Linux 4.8 Released

18 Oct 2016 tags: audit selinux

This post is also a bit late, Linux 4.8 was released on October 2nd, but better late than never. Here is a quick rundown of the SELinux and audit highlights.

SELinux

Support for RFC 5570, Common Architecture Label IPv6 Security Option (CALIPSO). The CALIPSO implementation included in Linux 4.8 has been tested for interoperability with Solaris TX.
Bounds checking is now only applied to source types which should make it much easier to write SELinux policies for sandboxing tools that make use of PR_SET_NO_NEW_PRIVS. Additional details can be found in the commit description.
A number of bug fixes related to NetLabel, especially the handling of category bitmaps.
Fixes to ensure that AF_IUCV sockets are properly labeled.

Audit

Expand the exclude filter to include PID, UID, GID, AUID, LOGINUID_SET, and the various SUBJ fields.
Internal fixes to both executable name filter and the execve() argument auditing code to ensure safety and proper operation.
Add syscall argument masking for s390 applications running on s390x kernels.

Paul Moore

Linux 4.8 Released

SELinux

Audit

Latest Posts

19 Sep 2024 Linux 6.12 Merge Window

18 Sep 2024 Linux 6.11 Released

16 Jul 2024 Linux 6.11 Merge Window