Linux 7.1 Merge Window

14 Apr 2026 tags: audit lsm selinux

Linux v7.0 was released on Sunday, April 12th, with the Linux v7.1 merge window opening immediately afterwards. Below are the highlights of the LSM, SELinux, and audit pull requests which have been merged into Linus’ tree.

LSM

• A LSM security blob was added to the backing_file structure, along with the associated LSM management hooks, as well as a new hook for controlling the memory mapping of an overlayfs backing file to resolve problems with the mmap(2) and mprotect(2) operations on overlayfs files. Those LSMs which enforce memory mapping access controls on overlayfs files will likely need to be use these new additions to ensure proper security policy enforcement.

• Minor changes to leverage kstrdup_const() and kfree_const() in securityfs.

• A number of small kernel-doc warnings were fixed.

SELinux

• Updated the existing SELinux mmap(2) and mprotect(2) access control implementations to leverage the new LSM additions and ensure that security policies involving overlayfs files are properly enforced. Unlike traditional filesystems where only the process acting on the file must have the necessary permissions for an action to succeed, on overlayfs files not only must the process acting on the user visible file have the necessary permissions, but the filesystem’s mounting process must also have the necessary permissions on the underlying backing file.

• A known, and harmless, race condition was annotated to quiet a KCSAN warning.

Audit

• Additional input checking was added to catch unknown AUDIT_SET requests sent from userspace. Current kernels silently ignore any AUDIT_SET requests that were not understood and only returned an error if any of the known requests failed. This makes it difficult for userspace tools to determine what a given kernel supports in an AUDIT_SET request. Starting with Linux v7.1 if an AUDIT_SET request is made where at least one portion of the request is unknown, an -EINVAL error code will be returned to the user.

• A number of small style and formatting cleanups to the audit kernel code.