diff mbox series

[RFC] selinux: checkreqprot is deprecated, add some ssleep() discomfort

Message ID 164677751730.170741.6493351205403681020.stgit@olly (mailing list archive)
State Accepted
Delegated to: Paul Moore
Headers show
Series [RFC] selinux: checkreqprot is deprecated, add some ssleep() discomfort | expand

Commit Message

Paul Moore March 8, 2022, 10:11 p.m. UTC 
The checkreqprot functionality was disabled by default back in
Linux v4.4 (2015) with commit 2a35d196c160e3 ("selinux: change
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default") and it was
officially marked as deprecated in Linux v5.7.  It was always a
bit of a hack to workaround very old userspace and to the best of
our knowledge, the checkreqprot functionality has been disabled by
Linux distributions for quite some time.

This patch moves the deprecation messages from KERN_WARNING to
KERN_ERR and adds a five second sleep to anyone using it to help
draw their attention to the deprecation and provide a URL which
helps explain things in more detail.

Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 security/selinux/hooks.c            |    4 +++-
 security/selinux/include/security.h |    6 ++++++
 security/selinux/selinuxfs.c        |    4 ++--
 3 files changed, 11 insertions(+), 3 deletions(-)

Comments

Paul Moore March 8, 2022, 10:13 p.m. UTC | #1 
On Tue, Mar 8, 2022 at 5:11 PM Paul Moore <paul@paul-moore.com> wrote:
>
> The checkreqprot functionality was disabled by default back in
> Linux v4.4 (2015) with commit 2a35d196c160e3 ("selinux: change
> CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default") and it was
> officially marked as deprecated in Linux v5.7.  It was always a
> bit of a hack to workaround very old userspace and to the best of
> our knowledge, the checkreqprot functionality has been disabled by
> Linux distributions for quite some time.
>
> This patch moves the deprecation messages from KERN_WARNING to
> KERN_ERR and adds a five second sleep to anyone using it to help
> draw their attention to the deprecation and provide a URL which
> helps explain things in more detail.
>
> Signed-off-by: Paul Moore <paul@paul-moore.com>
> ---
>  security/selinux/hooks.c            |    4 +++-
>  security/selinux/include/security.h |    6 ++++++
>  security/selinux/selinuxfs.c        |    4 ++--
>  3 files changed, 11 insertions(+), 3 deletions(-)

As with the runtime disable RFC, comments on the wiki text are welcome as well.

> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index b12e14b2797b..cff129f96e97 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -146,7 +146,7 @@ static int __init checkreqprot_setup(char *str)
>         if (!kstrtoul(str, 0, &checkreqprot)) {
>                 selinux_checkreqprot_boot = checkreqprot ? 1 : 0;
>                 if (checkreqprot)
> -                       pr_warn("SELinux: checkreqprot set to 1 via kernel parameter.  This is deprecated and will be rejected in a future kernel release.\n");
> +                       pr_err("SELinux: checkreqprot set to 1 via kernel parameter.  This is deprecated and will be rejected in a future kernel release.\n");
>         }
>         return 1;
>  }
> @@ -7295,6 +7295,8 @@ static __init int selinux_init(void)
>
>         memset(&selinux_state, 0, sizeof(selinux_state));
>         enforcing_set(&selinux_state, selinux_enforcing_boot);
> +       if (CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE)
> +               pr_err("SELinux: CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is non-zero.  This is deprecated and will be rejected in a future kernel release.\n");
>         checkreqprot_set(&selinux_state, selinux_checkreqprot_boot);
>         selinux_avc_init(&selinux_state.avc);
>         mutex_init(&selinux_state.status_lock);
> diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
> index ace4bd13e808..f7e6be63adfb 100644
> --- a/security/selinux/include/security.h
> +++ b/security/selinux/include/security.h
> @@ -16,6 +16,8 @@
>  #include <linux/rcupdate.h>
>  #include <linux/refcount.h>
>  #include <linux/workqueue.h>
> +#include <linux/delay.h>
> +#include <linux/printk.h>
>  #include "flask.h"
>  #include "policycap.h"
>
> @@ -150,6 +152,10 @@ static inline bool checkreqprot_get(const struct selinux_state *state)
>
>  static inline void checkreqprot_set(struct selinux_state *state, bool value)
>  {
> +       if (value) {
> +               pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot\n");
> +               ssleep(5);
> +       }
>         WRITE_ONCE(state->checkreqprot, value);
>  }
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 6568bc48cd3e..6c8b6a0ddecf 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -757,8 +757,8 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
>                 char comm[sizeof(current->comm)];
>
>                 memcpy(comm, current->comm, sizeof(comm));
> -               pr_warn_once("SELinux: %s (%d) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release.\n",
> -                            comm, current->pid);
> +               pr_err("SELinux: %s (%d) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release.\n",
> +                      comm, current->pid);
>         }
>
>         checkreqprot_set(fsi->state, (new_value ? 1 : 0));
>
Paul Moore April 4, 2022, 8:25 p.m. UTC | #2 
On Tue, Mar 8, 2022 at 5:11 PM Paul Moore <paul@paul-moore.com> wrote:
>
> The checkreqprot functionality was disabled by default back in
> Linux v4.4 (2015) with commit 2a35d196c160e3 ("selinux: change
> CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default") and it was
> officially marked as deprecated in Linux v5.7.  It was always a
> bit of a hack to workaround very old userspace and to the best of
> our knowledge, the checkreqprot functionality has been disabled by
> Linux distributions for quite some time.
>
> This patch moves the deprecation messages from KERN_WARNING to
> KERN_ERR and adds a five second sleep to anyone using it to help
> draw their attention to the deprecation and provide a URL which
> helps explain things in more detail.
>
> Signed-off-by: Paul Moore <paul@paul-moore.com>
> ---
>  security/selinux/hooks.c            |    4 +++-
>  security/selinux/include/security.h |    6 ++++++
>  security/selinux/selinuxfs.c        |    4 ++--
>  3 files changed, 11 insertions(+), 3 deletions(-)

Merged into selinux/next.
diff mbox series

Patch

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b12e14b2797b..cff129f96e97 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -146,7 +146,7 @@  static int __init checkreqprot_setup(char *str)
 	if (!kstrtoul(str, 0, &checkreqprot)) {
 		selinux_checkreqprot_boot = checkreqprot ? 1 : 0;
 		if (checkreqprot)
-			pr_warn("SELinux: checkreqprot set to 1 via kernel parameter.  This is deprecated and will be rejected in a future kernel release.\n");
+			pr_err("SELinux: checkreqprot set to 1 via kernel parameter.  This is deprecated and will be rejected in a future kernel release.\n");
 	}
 	return 1;
 }
@@ -7295,6 +7295,8 @@  static __init int selinux_init(void)
 
 	memset(&selinux_state, 0, sizeof(selinux_state));
 	enforcing_set(&selinux_state, selinux_enforcing_boot);
+	if (CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE)
+		pr_err("SELinux: CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is non-zero.  This is deprecated and will be rejected in a future kernel release.\n");
 	checkreqprot_set(&selinux_state, selinux_checkreqprot_boot);
 	selinux_avc_init(&selinux_state.avc);
 	mutex_init(&selinux_state.status_lock);
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index ace4bd13e808..f7e6be63adfb 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -16,6 +16,8 @@ 
 #include <linux/rcupdate.h>
 #include <linux/refcount.h>
 #include <linux/workqueue.h>
+#include <linux/delay.h>
+#include <linux/printk.h>
 #include "flask.h"
 #include "policycap.h"
 
@@ -150,6 +152,10 @@  static inline bool checkreqprot_get(const struct selinux_state *state)
 
 static inline void checkreqprot_set(struct selinux_state *state, bool value)
 {
+	if (value) {
+		pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot\n");
+		ssleep(5);
+	}
 	WRITE_ONCE(state->checkreqprot, value);
 }
 
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 6568bc48cd3e..6c8b6a0ddecf 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -757,8 +757,8 @@  static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
 		char comm[sizeof(current->comm)];
 
 		memcpy(comm, current->comm, sizeof(comm));
-		pr_warn_once("SELinux: %s (%d) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release.\n",
-			     comm, current->pid);
+		pr_err("SELinux: %s (%d) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release.\n",
+		       comm, current->pid);
 	}
 
 	checkreqprot_set(fsi->state, (new_value ? 1 : 0));