[Notebook] checkreqprot is being deprecated

Message ID	20220404093115.6451-1-richard_c_haines@btinternet.com (mailing list archive)
State	Accepted
Delegated to:	Paul Moore
Headers	show Return-Path: <selinux-owner@kernel.org> From: Richard Haines <richard_c_haines@btinternet.com> To: selinux@vger.kernel.org Cc: paul@paul-moore.com, Richard Haines <richard_c_haines@btinternet.com> Subject: [PATCH Notebook] checkreqprot is being deprecated Date: Mon, 4 Apr 2022 10:31:15 +0100 Message-Id: <20220404093115.6451-1-richard_c_haines@btinternet.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[Notebook] checkreqprot is being deprecated \| expand [Notebook] checkreqprot is being deprecated

Message ID

20220404093115.6451-1-richard_c_haines@btinternet.com (mailing list archive)

State

Accepted

Delegated to:

Paul Moore

Headers

From: Richard Haines <richard_c_haines@btinternet.com>
To: selinux@vger.kernel.org
Cc: paul@paul-moore.com,
        Richard Haines <richard_c_haines@btinternet.com>
Subject: [PATCH Notebook] checkreqprot is being deprecated
Date: Mon,  4 Apr 2022 10:31:15 +0100
Message-Id: <20220404093115.6451-1-richard_c_haines@btinternet.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[Notebook] checkreqprot is being deprecated | expand

Commit Message

Richard Haines April 4, 2022, 9:31 a.m. UTC

This will be deprecated at some stage, with the default set to 0.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 src/lsm_selinux.md                | 8 +++++---
 src/object_classes_permissions.md | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

Comments

Paul Moore April 4, 2022, 9:37 p.m. UTC | #1

On Mon, Apr 4, 2022 at 5:31 AM Richard Haines
<richard_c_haines@btinternet.com> wrote:
>
> This will be deprecated at some stage, with the default set to 0.
>
> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> ---
>  src/lsm_selinux.md                | 8 +++++---
>  src/object_classes_permissions.md | 2 +-
>  2 files changed, 6 insertions(+), 4 deletions(-)

Merged, thanks!

diff --git a/src/lsm_selinux.md b/src/lsm_selinux.md
index 560d89f..cb8189b 100644
--- a/src/lsm_selinux.md
+++ b/src/lsm_selinux.md
@@ -515,11 +515,13 @@  or *libsepol* library.
 
 *checkreqprot*
 
-- *0* = Check requested protection applied by kernel.
-  *1* = Check protection requested by application. This is the default.
+- *0* = Check protection applied by kernel (default since kernel v4.4).
+  *1* = Check protection requested by application.
   These apply to the *mmap* and *mprotect* kernel calls. Default value can
   be changed at boot time via the *checkreqprot=* parameter.
-  Requires *security { setcheckreqprot }* permission.
+  Requires *security { setcheckreqprot }* permission. Note *checkreqprot* will
+  be deprecated at some stage, with the default set to 0. See
+  <https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot>
 
 *commit_pending_bools*
 
diff --git a/src/object_classes_permissions.md b/src/object_classes_permissions.md
index 4ad8520..05a2a80 100644
--- a/src/object_classes_permissions.md
+++ b/src/object_classes_permissions.md
@@ -1956,7 +1956,7 @@  object (for the SELinux security server).
 
 - Change a boolean value within the active policy.
 
-*setcheckreqprot*
+*setcheckreqprot* (deprecated)
 
 - Set if SELinux will check original protection mode or modified protection
   mode (read-implies-exec) for *mmap* / *mprotect*.

[Notebook] checkreqprot is being deprecated

Commit Message

Comments

Patch