Linux 5.0 Released06 Mar 2019 tags: audit selinux
Instead of Linux v4.21, Linux v5.0 was released on March 3, 2019. The major version bump doesn’t reflect any major changes, other than there were a “lot” of v4.x releases and Linus decided it was time to increment the major version number.
The SELinux and audit kernel highlights are below.
Rework the internal SELinux label database (sidtab) to improve both availability during policy reloads and lookup performance. This should generally improve SELinux performance as well as reduce SELinux related ENOMEM errors during a policy reload.
- The SELinux filesystem mount controls have changed to always allow filesystem submounts. For all current in-tree filesystems, granting permission to mount submounts should not degrade the security of the system, and brings the SELinux access controls more in line with the kernel’s capability checks for submounts. As Ondrej Mosnacek explains in the patch description:
… In the current kernel tree, the MS_SUBMOUNT flag is set only via vfs_submount(), which is called only from the following places:
- AFS, when automounting special “symlinks” referencing other cells
- CIFS, when automounting “referrals”
- NFS, when automounting subtrees
- debugfs, when automounting tracefs
In all cases the submounts are meant to be transparent to the user and it makes sense that if mounting the master is allowed, then so should be the automounts. Note that CAP_SYS_ADMIN capability checking is already skipped for (SB_KERNMOUNT|SB_SUBMOUNT) …
Internal kernel changes to support the internal VFS mount API changes. These changes should have no impact on the SELinux policy or user experience.
- A number of internal kernel bug fixes relating to error handling and policy byte ordering.
System call auditing support was added to the RISC-V architecture.
The file capabilities fields, the “cap_f*” fields in the PATH record, have been shortened to log only a value of “0” when none of the capabilities are set. This should help shorten PATH records on systems that don’t make use of file capabilities.
Fixed a problem where empty arguments were not being properly logged in the EXECVE record.
A large number of fixes to the audit subsystem’s use of fsnotify. This should help improve the performance and robustness of audit’s filesystem watches.
Removed the CONFIG_AUDIT_WATCH and CONFIG_AUDIT_TREE kernel configuration options, using the CONFIG_AUDITSYSCALL option instead, and forcing the CONFIG_FSNOTIFY option when CONFIG_AUDITSYSCALL is enabled.
A number of internal code cleanups.