Linux 6.2 Released

Linux v6.2 was released on Sunday, February 19th; the SELinux and audit highlights are below. Beyond these highlights, LWN.net has summarized the major changes in this release made during the first and second weeks of the merge window.

SELinux

• Increased the deprecation sleep penalty for both the checkreqprot and the runtime disable options from 5 to 15 seconds. With only one problem report, from a neglected test machine, since we started deprecating these configuration options, I expect we will disable both options completely in an upcoming kernel release, likely as soon as Linux v6.4. See the SELinux kernel wiki pages, linked above, for more information if you still rely on either of these options.

• When a new SELinux policy is loaded, the kernel’s internal SELinux label tables need to be updated and converted from the old policy to the new, this is handled by the “sidtab conversion” code. Previously this code relied on indirect function calls for some of its work, but in this kernel release we’ve replaced the indirect calls with direct calls in an effort to make the code cleaner, easier to understand, and more maintainable in the long term.

• Minor changes were made to the security_socket_getpeersec_stream() LSM hook, and SELinux implementation, to match recent changes in the core networking code which impacted the LSM hook’s parameter types.

• Minor changes to support the POSIX ACL updates in the core VFS code.

Audit

• Minor tweaks to the audit filtering code which should provide a small performance improvement.