diff options
author | Paul Moore <paul@paul-moore.com> | 2022-03-01 17:53:01 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2022-04-04 16:20:51 -0400 |
commit | 43b666622c60bc001f2f8a19f5f97946ff53a5cc (patch) | |
tree | 4ff2512ec24ba3e83cd6030aaa6addc6e38047cc /security/selinux | |
parent | 0a9876f36b08706d9954d8ccb42d0cd85f210333 (diff) |
selinux: runtime disable is deprecated, add some ssleep() discomfort
We deprecated the SELinux runtime disable functionality in Linux
v5.6, and it is time to get a bit more serious about removing it.
Add a five second sleep to anyone using it to help draw their
attention to the deprecation and provide a URL which helps explain
things in more detail, including how to add kernel command line
parameters to some of the more popular Linux distributions.
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/selinuxfs.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 097c6d866ec4..6568bc48cd3e 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -293,6 +293,8 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf, * kernel releases until eventually it is removed */ pr_err("SELinux: Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n"); + pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n"); + ssleep(5); if (count >= PAGE_SIZE) return -ENOMEM; |