Linux 4.7 Released
04 Aug 2016 tags: audit selinuxLinux 4.7 was released almost two weeks ago, but due to some travel I haven’t had any time to write up the usual release notes. However, I did manage to find a few minutes, so without further delay I present to you the SELinux and audit highlights in the latest Linux Kernel major release.
SELinux
-
Add the ability to restrict kernel module loading via the new “system:module_load” permission.
-
Distinquish between the init and non-init user namespaces when performing capability checks. The init namespace uses the existing “cap” and “cap2” object classes while non-init user namespaces use “cap_userns” and “cap2_userns”.
-
Apply the “process:execstack” check to thread stack’s allocated via mmap().
Audit
- Add the terminal information to the LOGIN record via the “tty” field.