summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2022-09-22 21:50:22 -0400
committerPaul Moore <paul@paul-moore.com>2022-10-17 16:15:30 -0400
commite0d8259355cb846f9cf2e38f6ba3430aecb9ebcc (patch)
tree7b97c7b94d629a8c7ff93d8f8698ac3c24b3cfaa /security
parent9abf2313adc1ca1b6180c508c25f22f9395cc780 (diff)
selinux: increase the deprecation sleep for checkreqprot and runtime disable
Further the checkreqprot and runtime disable deprecation efforts by increasing the sleep time from 5 to 15 seconds to help make this more noticeable for any users who are still using these knobs. Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/selinuxfs.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index a00d19139436..0a6894cdc54d 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -294,7 +294,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
*/
pr_err("SELinux: Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n");
pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
- ssleep(5);
+ ssleep(15);
if (count >= PAGE_SIZE)
return -ENOMEM;
@@ -763,7 +763,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
checkreqprot_set(fsi->state, (new_value ? 1 : 0));
if (new_value)
- ssleep(5);
+ ssleep(15);
length = count;
selinux_ima_measure_state(fsi->state);