review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Stephen Smalley <sds@tycho.nsa.gov>
	Wed, 8 Jan 2020 16:24:47 +0000 (11:24 -0500)
committer	Paul Moore <paul@paul-moore.com>
	Mon, 10 Feb 2020 15:49:01 +0000 (10:49 -0500)
commit	e9c38f9fc2ccd31befe1bb1605b69213483a15b7
tree	281e142f528909787ffc92dab94acfc0593d9474	tree \| snapshot
parent	4b36cb773a8153417a080f8025d522322f915aea	commit \| diff

Documentation,selinux: deprecate setting checkreqprot to 1

Deprecate setting the SELinux checkreqprot tunable to 1 via kernel
parameter or /sys/fs/selinux/checkreqprot. Setting it to 0 is left
intact for compatibility since Android and some Linux distributions
do so for security and treat an inability to set it as a fatal error.
Eventually setting it to 0 will become a no-op and the kernel will
stop using checkreqprot's value internally altogether.

checkreqprot was originally introduced as a compatibility mechanism
for legacy userspace and the READ_IMPLIES_EXEC personality flag.
However, if set to 1, it weakens security by allowing mappings to be
made executable without authorization by policy. The default value
for the SECURITY_SELINUX_CHECKREQPROT_VALUE config option was changed
from 1 to 0 in commit 2a35d196c160e3 ("selinux: change
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default") and both Android
and Linux distributions began explicitly setting
/sys/fs/selinux/checkreqprot to 0 some time ago.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Documentation/ABI/obsolete/sysfs-selinux-checkreqprot	[new file with mode: 0644]	blob
Documentation/admin-guide/kernel-parameters.txt		diff \| blob \| history
MAINTAINERS		diff \| blob \| history
security/selinux/Kconfig		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history
security/selinux/selinuxfs.c		diff \| blob \| history