18 Oct 2016 tags: audit selinux This post is also a bit late, Linux 4.8 was released on October 2nd, but better late than never. Here is a quick rundown of the SELinux and audit highlights.
SELinux
-
Support for RFC 5570, Common Architecture Label IPv6 Security Option (CALIPSO). The CALIPSO implementation included in Linux 4.8 has been tested for interoperability with Solaris TX.
-
Bounds checking is now only applied to source types which should make it much easier to write SELinux policies for sandboxing tools that make use of PR_SET_NO_NEW_PRIVS. Additional details can be found in the commit description.
-
A number of bug fixes related to NetLabel, especially the handling of category bitmaps.
-
Fixes to ensure that AF_IUCV sockets are properly labeled.
Audit
-
Expand the exclude filter to include PID, UID, GID, AUID, LOGINUID_SET, and the various SUBJ fields.
-
Internal fixes to both executable name filter and the execve() argument auditing code to ensure safety and proper operation.
-
Add syscall argument masking for s390 applications running on s390x kernels.
14 Oct 2016 tags: apparmor audit ima seccomp selinux smack I’m writing this post much later than intended, almost two months later to be honest. I had planned to write up my notes on the 2016 Linux Security Summit like I had done in previous years, but a combination of work, work travel, and my own vacation plans kept me from spending any time on this until now. Unfortunately, those two months have fuzzed away enough of the details that I think writing up my thoughts now wouldn’t be tremendously useful.
The good news is that we have recordings of all the presentations this year, a first for the Linux Security Summit. In case you haven’t seen the videos already, I’ve added them all to a YouTube playlist and put the link below. I’ve also provided a link to my presentation on the “State of SELinux”.
Lastly, I want to thank all the speakers, the program committee, and everyone who attended. In my opinion this was our best Linux Security Summit by almost every metric and I’m already looking forward to next year.
05 Aug 2016 tags: audit selinux I’m on my way back home from my first Flock conference and I can say that I’m very happy I was able to attend. The talks were quite good, especially the presentations and demos around the Fedora Modularity effort, but as usual the real value was getting a chance to talk with other developers and contributors face to face.
At Flock I did give a presentation discussing some of the development kernel testing I’ve been doing over the past year with the SELinux and audit trees. The talk was recorded and once I have a link, I’ll update this post; in the meantime I’ve put a link to the slides (in PDF form) below. If you have any questions I’m always happy to talk over email/Twitter.
UPDATE: The Fedora Project’s video of the presentation has been linked below.
