Linux 4.19 Released
28 Nov 2018 tags: audit selinuxWith Linux v4.19 being released on Monday, October 22nd this summary is much later than I would have liked, but with the understanding that “better late than never”, here are the SELinux and audit highlights for Linux v4.19.
SELinux
-
Fix a memory leak in the selinuxfs error handling code. The selinuxfs pseudo filesystem is the SELinux control filesystem which is typically mounted on /sys/fs/selinux.
-
Internal changes to the file open and kernel module loading LSM hooks.
-
Mark more internal data structures as constant (read-only).
-
Internal changes to convert various printk() calls into pr_*() macros.
Audit
-
The SECCOMP and ANOM_ABEND records are now associated with other audit records in the same event.
-
Fixed a problem where the GID/EGID audit filters were not being evaluated correctly. More information can be found in the GitHub issue.
-
Fix a problem where we were not always honoring the audit enabled setting on some configuration changes.
- Expand the executable name filter beyond the exit filter so that it can be used in other audit filter rules. Ondrej Mosnacek provided the following example in the patch description:
# auditctl -a exit,always [some general rule] # auditctl -a exclude,always -F exe=/bin/exe1 # exclude /bin/exe1 # auditctl -a exclude,always -F exe=/bin/exe2 # exclude /bin/exe2An updated audit userspace is required to make use of this new capability.
-
Fixed an internal use-after-free problem that could affect file watches.
-
Renamed the audit filter AUDIT_FILTER_TYPE to AUDIT_FILTER_EXCLUDE to better match the actual usage of the filter. The value was preserved, as was the now obsolete AUDIT_FILTER_TYPE name, so there should be no impact to existing userspace applications.
-
Internal changes to adopt the new kernel timekeeping API.
-
Internal changes to better define some magic numbers used inside the audit subsystem.
- Minor coding style fixes.