Here’s a summary of the SELinux-related changes in the recently released 2.6.17 kernel.

Alexey Dobriyan

• Endian fix, for confusion of ntohs() & htons().

Darrel Goeddel

• Support for context-based audit filtering, allowing various components of the SELinux security context to be used as audit filter selectors.

Steve Grubb

• Hardwire important SE Linux events to the audit subsystem.
• Various audit/SELinux integration.
• Only gather SELinux context strings for inodes if an audit event is being generated, makes considerable performance savings.

Serge Hallyn

• Check for failed kmalloc in security_sid_to_context(), nice bugfix

Dustin Kirkland

• Capture SELinux subject/object context information, which distinguishes subjects and objects in audit records.

Ingo Molnar

• Semaphore to mutex conversion.

James Morris

• Add slab cache for inode security struct. This saves a lot of kernel memory (more than 500K on a 64-bit machine).
• Various selinuxfs cleanups.

Jamal Hadi Salim

• Update SELinux handling of XFRM Netlink messages.

Stephen Smalley

• Disable automatic labeling of new inodes when no policy is loaded. This stops SELinux from setting the default ‘unlabeled’ label on new disk inodes if no policy is loaded, to work around some obscure cases where systems later have incorrect (but safe) labels on files.
• Fix sb_lock/sb_security_lock nesting, detected by Ingo’s lock validator.
• Clear selinux_enabled flag upon runtime disable, bugfix.

Ron Yorston

• Fix MLS compatibility off-by-one bug

Catherine Zhang

• TCP/UDP getpeersec. This provides a mechanism for applications to determine the security context of peers they’re communicating with, via IPSec xfrm labeling. For TCP, there’s a new SO_GETPEERSEC option for getsockopt() which returns the peer security context. For UDP, the peer security context may be retrieved on a per-message basis after setting a new IP_PASSEC socket option, then accessing the value via CMSG auxiliary data.
• Authorize deletion of IPSec/xfrm labeling policies.