diff mbox series

[1/2] libselinux: deprecate security_disable(3)

Message ID 20240608172025.137795-1-cgoettsche@seltendoof.de (mailing list archive)
State New
Delegated to: Petr Lautrbach
Headers show
Series [1/2] libselinux: deprecate security_disable(3) | expand

Commit Message

Christian Göttsche June 8, 2024, 5:20 p.m. UTC
From: Christian Göttsche <cgzones@googlemail.com>

The runtime disable functionality has been removed in Linux 6.4.  Thus
security_disable(3) will no longer work on these kernels.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/include/selinux/selinux.h   | 6 +++++-
 libselinux/man/man3/security_disable.3 | 3 ++-
 2 files changed, 7 insertions(+), 2 deletions(-)

Comments

James Carter June 12, 2024, 8:43 p.m. UTC | #1
On Sat, Jun 8, 2024 at 1:20 PM Christian Göttsche
<cgoettsche@seltendoof.de> wrote:
>
> From: Christian Göttsche <cgzones@googlemail.com>
>
> The runtime disable functionality has been removed in Linux 6.4.  Thus
> security_disable(3) will no longer work on these kernels.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
>  libselinux/include/selinux/selinux.h   | 6 +++++-
>  libselinux/man/man3/security_disable.3 | 3 ++-
>  2 files changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
> index 61c1422b..1318a66a 100644
> --- a/libselinux/include/selinux/selinux.h
> +++ b/libselinux/include/selinux/selinux.h
> @@ -367,7 +367,11 @@ extern int security_deny_unknown(void);
>  /* Get the checkreqprot value */
>  extern int security_get_checkreqprot(void);
>
> -/* Disable SELinux at runtime (must be done prior to initial policy load). */
> +/* Disable SELinux at runtime (must be done prior to initial policy load).
> +   Unsupported since Linux 6.4. */
> +#ifdef __GNUC__
> +__attribute__ ((deprecated))
> +#endif
>  extern int security_disable(void);
>

This causes the userspace build to fail.

load_policy.c:329:17: error: ‘security_disable’ is deprecated
[-Werror=deprecated-declarations]
  329 |                 rc = security_disable();
      |                 ^~
In file included from selinux_internal.h:4,
                 from load_policy.c:13:

Maybe we should just print a warning message for now until we can
remove the internal usage.

Thanks,
Jim

>  /* Get the policy version number. */
> diff --git a/libselinux/man/man3/security_disable.3 b/libselinux/man/man3/security_disable.3
> index 072923ce..5ad8b778 100644
> --- a/libselinux/man/man3/security_disable.3
> +++ b/libselinux/man/man3/security_disable.3
> @@ -14,7 +14,8 @@ disables the SELinux kernel code, unregisters selinuxfs from
>  and then unmounts
>  .IR /sys/fs/selinux .
>  .sp
> -This function can only be called at runtime and prior to the initial policy
> +This function is only supported on Linux 6.3 and earlier, and can only be
> +called at runtime and prior to the initial policy
>  load. After the initial policy load, the SELinux kernel code cannot be disabled,
>  but only placed in "permissive" mode by using
>  .BR security_setenforce(3).
> --
> 2.45.1
>
>
Christian Göttsche June 15, 2024, 1:34 p.m. UTC | #2
On Wed, 12 Jun 2024 at 22:43, James Carter <jwcart2@gmail.com> wrote:
>
> On Sat, Jun 8, 2024 at 1:20 PM Christian Göttsche
> <cgoettsche@seltendoof.de> wrote:
> >
> > From: Christian Göttsche <cgzones@googlemail.com>
> >
> > The runtime disable functionality has been removed in Linux 6.4.  Thus
> > security_disable(3) will no longer work on these kernels.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> > ---
> >  libselinux/include/selinux/selinux.h   | 6 +++++-
> >  libselinux/man/man3/security_disable.3 | 3 ++-
> >  2 files changed, 7 insertions(+), 2 deletions(-)
> >
> > diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
> > index 61c1422b..1318a66a 100644
> > --- a/libselinux/include/selinux/selinux.h
> > +++ b/libselinux/include/selinux/selinux.h
> > @@ -367,7 +367,11 @@ extern int security_deny_unknown(void);
> >  /* Get the checkreqprot value */
> >  extern int security_get_checkreqprot(void);
> >
> > -/* Disable SELinux at runtime (must be done prior to initial policy load). */
> > +/* Disable SELinux at runtime (must be done prior to initial policy load).
> > +   Unsupported since Linux 6.4. */
> > +#ifdef __GNUC__
> > +__attribute__ ((deprecated))
> > +#endif
> >  extern int security_disable(void);
> >
>
> This causes the userspace build to fail.
>
> load_policy.c:329:17: error: ‘security_disable’ is deprecated
> [-Werror=deprecated-declarations]
>   329 |                 rc = security_disable();
>       |                 ^~
> In file included from selinux_internal.h:4,
>                  from load_policy.c:13:
>
> Maybe we should just print a warning message for now until we can
> remove the internal usage.

Sorry for obviously not build-testing this.
Printing a warning might be redundant since the kernel already does so.
Besides adding the two notes (which I guess are o.k.?) we could either
not annotate security_disable(3) or explicitly ignore the warning in
load_policy.c (via a pragma).
Do you have a preference?

>
> Thanks,
> Jim
>
> >  /* Get the policy version number. */
> > diff --git a/libselinux/man/man3/security_disable.3 b/libselinux/man/man3/security_disable.3
> > index 072923ce..5ad8b778 100644
> > --- a/libselinux/man/man3/security_disable.3
> > +++ b/libselinux/man/man3/security_disable.3
> > @@ -14,7 +14,8 @@ disables the SELinux kernel code, unregisters selinuxfs from
> >  and then unmounts
> >  .IR /sys/fs/selinux .
> >  .sp
> > -This function can only be called at runtime and prior to the initial policy
> > +This function is only supported on Linux 6.3 and earlier, and can only be
> > +called at runtime and prior to the initial policy
> >  load. After the initial policy load, the SELinux kernel code cannot be disabled,
> >  but only placed in "permissive" mode by using
> >  .BR security_setenforce(3).
> > --
> > 2.45.1
> >
> >
James Carter June 17, 2024, 11:56 a.m. UTC | #3
On Sat, Jun 15, 2024 at 9:34 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> On Wed, 12 Jun 2024 at 22:43, James Carter <jwcart2@gmail.com> wrote:
> >
> > On Sat, Jun 8, 2024 at 1:20 PM Christian Göttsche
> > <cgoettsche@seltendoof.de> wrote:
> > >
> > > From: Christian Göttsche <cgzones@googlemail.com>
> > >
> > > The runtime disable functionality has been removed in Linux 6.4.  Thus
> > > security_disable(3) will no longer work on these kernels.
> > >
> > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> > > ---
> > >  libselinux/include/selinux/selinux.h   | 6 +++++-
> > >  libselinux/man/man3/security_disable.3 | 3 ++-
> > >  2 files changed, 7 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
> > > index 61c1422b..1318a66a 100644
> > > --- a/libselinux/include/selinux/selinux.h
> > > +++ b/libselinux/include/selinux/selinux.h
> > > @@ -367,7 +367,11 @@ extern int security_deny_unknown(void);
> > >  /* Get the checkreqprot value */
> > >  extern int security_get_checkreqprot(void);
> > >
> > > -/* Disable SELinux at runtime (must be done prior to initial policy load). */
> > > +/* Disable SELinux at runtime (must be done prior to initial policy load).
> > > +   Unsupported since Linux 6.4. */
> > > +#ifdef __GNUC__
> > > +__attribute__ ((deprecated))
> > > +#endif
> > >  extern int security_disable(void);
> > >
> >
> > This causes the userspace build to fail.
> >
> > load_policy.c:329:17: error: ‘security_disable’ is deprecated
> > [-Werror=deprecated-declarations]
> >   329 |                 rc = security_disable();
> >       |                 ^~
> > In file included from selinux_internal.h:4,
> >                  from load_policy.c:13:
> >
> > Maybe we should just print a warning message for now until we can
> > remove the internal usage.
>
> Sorry for obviously not build-testing this.
> Printing a warning might be redundant since the kernel already does so.
> Besides adding the two notes (which I guess are o.k.?) we could either
> not annotate security_disable(3) or explicitly ignore the warning in
> load_policy.c (via a pragma).
> Do you have a preference?
>

Using the pragma to ignore the internal usage would be my preference.
Thanks,
Jim

> >
> > Thanks,
> > Jim
> >
> > >  /* Get the policy version number. */
> > > diff --git a/libselinux/man/man3/security_disable.3 b/libselinux/man/man3/security_disable.3
> > > index 072923ce..5ad8b778 100644
> > > --- a/libselinux/man/man3/security_disable.3
> > > +++ b/libselinux/man/man3/security_disable.3
> > > @@ -14,7 +14,8 @@ disables the SELinux kernel code, unregisters selinuxfs from
> > >  and then unmounts
> > >  .IR /sys/fs/selinux .
> > >  .sp
> > > -This function can only be called at runtime and prior to the initial policy
> > > +This function is only supported on Linux 6.3 and earlier, and can only be
> > > +called at runtime and prior to the initial policy
> > >  load. After the initial policy load, the SELinux kernel code cannot be disabled,
> > >  but only placed in "permissive" mode by using
> > >  .BR security_setenforce(3).
> > > --
> > > 2.45.1
> > >
> > >
diff mbox series

Patch

diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 61c1422b..1318a66a 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -367,7 +367,11 @@  extern int security_deny_unknown(void);
 /* Get the checkreqprot value */
 extern int security_get_checkreqprot(void);
 
-/* Disable SELinux at runtime (must be done prior to initial policy load). */
+/* Disable SELinux at runtime (must be done prior to initial policy load).
+   Unsupported since Linux 6.4. */
+#ifdef __GNUC__
+__attribute__ ((deprecated))
+#endif
 extern int security_disable(void);
 
 /* Get the policy version number. */
diff --git a/libselinux/man/man3/security_disable.3 b/libselinux/man/man3/security_disable.3
index 072923ce..5ad8b778 100644
--- a/libselinux/man/man3/security_disable.3
+++ b/libselinux/man/man3/security_disable.3
@@ -14,7 +14,8 @@  disables the SELinux kernel code, unregisters selinuxfs from
 and then unmounts
 .IR /sys/fs/selinux .
 .sp
-This function can only be called at runtime and prior to the initial policy
+This function is only supported on Linux 6.3 and earlier, and can only be
+called at runtime and prior to the initial policy
 load. After the initial policy load, the SELinux kernel code cannot be disabled,
 but only placed in "permissive" mode by using
 .BR security_setenforce(3).