Linux 4.19 Released

With Linux v4.19 being released on Monday, October 22nd this summary is much later than I would have liked, but with the understanding that "better late than never", here are the SELinux and audit highlights for Linux v4.19.

SELinux

  • Fix a memory leak in the selinuxfs error handling code. The selinuxfs pseudo filesystem is the SELinux control filesystem which is typically mounted on /sys/fs/selinux.

  • Internal changes to the file open and kernel module loading LSM hooks.

  • Mark more internal data structures as constant (read-only).

  • Internal changes to convert various printk() calls into pr_*() macros.

Audit

  • The SECCOMP and ANOM_ABEND records are now associated with other audit records in the same event.

  • Fixed a problem where the GID/EGID audit filters were not being evaluated correctly. More information can be found in the GitHub issue.

  • Fix a problem where we were not always honoring the audit enabled setting on some configuration changes.

  • Expand the executable name filter beyond the exit filter so that it can be used in other audit filter rules. Ondrej Mosnacek provided the following example in the patch description:

    # auditctl -a exit,always [some general rule]
    # auditctl -a exclude,always -F exe=/bin/exe1 # exclude /bin/exe1
    # auditctl -a exclude,always -F exe=/bin/exe2 # exclude /bin/exe2
    An updated audit userspace is required to make use of this new capability.

  • Fixed an internal use-after-free problem that could affect file watches.

  • Renamed the audit filter AUDIT_FILTER_TYPE to AUDIT_FILTER_EXCLUDE to better match the actual usage of the filter. The value was preserved, as was the now obsolete AUDIT_FILTER_TYPE name, so there should be no impact to existing userspace applications.

  • Internal changes to adopt the new kernel timekeeping API.

  • Internal changes to better define some magic numbers used inside the audit subsystem.

  • Minor coding style fixes.

Linux Security Summit Europe 2018

In late October we held the first ever Linux Security Summit in Europe and I'm very happy to see it was well attended and the presentations were of their usual high standard. A big thank you to everyone involved!

Thanks to our sponsors, all of the talks were recorded this year and can be found at the link below.

Linux Security Summit North America 2018

The 2018 Linux Security Summit for North America wrapped up a couple of weeks ago and it was once again a big success. This year's event was our largest to date, with 220 people registered for the conference. Thanks to James Morris and the rest of the program committee, the speakers, the Linux Foundation, and our sponsors - thank you!

Special thanks to Cisco who stepped up at the last minute to sponsor recordings of all the talks this year, available at the link below.