Linux 6.11 Merge Window
Paul Moore Blog
by Paul Moore
1w ago
Linux v6.10 was released on Sunday, with the Linux v6.11 merge window opening immediately afterwards. Below are the highlights of the LSM and SELinux pull requests which have been merged into Linus’ tree. Due to the lack of audit patches queued for Linux v6.11, there is no audit pull request planned for this merge window. LSM Rewrite the LSM’s inode extended attribute, aka xattr, control points to resolve an issue involving capabilities where legacy behaviors were impacting the support of multiple simultaneous LSMs. The LSM framework, as well as the associated SELinux and Smack code, was chan ..read more
Visit website
Linux 6.10 Released
Paul Moore Blog
by Paul Moore
1w ago
Linux v6.10 was released on Sunday, July 14th. I already wrote up a post highlighting the LSM, SELinux, and audit changes that were submitted during the merge window, however there were additional changes that went in during the release candidate process which are described below. LSM Resolve a potential kernel panic caused by blocking allocations in the IMA code while in a RCU critical section. The blocking allocation causes a premature end to the critical section which can result in a use-after-free fault in some situations. Improvements to the extended attribute (xattr) copy-up code to ..read more
Visit website
Linux 6.10 Merge Window
Paul Moore Blog
by Paul Moore
1w ago
Linux v6.9 was released last week, with the Linux v6.10 merge window opening immediately afterwards. Below are the highlights of the LSM and SELinux pull requests which have been merged into Linus’ tree. Due to the lack of audit patches queued for Linux v6.10, there is no audit pull request planned for this merge window. LSM Minor cross-LSM update to remove empty sentinel values from the ctl_table arrays. Minor updates to the LSM, or “LINUX SECURITY SUBSYSTEM”, entry into the kernel’s MAINTAINERS file to more accurately reflect the LSM files. SELinux Attempt to pre-allocate the SELinux ..read more
Visit website
Linux 6.9 Released
Paul Moore Blog
by Paul Moore
2M ago
Linux v6.9 was released on Sunday, May 12th. I already wrote up a post highlighting the LSM, SELinux, and audit changes that were submitted during the merge window, however there were additional changes that went in during the release candidate process which are described below. LSM Change the size_t parameter types in the new LSM syscalls to u32 to avoid differences between 32-bit and 64-bit systems. This change was backported to the Linux v6.8 stable kernel. Fix a problem where passing a NULL buffer into the lsm_get_self_attr(2) syscall via the ctx parameter resulted in an error. Passing ..read more
Visit website
Linux 6.9 Merge Window
Paul Moore Blog
by Paul Moore
4M ago
Linux v6.8 was released this past Sunday, with the Linux v6.9 merge window opening immediately afterwards. Below are the highlights of the LSM, SELinux, and audit pull requests which Linus has merged into his tree. LSM The Linux Integrity Subsystem, more commonly known as IMA, or IMA/EVM, has been integrated into the LSM framework. Prior to the start of the LSM stacking work it was important that IMA/EVM remain separate from the rest of the LSMs as it was the only way to enable IMA/EVM at the same time as a LSM, e.g. SELinux. However, now that the bulk of the LSM infrastructure supports mult ..read more
Visit website
Linux 6.8 Released
Paul Moore Blog
by Paul Moore
4M ago
Linux v6.8 was released on Sunday, March 10th. I already wrote up a post highlighting the LSM, SELinux, and audit changes that were submitted during the merge window, however there were additional changes that went in during the release candidate process which are described below. LSM Fix a potential integer overflow bug when sanity checking the size of an argument to the lsm_set_self_attr(2) syscall. Fix a couple of problems relating to a mismatch between the expected default return value of a LSM hook and the actual default value. While the return value mismatches are not new, the recent ..read more
Visit website
Linux 6.8 Merge Window
Paul Moore Blog
by Paul Moore
4M ago
Linux v6.7 was released this past Sunday, with the Linux v6.8 merge window opening immediately afterwards. Recently I’ve started writing up the highlights of the SELinux and audit pull requests sent to Linus, but starting with the Linux v6.8 merge window I’m also going to start including the Linux Security Module (LSM) layer highlights. I’m including the LSM in these summaries because with the start of Linux v6.8 the LSM layer itself is taking a step forward in terms of user visibility and I want users, administrators, developers, and distros to be aware of changes that could impact their syst ..read more
Visit website
Linux 6.7 Released
Paul Moore Blog
by Paul Moore
7M ago
Linux v6.7 was released on Sunday, January 7th. I already wrote up a post highlighting the SELinux and audit changes that were submitted during the merge window, however there were additional changes that went in during the release candidate process which are described below. SELinux Minor changes to the SELinux credential code as part of the larger effort to remove CONFIG_DEBUG_CREDENTIALS. This should have little to no effect on SELinux. Audit Remove a WARN_ON_ONCE() based warning in the audit exe filter code as it was causing a lot of scary looking, but harmless, warnings on the console ..read more
Visit website
Linux 6.7 Merge Window
Paul Moore Blog
by Paul Moore
9M ago
Linux v6.6 was released this past Monday, with the Linux v6.7 merge window opening immediately afterwards. Below are the highlights of the SELinux and audit pull requests which Linus has merged into his tree. SELinux The CONFIG_SECURITY_SELINUX_DEBUG Kconfig option introduced in Linux v6.6 was enhanced to enable the SELinux debugging messages on the console by default. Those users who wish to have greater control over the SELinux debugging messages should enable Dynamic Debug. A number of SELinux internal hash table related improvements were made in this kernel release. The role transition ..read more
Visit website
Linux 6.5 Released
Paul Moore Blog
by Paul Moore
11M ago
Linux v6.5 was released on Sunday, August 27th. I already wrote up a post highlighting the SELinux and audit changes that were submitted during the merge window, but there was one minor change worth mentioning that occurred during the release candidate process, it’s described below. SELinux A small fix to ensure that an internal data structure is properly initialized before use. Prior to this fix an error condition when loading the SELinux policy had the potential to result in a memory fault caused by walking off the end of a linked list. In addition to my highlights, LWN.net provides a nice ..read more
Visit website

Follow Paul Moore Blog on FeedSpot

Continue with Google
Continue with Apple
OR