Linux 5.18 Released

Linux v5.18 was released on Sunday, May 22nd; the SELinux and audit highlights are below:

SELinux

• Add a new policy capability, “ioctl_skip_cloexec”, which allows the FIOCLEX and FIONCLEX ioctls independently of the loaded SELinux policy when enabled.

• Implement the security_sctp_assoc_established() hook in SELinux to ensure that the SCTP peer labeling behavior is consistent on both the client and server side. The kernel’s SCTP documentation provides more information on how the SCTP peer labeling behavior:

  An SCTP socket will only have one peer label assigned to it. This will be assigned during the establishment of the first association. Any further associations on this socket will have their packet peer label compared to the socket’s peer label, and only if they are different will the association permission be validated. This is validated by checking the socket peer sid against the received packets peer sid to determine whether the association should be allowed or denied.

• Reworked how SELinux processes the filesystem mount contexts in an effort to simplify the kernel code and ensure that memory allocations are not attempted when it is inappropriate, e.g. when a spinlock is held. This work did introduce a new restriction in that the new mount API requires that the SELinux policy is loaded before passing filesystem contexts to the mount API.

• Add SELinux netlink message mappings for RTM_NEWTUNNEL, RTM_DELTUNNEL, RTM_GETTUNNEL, and RTM_SETSTATS. The new tunnel, delete tunnel, and hardware offload stat commands map to the “netlink_route_socket:nlmsg_write” permission while the get tunnel command maps to the “netlink_route_socket:nlmsg_read” permission.

• Fixed problems in the error handling of the kernel’s SELinux policy loading code.

• Fixed a problem with stacked LSMs when accessing a filesystem’s superblock.

• More kernel internal variables and function parameters were marked as constant values to help prevent unintended modification in the SELinux kernel code.

• Fixed a number of RCU variable marking mismatches.

• Minor internal style, type casting, and dead code fixes.

Audit

• Change how the “AUDIT_TIME_*” records are generated such that the time related records are only generated when they are associated with a corresponding syscall. This should help reduce the time related noise in the audit logs.

• Fixed a problem where a task’s audit context might not be properly reset when using io_uring.