summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorStephen Smalley <stephen.smalley.work@gmail.com>2024-10-04 13:27:10 -0400
committerPaul Moore <paul@paul-moore.com>2024-10-07 16:39:49 -0400
commitd7b6918e22c74f2b354d8dc0ef31ab17ae334b93 (patch)
tree7c1a3eef40d3cc8c52563aa0bb8644eac7169b18 /security
parent9aba55b1fbefcbba48333db3f2b77b086172a1cb (diff)
selinux: Deprecate /sys/fs/selinux/user
The only known user of this interface was libselinux and its internal usage of this interface for get_ordered_context_list(3) was removed in Feb 2020, with a deprecation warning added to security_compute_user(3) at the same time. Add a deprecation warning to the kernel and schedule it for final removal in 2025. Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/selinuxfs.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index e172f182b65c..234f4789b787 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1069,6 +1069,10 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
int rc;
u32 i, len, nsids;
+ pr_warn_ratelimited("SELinux: %s (%d) wrote to /sys/fs/selinux/user!"
+ " This will not be supported in the future; please update your"
+ " userspace.\n", current->comm, current->pid);
+
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
NULL);