Linux 4.9 Released
15 Dec 2016 tags: audit selinuxLinux 4.9 was released the past weekend, on December 11th. Here is a quick summary of the SELinux and audit changes.
SELinux
-
Provide proper SELinux support for overlayfs, a filesystem very important for container workloads.
-
Remove the SECURITY_SELINUX_POLICYDB_VERSION_MAX Kconfig option, its last meaningful use was in the Fedora Core 3 and 4 timeframe.
-
Additional security policy sanity and bounds checking.
Audit
-
Add AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND to the audit kernel feature bitmap to indicate the expanded exclude filters merged in Linux 4.8.
-
Fix a number of problems in the code to ensure that the PIDs recorded in various audit records always match userspace’s view of the process/PID.
-
Prefix the “ioctlcmd” field data with a “0x” to indicate the value is represented in hexadecimal.