Linux 6.0 Released

Linux v6.0 was released on Sunday, October 2nd; the SELinux and audit highlights are below:

SELinux

• Added access controls for the io_uring command passthrough functionality. This allows SELinux to control access to the io_uring command passthroughs at a per-domain level, but unfortunately due to limitations with the passthrough API, the permission is an all or nothing control with respect to the commands sent via io_uring. The patch author, Paul Moore, provides an example of the SELinux policy allow rule one would need to allow the new io_uring functionality:

  Add a SELinux access control for the iouring IORING_OP_URING_CMD command. This includes the addition of a new permission in the existing “io_uring” object class: “cmd”. The subject of the new permission check is the domain of the process requesting access, the object is the open file which points to the device/file that is the target of the IORING_OP_URING_CMD operation. A sample policy rule is shown below:

  allow <domain> <file>:io_uring { cmd };
  

• Added support for proper labeling of memfd_secret anonymous inodes. This allows LSMs, such as SELinux, that implement the anonymous inode hooks to apply security policy to memfd_secret file descriptors.

• Various small improvements to the SELinux kernel memory management code including fixing memory leaks, freeing memory when it is no longer needed, randomizing internal data structures, and adding boundary checks to memory accesses.

• Minor documentation fixes to fix style and formatting issues.

Audit

• Fixed a bug where the syscall return codes were not properly set before the filtering rules were executed. This resolved a problem where audit filter rules involving syscall return codes were not properly triggering on matching syscall events.

• Fixed a potential double free on a fsnotify error path.

• Fixed a memory leak in the io_uring audit code.

• Minor internal improvements to remove redundant code and mark private functions as static.