Linux 4.9 Released15 Dec 2016 tags: audit selinux
Linux 4.9 was released the past weekend, on December 11th. Here is a quick summary of the SELinux and audit changes.
Provide proper SELinux support for overlayfs, a filesystem very important for container workloads.
Remove the SECURITY_SELINUX_POLICYDB_VERSION_MAX Kconfig option, its last meaningful use was in the Fedora Core 3 and 4 timeframe.
Additional security policy sanity and bounds checking.
Add AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND to the audit kernel feature bitmap to indicate the expanded exclude filters merged in Linux 4.8.
Fix a number of problems in the code to ensure that the PIDs recorded in various audit records always match userspace's view of the process/PID.
Prefix the "ioctlcmd" field data with a "0x" to indicate the value is represented in hexadecimal.