Linux 5.17 Released
22 Mar 2022 tags: audit selinuxLinux v5.17 was released on Sunday, March 20th; the SELinux and audit highlights are below:
SELinux
-
Fixed an improper mutex check in the SELinux code which could have resulted in spurious warning messages.
-
Fixed a problem where an internal policy structure field was not properly reset after freeing, potentially leading to a double-free problem on certain error conditions.
-
Internal hardening improvements relating to calculating memory allocation sizes by changing code to use the struct_size() macro.
-
Various “house cleaning” changes to the SELinux filesystem mount hooks: removing dead code, minor code tweaks, and plugging a potential memory leak.
-
Renamed a LSM/SELinux hook responsible for returning the security label of the currently running task to better reflect its behavior.
Audit
-
Fix problems relating to record queuing and system responsiveness when “audit=1” is specified on the kernel command line and the audit daemon is SIGSTOP‘d for an extended period of time.
-
Ensure that processes which generate userspace records are not exempt from the kernel’s record throttling when the audit queues are being overrun.
-
Fix a problem when auditing the openat2() syscall which could result in improperly accessing userspace memory.
-
Internal hardening improvements through the use of the struct_size() macro and zero-length array to flexible-array conversions.