Linux 5.11 Released

Linux v5.11 was released on Sunday, February 14, 2021 (happy Valentine’s Day!). It was a relatively small release from a SELinux and audit perspective, but the highlights are below:

SELinux

• Changed the LSM network hooks to pass “flowi_common” structs instead of the parent “flowi” struct; the LSMs do not currently need the full “flowi” struct and they do not have the address family information necessary to use it safely.

• Fix how we handle errors in “inode_doinit_with_dentry()” so that we attempt to properly label the inode on following lookups instead of continuing to treat the inode as unlabeled.

• Update the kernel logic around the SELinux “allowx”, “auditallowx”, and “dontauditx” policy statements such that “auditx” and “dontauditx” are effective even without the “allowx” statement.

• A number of smaller changes to mark some LSM hook parameters as constant and fix a “switch” statement fall-through warning in Clang.

Audit

• Linux v5.7 changed how audit records were generated such that mandatory audit records could trigger the creation of various accompanying records (e.g. SYSCALL records). Unfortunately, a number of problems were found and this change had to be reverted in Linux v5.8. With this kernel release we have fixed all of the outstanding problems and restored this behavior. This change should help provide additional context around various audit events, making it easier for administrators to understand what was actually happening on the system.