Linux 5.0 Released

Instead of Linux v4.21, Linux v5.0 was released on March 3, 2019. The major version bump doesn't reflect any major changes, other than there were a "lot" of v4.x releases and Linus decided it was time to increment the major version number.

The SELinux and audit kernel highlights are below.

SELinux

  • Rework the internal SELinux label database (sidtab) to improve both availability during policy reloads and lookup performance. This should generally improve SELinux performance as well as reduce SELinux related ENOMEM errors during a policy reload.

  • The SELinux filesystem mount controls have changed to always allow filesystem submounts. For all current in-tree filesystems, granting permission to mount submounts should not degrade the security of the system, and brings the SELinux access controls more in line with the kernel's capability checks for submounts. As Ondrej Mosnacek explains in the patch description:

    ... In the current kernel tree, the MS_SUBMOUNT flag is set only via vfs_submount(), which is called only from the following places:
    - AFS, when automounting special "symlinks" referencing other cells
    - CIFS, when automounting "referrals"
    - NFS, when automounting subtrees
    - debugfs, when automounting tracefs

    In all cases the submounts are meant to be transparent to the user and it makes sense that if mounting the master is allowed, then so should be the automounts. Note that CAP_SYS_ADMIN capability checking is already skipped for (SB_KERNMOUNT|SB_SUBMOUNT) ...

  • Internal kernel changes to support the internal VFS mount API changes. These changes should have no impact on the SELinux policy or user experience.

  • A number of internal kernel bug fixes relating to error handling and policy byte ordering.

Audit

  • System call auditing support was added to the RISC-V architecture.

  • The file capabilities fields, the "cap_f*" fields in the PATH record, have been shortened to log only a value of "0" when none of the capabilities are set. This should help shorten PATH records on systems that don't make use of file capabilities.

  • Fixed a problem where empty arguments were not being properly logged in the EXECVE record.

  • A large number of fixes to the audit subsystem's use of fsnotify. This should help improve the performance and robustness of audit's filesystem watches.

  • Removed the CONFIG_AUDIT_WATCH and CONFIG_AUDIT_TREE kernel configuration options, using the CONFIG_AUDITSYSCALL option instead, and forcing the CONFIG_FSNOTIFY option when CONFIG_AUDITSYSCALL is enabled.

  • A number of internal code cleanups.

Linux 4.20 Released

Linux v4.20 was released on December 23, 2018. Not only is this release the last release of 2018, it is believed to be the last Linux v4.x release, with the next Linux release expected to be v5.0.

This release was a relatively small release from a SELinux perspective, and an even smaller release from an audit point of view, with no audit related changes between Linux v4.19 and v4.20.

SELinux

  • When we added support for cgroup2 file labeling in Linux v4.14 we unfortunately broke mounting of cgroup2 filesystems on older SELinux policies which were missing a genfscon rule for cgroup2. We've fixed this problem by marking the cgroup2 files as unlabeled when there is no genfscon rule.

  • Add additional address length checks to the SELinux SCTP code to ensure properly handle malformed user input during bind() and connect().

  • Improved validation of the MLS field to catch invalid SELinux labels. This also resulted in a number of code simplifications.

  • Added SELinux netlink definitions for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN.

  • Internal improvements caught by syzbot as well as some minor LSM infrastructure changes.

Linux 4.19 Released

With Linux v4.19 being released on Monday, October 22nd this summary is much later than I would have liked, but with the understanding that "better late than never", here are the SELinux and audit highlights for Linux v4.19.

SELinux

  • Fix a memory leak in the selinuxfs error handling code. The selinuxfs pseudo filesystem is the SELinux control filesystem which is typically mounted on /sys/fs/selinux.

  • Internal changes to the file open and kernel module loading LSM hooks.

  • Mark more internal data structures as constant (read-only).

  • Internal changes to convert various printk() calls into pr_*() macros.

Audit

  • The SECCOMP and ANOM_ABEND records are now associated with other audit records in the same event.

  • Fixed a problem where the GID/EGID audit filters were not being evaluated correctly. More information can be found in the GitHub issue.

  • Fix a problem where we were not always honoring the audit enabled setting on some configuration changes.

  • Expand the executable name filter beyond the exit filter so that it can be used in other audit filter rules. Ondrej Mosnacek provided the following example in the patch description:

    # auditctl -a exit,always [some general rule]
    # auditctl -a exclude,always -F exe=/bin/exe1 # exclude /bin/exe1
    # auditctl -a exclude,always -F exe=/bin/exe2 # exclude /bin/exe2
    An updated audit userspace is required to make use of this new capability.

  • Fixed an internal use-after-free problem that could affect file watches.

  • Renamed the audit filter AUDIT_FILTER_TYPE to AUDIT_FILTER_EXCLUDE to better match the actual usage of the filter. The value was preserved, as was the now obsolete AUDIT_FILTER_TYPE name, so there should be no impact to existing userspace applications.

  • Internal changes to adopt the new kernel timekeeping API.

  • Internal changes to better define some magic numbers used inside the audit subsystem.

  • Minor coding style fixes.