Linux v4.20 was released on December 23, 2018. Not only is this release the last release of 2018, it is believed to be the last Linux v4.x release, with the next Linux release expected to be v5.0.
This release was a relatively small release from a SELinux perspective, and an even smaller release from an audit point of view, with no audit related changes between Linux v4.19 and v4.20.
When we added support for cgroup2 file labeling in Linux v4.14 we unfortunately broke mounting of cgroup2 filesystems on older SELinux policies which were missing a genfscon rule for cgroup2. We've fixed this problem by marking the cgroup2 files as unlabeled when there is no genfscon rule.
Add additional address length checks to the SELinux SCTP code to ensure properly handle malformed user input during bind() and connect().
Improved validation of the MLS field to catch invalid SELinux labels. This also resulted in a number of code simplifications.
Added SELinux netlink definitions for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN.
Internal improvements caught by syzbot as well as some minor LSM infrastructure changes.
With Linux v4.19 being released on Monday, October 22nd this summary is much later than I would have liked, but with the understanding that "better late than never", here are the SELinux and audit highlights for Linux v4.19.
Fix a memory leak in the selinuxfs error handling code. The selinuxfs pseudo filesystem is the SELinux control filesystem which is typically mounted on /sys/fs/selinux.
Internal changes to the file open and kernel module loading LSM hooks.
Mark more internal data structures as constant (read-only).
Internal changes to convert various printk() calls into pr_*() macros.
The SECCOMP and ANOM_ABEND records are now associated with other audit records in the same event.
Fixed a problem where the GID/EGID audit filters were not being evaluated correctly. More information can be found in the GitHub issue.
Fix a problem where we were not always honoring the audit enabled setting on some configuration changes.
Expand the executable name filter beyond the exit filter so that it can be used in other audit filter rules. Ondrej Mosnacek provided the following example in the patch description: An updated audit userspace is required to make use of this new capability.
Fixed an internal use-after-free problem that could affect file watches.
Renamed the audit filter AUDIT_FILTER_TYPE to AUDIT_FILTER_EXCLUDE to better match the actual usage of the filter. The value was preserved, as was the now obsolete AUDIT_FILTER_TYPE name, so there should be no impact to existing userspace applications.
Internal changes to adopt the new kernel timekeeping API.
Internal changes to better define some magic numbers used inside the audit subsystem.
In late October we held the first ever Linux Security Summit in Europe and I'm very happy to see it was well attended and the presentations were of their usual high standard. A big thank you to everyone involved!
Thanks to our sponsors, all of the talks were recorded this year and can be found at the link below.