Linux 4.19 Released28 Nov 2018 tags: audit selinux
With Linux v4.19 being released on Monday, October 22nd this summary is much later than I would have liked, but with the understanding that "better late than never", here are the SELinux and audit highlights for Linux v4.19.
Fix a memory leak in the selinuxfs error handling code. The selinuxfs pseudo filesystem is the SELinux control filesystem which is typically mounted on /sys/fs/selinux.
Internal changes to the file open and kernel module loading LSM hooks.
Mark more internal data structures as constant (read-only).
Internal changes to convert various printk() calls into pr_*() macros.
The SECCOMP and ANOM_ABEND records are now associated with other audit records in the same event.
Fixed a problem where the GID/EGID audit filters were not being evaluated correctly. More information can be found in the GitHub issue.
Fix a problem where we were not always honoring the audit enabled setting on some configuration changes.
Expand the executable name filter beyond the exit filter so that it can be used in other audit filter rules. Ondrej Mosnacek provided the following example in the patch description: An updated audit userspace is required to make use of this new capability.
Fixed an internal use-after-free problem that could affect file watches.
Renamed the audit filter AUDIT_FILTER_TYPE to AUDIT_FILTER_EXCLUDE to better match the actual usage of the filter. The value was preserved, as was the now obsolete AUDIT_FILTER_TYPE name, so there should be no impact to existing userspace applications.
Internal changes to adopt the new kernel timekeeping API.
Internal changes to better define some magic numbers used inside the audit subsystem.
Minor coding style fixes.