Linux 4.3 Released02 Nov 2015 tags: audit selinux
The Linux Kernel 4.3 release was yesterday and with this new release comes new functionality and fixes for both SELinux and audit.
Finer grained access controls for ioctl() commands. Policy authors now have the ability to specify individual ioctl commands in SELinux policy, whereas before the granularity was limited to the ioctl syscall itself.
Fixes to the kernel’s mdp tool to work with current versions of the checkpolicy policy compiler. For those of you who aren’t aware, the mdp tool, which lives in the kernel under scripts/selinux/mdp, can be used to create a bare bones dummy policy for SELinux.
Internal improvements to object class initialization and handling.
Allow the creation of audit rules based on executable pathnames. Previous to this patch administrators were forced to create audit rules using PIDs, which was limiting for a number of obvious reasons. This new functionality allows administrators to specify the pathname of an executable and the process will be audited when it executes. Unfortunately, the audit userspace tools do not yet have the necessary support to use this new functionality, but it should be coming in the next release.
Fixes to internal audit reference counters.