Linux 4.2 Released31 Aug 2015 tags: audit selinux
The Linux Kernel 4.2 release was yesterday and I wanted to summarize the SELinux and audit changes for those who might not follow Linux Kernel development.
Changes to support LSM stacking. This is a first effort and not the general purpose module stacking that some have requested, but it is still important as it lays the groundwork for future efforts.
Fixed a SELinux regression involving access control checking on PROT_EXEC protected shared anonymous mappings and reconciled differences in the mmap(2) and mprotect(2) access checks.
Removed some unused SELinux permissions. Some of the permissions were carryovers from before SELinux was merged into the mainline kernel, while others were from code that has been removed.
When displaying an error message about an unrecognized Netlink message, the socket class is displayed using its name and not it's corresponding object class number.
Updated the Netlink socket classes. Removed dead classes and added new ones to match the current kernel.
Enable genfscon based labeling for debugfs, pstore, and sysfs filesystems.
Fixed a problem when using setxattr to set SELinux security labels over NFSv4.2.
Fixed a problem with NetLabel generated SELinux labels on 32-bit systems.
Renamed duplicate field labels in the LSM_AUDIT_DATA_TASK record.
Fixed a problem involving incorrectly checking the return value of strnlen_user().
Removed dead code in audit_filter_rules().