Linux 4.18 Released15 Aug 2018 tags: audit selinux
Linux v4.18 was released on Sunday, August 12th; this is a quick summary of the SELinux and audit changes.
Defined a new object class, "xdp_socket", to support the new express data path functionality and AF_XDP sockets.
Fixed a problem where selinuxfs file accesses could be stalled indefinitely due to the SELinux kernel code attempting to access a userspace memory buffer where page faults are handled by the userfaultfd(2) mechanism. The solution is to change the locking approach in the selinuxfs kernel code so that no selinuxfs locks are held when accessing the userspace buffers. For reference, the selinuxfs filesystem is mounted under "/sys/fs/selinux" on most, if not all, Linux distributions.
A number of small internal changes related to changes in other Linux Kernel subsystems.
Changed the audit subsystem's logging policy on SECCOMP events so that it honors the "kernel.seccomp.actions_logged" sysctl and supports the "SECCOMP_FILTER_FLAG_LOG" filter modification and the "SECCOMP_RET_LOG" filter action.
Enabled the "not equal" comparison operator on executable name filter rules.
The FEATURE_CHANGE record is now connected with other associated records, e.g. the SYSCALL record, so that they appear as a single audit record.
The MAC_STATUS and MAC_POLICY_LOAD records were normalized to provide a more consistent record format across different SELinux events.
Fixed a potential NULL pointer dereference when logging a kernel module name and the system is under extreme memory pressure.
A larger than normal number of internal cleanups and interface abstractions all intended to make upcoming changes easier.