Linux 4.5 Released15 Mar 2016 tags: audit selinux
Linux 4.5 was released this past weekend, here are the SELinux and audit release notes.
New LSM hooks and SELinux code to invalidate and revalidate inode security labels. This is important functionality for GFS2 and potentially other distributed filesystems.
New functionality to make the validatetrans policy decisions available to userspace via the selinuxfs mount, "/sys/fs/selinux" on most systems. Writing "$oldcontext $newcontext $tclass $taskcontext" to "/sys/fs/selinux/validatetrans" will return 0 if the transition is allowed and -EPERM otherwise.
A number of small improvements were made to help make the kernel/auditd connection more robust and fix some corner cases relating to audit queue backlog handling.
Auditing of seccomp events now honors the "audit_enabled" flag; when "audit_enabled=0" then seccomp events will not be audited.
Make selection of CONFIG_AUDITSYSCALL automatic on systems that have auditing enabled and support syscall auditing.