Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

selinux: increase the deprecation sleep for checkreqprot and runtime disable 

Further the checkreqprot and runtime disable deprecation efforts by
increasing the sleep time from 5 to 15 seconds to help make this more
noticeable for any users who are still using these knobs.

Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Paul Moore 2022-09-22 21:50:22 -04:00
parent 9abf2313ad
commit e0d8259355
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security/selinux/selinuxfs.c
View File

@ -294,7 +294,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
*/
pr_err("SELinux: Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n");
pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
ssleep(5);
ssleep(15);
if (count >= PAGE_SIZE)
return -ENOMEM;
@ -763,7 +763,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
checkreqprot_set(fsi->state, (new_value ? 1 : 0));
if (new_value)
ssleep(5);
ssleep(15);
length = count;
selinux_ima_measure_state(fsi->state);