mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-29 09:16:33 +00:00
selinux: Deprecate /sys/fs/selinux/user
The only known user of this interface was libselinux and its internal usage of this interface for get_ordered_context_list(3) was removed in Feb 2020, with a deprecation warning added to security_compute_user(3) at the same time. Add a deprecation warning to the kernel and schedule it for final removal in 2025. Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
9aba55b1fb
commit
d7b6918e22
12
Documentation/ABI/obsolete/sysfs-selinux-user
Normal file
12
Documentation/ABI/obsolete/sysfs-selinux-user
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
What: /sys/fs/selinux/user
|
||||||
|
Date: April 2005 (predates git)
|
||||||
|
KernelVersion: 2.6.12-rc2 (predates git)
|
||||||
|
Contact: selinux@vger.kernel.org
|
||||||
|
Description:
|
||||||
|
|
||||||
|
The selinuxfs "user" node allows userspace to request a list
|
||||||
|
of security contexts that can be reached for a given SELinux
|
||||||
|
user from a given starting context. This was used by libselinux
|
||||||
|
when various login-style programs requested contexts for
|
||||||
|
users, but libselinux stopped using it in 2020.
|
||||||
|
Kernel support will be removed no sooner than Dec 2025.
|
@ -1069,6 +1069,10 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
|
|||||||
int rc;
|
int rc;
|
||||||
u32 i, len, nsids;
|
u32 i, len, nsids;
|
||||||
|
|
||||||
|
pr_warn_ratelimited("SELinux: %s (%d) wrote to /sys/fs/selinux/user!"
|
||||||
|
" This will not be supported in the future; please update your"
|
||||||
|
" userspace.\n", current->comm, current->pid);
|
||||||
|
|
||||||
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
|
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
|
||||||
SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
|
SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
|
||||||
NULL);
|
NULL);
|
||||||
|
Loading…
Reference in New Issue
Block a user