Linux 5.14 Released

30 Aug 2021 tags: audit selinux

Linux v5.14 was released on Sunday, August 29th; the SELinux and audit highlights are below:

Remove some limitations in the inode permission check code so that the kernel can update the SELinux Access Vector Cache (AVC) even in cases where it is not allowed to block the caller. This should result in less slow-path permission lookups and better use of the SELinux AVC.
Fixed a problem where an invalid initial SID did not correctly return an error to userspace when a policy was loaded into the kernel.
Memory allocation failures when updating the SELinux AVC no longer generate kernel warnings when the kernel is configured to generate failed allocation warnings. These failures are not fatal in any way, the AVC is a cache after all, but on some memory constrained systems the warnings can quickly fill the logs in certain configurations.
Minor improvements to the InfiniBand and policy DB string handling code which should result in better code quality and performance.
Minor code cleanups involving unused function parameters, kernel documentation fixes, and removal of redundant code.

Rename the enumerated type values used to indicate the audit state as the existing values collided with other names in the kernel.
Various minor style fixes to the audit code to better fit with existing kernel coding conventions.

Paul Moore