07 Nov 2018 tags: android apparmor audit ima selinux smack
In late October we held the first ever Linux Security Summit in Europe and I'm very happy to see it was well attended and the presentations were of their usual high standard. A big thank you to everyone involved!
Thanks to our sponsors, all of the talks were recorded this year and can be found at the link below.
06 Sep 2018 tags: android apparmor audit ima selinux smack
The 2018 Linux Security Summit for North America wrapped up a couple of weeks ago and it was once again a big success. This year's event was our largest to date, with 220 people registered for the conference. Thanks to James Morris and the rest of the program committee, the speakers, the Linux Foundation, and our sponsors - thank you!
Special thanks to Cisco who stepped up at the last minute to sponsor recordings of all the talks this year, available at the link below.
15 Aug 2018 tags: audit selinux
Linux v4.18 was released on Sunday, August 12th; this is a quick summary of the SELinux and audit changes.
Defined a new object class, "xdp_socket", to support the new express data path functionality and AF_XDP sockets.
Enabled SO_PEERSEC, and by extension getpeercon(3), for sockets created by socketpair(2).
Fixed a problem where selinuxfs file accesses could be stalled indefinitely due to the SELinux kernel code attempting to access a userspace memory buffer where page faults are handled by the userfaultfd(2) mechanism. The solution is to change the locking approach in the selinuxfs kernel code so that no selinuxfs locks are held when accessing the userspace buffers. For reference, the selinuxfs filesystem is mounted under "/sys/fs/selinux" on most, if not all, Linux distributions.
A number of small internal changes related to changes in other Linux Kernel subsystems.
Changed the audit subsystem's logging policy on SECCOMP events so that it honors the "kernel.seccomp.actions_logged" sysctl and supports the "SECCOMP_FILTER_FLAG_LOG" filter modification and the "SECCOMP_RET_LOG" filter action.
Enabled the "not equal" comparison operator on executable name filter rules.
The FEATURE_CHANGE record is now connected with other associated records, e.g. the SYSCALL record, so that they appear as a single audit record.
The MAC_STATUS and MAC_POLICY_LOAD records were normalized to provide a more consistent record format across different SELinux events.
Fixed a potential NULL pointer dereference when logging a kernel module name and the system is under extreme memory pressure.
A larger than normal number of internal cleanups and interface abstractions all intended to make upcoming changes easier.