Here’s a summary of the SELinux-related changes in the recently released 2.6.17 kernel.
- Endian fix, for confusion of ntohs() & htons().
- Support for context-based audit filtering, allowing various components of the SELinux security context to be used as audit filter selectors.
- Hardwire important SE Linux events to the audit subsystem.
- Various audit/SELinux integration.
- Only gather SELinux context strings for inodes if an audit event is being generated, makes considerable performance savings.
- Check for failed kmalloc in security_sid_to_context(), nice bugfix
- Capture SELinux subject/object context information, which distinguishes subjects and objects in audit records.
- Add slab cache for inode security struct. This saves a lot of kernel memory (more than 500K on a 64-bit machine).
- Various selinuxfs cleanups.
Jamal Hadi Salim
- Disable automatic labeling of new inodes when no policy is loaded. This stops SELinux from setting the default ‘unlabeled’ label on new disk inodes if no policy is loaded, to work around some obscure cases where systems later have incorrect (but safe) labels on files.
- Fix sb_lock/sb_security_lock nesting, detected by Ingo’s lock validator.
- Clear selinux_enabled flag upon runtime disable, bugfix.
- TCP/UDP getpeersec. This provides a mechanism for applications to determine the security context of peers they’re communicating with, via IPSec xfrm labeling. For TCP, there’s a new SO_GETPEERSEC option for getsockopt() which returns the peer security context. For UDP, the peer security context may be retrieved on a per-message basis after setting a new IP_PASSEC socket option, then accessing the value via CMSG auxiliary data.
- Authorize deletion of IPSec/xfrm labeling policies.