Linux 6.5 Merge Window
30 Jun 2023 tags: audit selinuxLinux v6.4 was released this past Sunday, with the Linux v6.5 merge window opening immediately afterwards. Below are the highlights of the SELinux and audit pull requests which Linus merged this week.
SELinux
-
Fixed a longstanding issue with MultiPath TCP (MPTCP) where the MPTCP subflows were not labeled properly. Starting in Linux v6.5, MPTCP subflows will now be correctly labeled using the main MPTCP socket instead of the currently executing task. A special thanks to Paolo Abeni, and the other MPTCP developers, for their help on this issue.
-
Fixed an issue where labeled NFS mounts that were mounted prior to the initial SELinux policy load were not properly labeled once the policy was loaded. Now these existing labeled NFS mounts are labeled using the same deferred labeling mechanisms we use for local filesystems.
-
The “fs” object context was deprecated. SELinux policy parser support for this object context was included in the original SELinux kernel patches, but the object context was never utilized and was either ignored or marked as deprecated by all of the available SELinux policy we could find.
-
We continued the SELinux makefile improvements and cleanups we started in Linux v6.4.
-
A small number of code cleanups to remove dead code and generally improve the quality of the SELinux kernel code.
Audit
- A minor fix to resolve some missing function prototype warnings when compiling the kernel.