/linux/security.h
• F include/uapi/linux/lsm.h
• F security/
• F tools/testing/selftests/lsm/
• F rust/kernel/security.rs
• X security/selinux/

Last 30 days

Most active threads (last 7 days)

• HOTtoday [PATCH v5 0/8] lsm: Replace security_sb_mount with granular mount hooks
  2026-05-28 18:27 · 6 replies in 7d · Song Liu <song@kernel.org>
• WARM1d [PATCH v2 0/9] Landlock: Namespace and capability control
  2026-05-27 18:36 · 5 replies in 7d · Mickaël Salaün <mic@digikod.net>
• HOTtoday [PATCH 00/11] hornet: security, tooling and selftest fixes
  2026-05-28 03:09 · 3 replies in 7d · Blaise Boscaccy <hidden>
• WARM1d [PATCH v9 0/9] Implement LANDLOCK_ADD_RULE_QUIET
  2026-05-27 01:01 · 3 replies in 7d · Tingmao Wang <hidden>
• DORMANTno replies [PATCH 6.12.y] landlock: Fix TCP handling of short AF_UNSPEC addresses
  2026-05-28 12:14 · 0 replies in 7d · Maximilian Heyne <hidden>
• WARM2d [PATCH RESEND 0/1] yama: clean-up ptrace relations upon activating YAMA_SCOPE_NO_ATTACH
  2026-05-26 15:35 · 1 reply in 7d · Ethan Ferguson <hidden>
• HOTtoday [PATCH v3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
  2026-05-26 14:28 · 0 replies in 7d · Aaron Tomlin <atomlin@atomlin.com>
• WARM1d [PATCH v4 0/3] introduce IMA_INIT_LATE_SYNC option
  2026-05-25 07:54 · 2 replies in 7d · Yeoreum Yun <hidden>
• DORMANTno replies [PATCH] keys: Pin request_key_auth payload in instantiate paths
  2026-05-26 02:48 · 0 replies in 7d · Shaomin Chen <hidden>
• WARM1d [PATCH v2 2/2] security: smack: fix spelling mistake
  2026-05-26 01:39 · 0 replies in 7d · <hidden>

Active reviewers (last 30 days)

• Stephen Smalley <stephen.smalley.work@gmail.com>
  8 attestations (8 Reviewed-by) · last on 2026-05-28
• Günther Noack <gnoack@google.com>
  4 attestations (4 Reviewed-by) · last on 2026-05-27
• Nicolas Schier <nsc@kernel.org>
  4 attestations (4 Reviewed-by) · last on 2026-05-17
• Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
  3 attestations (3 Acked-by) · last on 2026-05-28
• Tingmao Wang <hidden>
  3 attestations (3 Reviewed-by) · last on 2026-05-27
• Christian Brauner <brauner@kernel.org>
  2 attestations (1 Reviewed-by, 1 Suggested-by) · last on 2026-05-27
• Stefan Berger <stefanb@linux.ibm.com>
  2 attestations (2 Reviewed-by) · last on 2026-05-22
• kernel test robot <hidden>
  2 attestations (2 Reported-by) · last on 2026-05-14
• Eric Biggers <ebiggers@kernel.org>
  1 attestation (1 Reported-by) · last on 2026-05-28
• Justin Suess <hidden>
  1 attestation (1 Co-developed-by) · last on 2026-05-27

Recent patches

Most-recent 30 patches in this subsystem on linux-security-module (capped at 30), ordered by date desc.

• DORMANTno replies REVIEWED: 1 (1M) [PATCH v5 8/8] lsm: Remove security_sb_mount and security_move_mount
  2026-05-28 · Song Liu <song@kernel.org>
• HOTtoday REVIEWED: 1 (1M) [PATCH v5 6/8] tomoyo: Convert from sb_mount to granular mount hooks
  2026-05-28 · Song Liu <song@kernel.org>
• HOTtoday [PATCH v5 5/8] landlock: Convert from sb_mount to granular mount hooks
  2026-05-28 · Song Liu <song@kernel.org>
• HOTtoday [PATCH v5 3/8] apparmor: Convert from sb_mount to granular mount hooks
  2026-05-28 · Song Liu <song@kernel.org>
• HOTtoday [PATCH v5 2/8] apparmor: Remove redundant MS_MGC_MSK stripping in apparmor_sb_mount
  2026-05-28 · Song Liu <song@kernel.org>
• HOTtoday REVIEWED: 1 (1M) [PATCH v5 1/8] lsm: Add granular mount hooks
  2026-05-28 · Song Liu <song@kernel.org>
• DORMANTno replies [PATCH 6.12.y] landlock: Fix TCP handling of short AF_UNSPEC addresses
  2026-05-28 · Maximilian Heyne <hidden>
• HOTtoday [PATCH 03/11] hornet: fix off-by-one bug in max used maps check
  2026-05-28 · Blaise Boscaccy <hidden>
• HOTtoday [PATCH 02/11] hornet: invert map set check logic
  2026-05-28 · Blaise Boscaccy <hidden>
• HOTtoday [PATCH 01/11] hornet: fix TOCTOU in signed program verification
  2026-05-28 · Blaise Boscaccy <hidden>
• DORMANTno replies [PATCH v2 1/9] security: add LSM blob and hooks for namespaces
  2026-05-27 · Mickaël Salaün <mic@digikod.net>
• DORMANTno replies REVIEWED: 2 (1M) [PATCH v2 5/9] landlock: Enforce capability restrictions
  2026-05-27 · Mickaël Salaün <mic@digikod.net>
• WARM1d REVIEWED: 4 (4M) [PATCH v2 2/9] security: Add LSM_AUDIT_DATA_NS for namespace audit records
  2026-05-27 · Mickaël Salaün <mic@digikod.net>
• WARM1d REVIEWED: 2 (1M) [PATCH v2 4/9] landlock: Enforce namespace use restrictions
  2026-05-27 · Mickaël Salaün <mic@digikod.net>
• WARM1d REVIEWED: 2 (1M) [PATCH v2 3/9] landlock: Wrap per-layer access masks in struct layer_config
  2026-05-27 · Mickaël Salaün <mic@digikod.net>
• WARM1d [PATCH v9 3/9] landlock: Suppress logging when quiet flag is present
  2026-05-27 · Tingmao Wang <hidden>
• WARM1d [PATCH v9 2/9] landlock: Add API support and docs for the quiet flags
  2026-05-27 · Tingmao Wang <hidden>
• WARM1d [PATCH v9 1/9] landlock: Add a place for flags to layer rules
  2026-05-27 · Tingmao Wang <hidden>
• DORMANTno replies [PATCH RESEND 1/1] yama: clean-up ptrace relations upon activating YAMA_SCOPE_NO_ATTACH
  2026-05-26 · Ethan Ferguson <hidden>
• HOTtoday [PATCH v3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
  2026-05-26 · Aaron Tomlin <atomlin@atomlin.com>
• DORMANTno replies [PATCH] keys: Pin request_key_auth payload in instantiate paths
  2026-05-26 · Shaomin Chen <hidden>
• WARM1d [PATCH v2 2/2] security: smack: fix spelling mistake
  2026-05-26 · <hidden>
• DORMANTno replies [PATCH v2 1/2] security: apparmor: fix two spelling mistakes
  2026-05-26 · <hidden>
• WARM1d [PATCH] tomoyo: Fix NULL pointer dereference in tomoyo_init_request_info() when domain is NULL
  2026-05-26 · Jiakai Xu <hidden>
• DORMANTno replies [PATCH] apparmor: fix use-after-free in rawdata dedup loop
  2026-05-25 · Ruslan Valiyev <hidden>
• WARM1d [PATCH v4 2/3] security: ima: introduce IMA_INIT_LATE_SYNC option
  2026-05-25 · Yeoreum Yun <hidden>
• WARM1d [PATCH v4 1/3] security: lsm: Allow LSMs to register for late_initcall_sync init
  2026-05-25 · Yeoreum Yun <hidden>
• WARM3d [PATCH] Fix various spelling mistakes
  2026-05-25 · <hidden>
• DORMANTno replies [PATCH 2/2] smack: restrict smackfs/{direct,mapped} values to 0-255
  2026-05-24 · Konstantin Andreev <hidden>
• WARM3d [PATCH 1/2] smack: deduplicate smackfs/{direct,mapped} file_operations
  2026-05-24 · Konstantin Andreev <hidden>

Needs attention (review trailers in, no pickup)

Patches with review trailers that haven't landed in mainline and haven't been Acked by a maintainer. Oldest first.

• STALE182d REVIEWED: 2 (2M) [PATCH RESEND] apparmor: Replace sprintf/strcpy with scnprintf/strscpy in aa_policy_init
  2025-11-22 · Thorsten Blum <thorsten.blum@linux.dev> · 1 Reviewed-by
• STALE176d REVIEWED: 1 (0M) [PATCH v7 07/11] tpm2-sessions: Unmask tpm_buf_append_hmac_session()
  2025-11-27 · Jarkko Sakkinen <jarkko@kernel.org> · 1 Reviewed-by
• STALE176d REVIEWED: 1 (0M) [PATCH v7 08/11] KEYS: trusted: Open code tpm2_buf_append()
  2025-11-27 · Jarkko Sakkinen <jarkko@kernel.org> · 1 Reviewed-by
• STALE176d REVIEWED: 1 (0M) [PATCH v7 09/11] tpm-buf: unify TPM_BUF_BOUNDARY_ERROR and TPM_BUF_OVERFLOW
  2025-11-27 · Jarkko Sakkinen <jarkko@kernel.org> · 1 Reviewed-by
• STALE176d REVIEWED: 1 (1M) [PATCH v7 11/11] tpm-buf: Enable managed and stack allocations.
  2025-11-27 · Jarkko Sakkinen <jarkko@kernel.org> · 1 Reviewed-by
• STALE181d REVIEWED: 1 (0M) [PATCH v8 07/11] tpm2-sessions: Unmask tpm_buf_append_hmac_session()
  2025-11-27 · Jarkko Sakkinen <jarkko@kernel.org> · 1 Reviewed-by
• STALE181d REVIEWED: 1 (0M) [PATCH v8 08/11] KEYS: trusted: Open code tpm2_buf_append()
  2025-11-27 · Jarkko Sakkinen <jarkko@kernel.org> · 1 Reviewed-by
• STALE181d REVIEWED: 1 (0M) [PATCH v8 09/11] tpm-buf: unify TPM_BUF_BOUNDARY_ERROR and TPM_BUF_OVERFLOW
  2025-11-27 · Jarkko Sakkinen <jarkko@kernel.org> · 1 Reviewed-by
• DORMANTno replies REVIEWED: 1 (1M) [PATCH v8 11/11] tpm-buf: Enable managed and stack allocations.
  2025-11-27 · Jarkko Sakkinen <jarkko@kernel.org> · 1 Reviewed-by
• STALE181d REVIEWED: 1 (0M) [PATCH v9 2/8] tpm2-sessions: Open code tpm_buf_append_hmac_session()
  2025-11-28 · Jarkko Sakkinen <jarkko@kernel.org> · 1 Reviewed-by

Quiet for 30+ days

Patches with no review trailers and no replies. Either the author is heads-down elsewhere or these slipped through. Oldest first.

• STALE208d [PATCH v2 1/2] ipe: Add AT_EXECVE_CHECK support for script enforcement
  2025-10-31 · Yanzhu Huang <hidden>
• STALE204d [PATCH 1/3] landlock: Add flag to supress access rule inheritence within a layer
  2025-11-05 · Justin Suess <hidden>
• STALE203d [PATCH v3 1/2] ipe: Add AT_EXECVE_CHECK support for script enforcement
  2025-11-05 · Yanzhu Huang <hidden>
• STALE160d [PATCH v4 01/10] landlock: Add a place for flags to layer rules
  2025-11-16 · Tingmao Wang <hidden>
• STALE160d [PATCH v4 04/10] landlock: Fix wrong type usage
  2025-11-16 · Tingmao Wang <hidden>
• COOLING6d [RFC PATCH v4 16/19] landlock: Log socket creation denials
  2025-11-18 · Mikhail Ivanov <hidden>
• COOLING6d [RFC PATCH v4 15/19] lsm: Support logging socket common data
  2025-11-18 · Mikhail Ivanov <hidden>
• STALE178d [RFC v1 1/1] ima: Implement IMA event log trimming
  2025-11-19 · Anirudh Venkataramanan <hidden>
• STALE160d [PATCH v4 33/35] security/tomoyo: Enable context analysis
  2025-11-20 · Marco Elver <elver@google.com>
• STALE184d [PATCH 1/6] landlock: Implement LANDLOCK_ADD_RULE_NO_INHERIT
  2025-11-20 · Justin Suess <hidden>