selinux: provide a "no sooner than" date for the checkreqprot removal

We marked /sys/fs/selinux/checkreqprot as deprecated in Linux v5.7,
but didn't provide any guidance as to the timeframe.  Considering
the state of checkreqprot, it seems like one year should be enough
time.

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Paul Moore 2020-09-27 22:37:01 -04:00
parent 8861d0af64
commit 0d50f059c4

View File

@ -15,7 +15,7 @@ Description:
actual protection), and Android and Linux distributions have been
explicitly writing a "0" to /sys/fs/selinux/checkreqprot during
initialization for some time. Support for setting checkreqprot to 1
will be removed in a future kernel release, at which point the kernel
will be removed no sooner than June 2021, at which point the kernel
will always cease using checkreqprot internally and will always
check the actual protections being applied upon mmap/mprotect calls.
The checkreqprot selinuxfs node will remain for backward compatibility