Linux 4.20 Released07 Jan 2019 tags: audit selinux
Linux v4.20 was released on December 23, 2018. Not only is this release the last release of 2018, it is believed to be the last Linux v4.x release, with the next Linux release expected to be v5.0.
This release was a relatively small release from a SELinux perspective, and an even smaller release from an audit point of view, with no audit related changes between Linux v4.19 and v4.20.
When we added support for cgroup2 file labeling in Linux v4.14 we unfortunately broke mounting of cgroup2 filesystems on older SELinux policies which were missing a genfscon rule for cgroup2. We’ve fixed this problem by marking the cgroup2 files as unlabeled when there is no genfscon rule.
Add additional address length checks to the SELinux SCTP code to ensure properly handle malformed user input during bind() and connect().
Improved validation of the MLS field to catch invalid SELinux labels. This also resulted in a number of code simplifications.
Added SELinux netlink definitions for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN.
Internal improvements caught by syzbot as well as some minor LSM infrastructure changes.