linux/security/selinux
Paul Moore a7e4676e8e selinux: remove the 'checkreqprot' functionality
We originally promised that the SELinux 'checkreqprot' functionality
would be removed no sooner than June 2021, and now that it is March
2023 it seems like it is a good time to do the final removal.  The
deprecation notice in the kernel provides plenty of detail on why
'checkreqprot' is not desirable, with the key point repeated below:

  This was a compatibility mechanism for legacy userspace and
  for the READ_IMPLIES_EXEC personality flag.  However, if set to
  1, it weakens security by allowing mappings to be made executable
  without authorization by policy.  The default value of checkreqprot
  at boot was changed starting in Linux v4.4 to 0 (i.e. check the
  actual protection), and Android and Linux distributions have been
  explicitly writing a "0" to /sys/fs/selinux/checkreqprot during
  initialization for some time.

Along with the official deprecation notice, we have been discussing
this on-list and directly with several of the larger SELinux-based
distros and everyone is happy to see this feature finally removed.
In an attempt to catch all of the smaller, and DIY, Linux systems
we have been writing a deprecation notice URL into the kernel log,
along with a growing ssleep() penalty, when admins enabled
checkreqprot at runtime or via the kernel command line.  We have
yet to have anyone come to us and raise an objection to the
deprecation or planned removal.

It is worth noting that while this patch removes the checkreqprot
functionality, it leaves the user visible interfaces (kernel command
line and selinuxfs file) intact, just inert.  This should help
prevent breakages with existing userspace tools that correctly, but
unnecessarily, disable checkreqprot at boot or runtime.  Admins
that attempt to enable checkreqprot will be met with a removal
message in the kernel log.

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2023-03-20 12:33:50 -04:00
..
include selinux: remove the 'checkreqprot' functionality 2023-03-20 12:33:50 -04:00
ss selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
avc.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
hooks.c selinux: remove the 'checkreqprot' functionality 2023-03-20 12:33:50 -04:00
ibpkey.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
ima.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
Kconfig selinux: remove the 'checkreqprot' functionality 2023-03-20 12:33:50 -04:00
Makefile selinux: include a consumer of the new IMA critical data hook 2021-01-14 23:41:46 -05:00
netif.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
netlabel.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
netlink.c selinux: mark some global variables __ro_after_init 2021-01-12 10:08:55 -05:00
netnode.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
netport.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
nlmsgtab.c selinux: resolve checkpatch errors 2022-05-03 13:59:15 -04:00
selinuxfs.c selinux: remove the 'checkreqprot' functionality 2023-03-20 12:33:50 -04:00
status.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
xfrm.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00