Linux 4.19 Released

With Linux v4.19 being released on Monday, October 22nd this summary is much later than I would have liked, but with the understanding that “better late than never”, here are the SELinux and audit highlights for Linux v4.19.

SELinux

• Fix a memory leak in the selinuxfs error handling code. The selinuxfs pseudo filesystem is the SELinux control filesystem which is typically mounted on /sys/fs/selinux.

• Internal changes to the file open and kernel module loading LSM hooks.

• Mark more internal data structures as constant (read-only).

• Internal changes to convert various printk() calls into pr_*() macros.

Audit

• The SECCOMP and ANOM_ABEND records are now associated with other audit records in the same event.

• Fixed a problem where the GID/EGID audit filters were not being evaluated correctly. More information can be found in the GitHub issue.

• Fix a problem where we were not always honoring the audit enabled setting on some configuration changes.

• Expand the executable name filter beyond the exit filter so that it can be used in other audit filter rules. Ondrej Mosnacek provided the following example in the patch description:

  # auditctl -a exit,always [some general rule]
  # auditctl -a exclude,always -F exe=/bin/exe1 # exclude /bin/exe1
  # auditctl -a exclude,always -F exe=/bin/exe2 # exclude /bin/exe2
  

  An updated audit userspace is required to make use of this new capability.

• Fixed an internal use-after-free problem that could affect file watches.

• Renamed the audit filter AUDIT_FILTER_TYPE to AUDIT_FILTER_EXCLUDE to better match the actual usage of the filter. The value was preserved, as was the now obsolete AUDIT_FILTER_TYPE name, so there should be no impact to existing userspace applications.

• Internal changes to adopt the new kernel timekeeping API.

• Internal changes to better define some magic numbers used inside the audit subsystem.

• Minor coding style fixes.