diff options
| author | Paul Moore <paul@paul-moore.com> | 2025-05-01 15:18:56 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2025-06-16 18:44:03 -0400 |
| commit | 8a71d8fa55760eb7f6b1c8a96e771e2678625b9c (patch) | |
| tree | 9cd4c283b2ebed63cb707ccc2f2a45e0a2be914c /security | |
| parent | Merge tag 'vfs-6.16-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/g... (diff) | |
| download | linux-8a71d8fa55760eb7f6b1c8a96e771e2678625b9c.tar.gz linux-8a71d8fa55760eb7f6b1c8a96e771e2678625b9c.zip | |
selinux: add a 5 second sleep to /sys/fs/selinux/user
Commit d7b6918e22c7 ("selinux: Deprecate /sys/fs/selinux/user") started
the deprecation process for /sys/fs/selinux/user:
The selinuxfs "user" node allows userspace to request a list
of security contexts that can be reached for a given SELinux
user from a given starting context. This was used by libselinux
when various login-style programs requested contexts for
users, but libselinux stopped using it in 2020.
Kernel support will be removed no sooner than Dec 2025.
A pr_warn() message has been in place since Linux v6.13, this patch
adds a five second sleep to /sys/fs/selinux/user to help make the
deprecation and upcoming removal more noticeable.
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/selinuxfs.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index e67a8ce4b64c..95765374f58d 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1072,6 +1072,7 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size) pr_warn_ratelimited("SELinux: %s (%d) wrote to /sys/fs/selinux/user!" " This will not be supported in the future; please update your" " userspace.\n", current->comm, current->pid); + ssleep(5); length = avc_has_perm(current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__COMPUTE_USER, |