Linux 5.15 Released02 Nov 2021 tags: audit selinux
Linux v5.15 was released on Sunday, October 31st - Happy Halloween! - the SELinux and audit highlights are below:
In Linux v5.13 we fixed a problem where the LSM hooks were not properly differentiating between the subjective and objective LSM credentials. Unfortunately that fix was not correct in a number of areas, especially when referencing credentials of a task other than the one currently executing. We’ve fixed this in v5.15 and the patch should find it’s way into the currently supported upstream stable trees (I believe the patch has already been backported at the time of writing).
Support was added, via the “mctp_socket” object class, for the Management Component Transport Protocol (MCTP).
A small improvement was made for SELinux operations on systems when audit is not enabled.
Fixed a problem where the AUDIT_TRIM command, e.g.
auditctl -t, could result in a file watch reference counting problem which could result in a kernel error due to a use-after-free condition. As the AUDIT_TRIM command typically requires elevated privileges, the risk of malicious unprivileged users triggering this bug is low.
Fixed a potential NULL pointer dereference when performing the in-kernel audit filtering.