Linux 6.10 Merge Window

Linux v6.9 was released last week, with the Linux v6.10 merge window opening immediately afterwards. Below are the highlights of the LSM and SELinux pull requests which have been merged into Linus’ tree. Due to the lack of audit patches queued for Linux v6.10, there is no no audit pull request planned for this merge window.

LSM

• Minor cross-LSM update to remove empty sentinel values from the ctl_table arrays.

• Minor updates to the LSM, or “LINUX SECURITY SUBSYSTEM”, entry into the kernel’s MAINTAINERS file to more accurately reflect the LSM files.

SELinux

• Attempt to pre-allocate the SELinux status page so it doesn’t appear to userspace, via the SELinux netlink socket or the getpolicyload tool, that we are skipping SELinux policy sequence numbers.

• Additional error checking for SELinux policy bitmaps at policy load time; invalid bitmaps will result in a failed policy load and an error returned to the user.

• Improve the consistency of variable types used to represent SELinux policy bitmap offsets; the u32 type is now used everywhere. We also corrected a number of printk() format specifiers used when displaying bitmap information.

• Improve the SELinux symbol table hashing function performance and distribution by moving to the djb2a hash function.

• Added additional debug statistics for the conditional rules access vectors, role transitions, object class, and common permission hash tables.

• Minor cleanups and improvements as well as improved error handling in multiple SELinux internal kernel functions.