• Paul Moore's avatar
    selinux: remove the 'checkreqprot' functionality · a7e4676e
    Paul Moore authored
    We originally promised that the SELinux 'checkreqprot' functionality
    would be removed no sooner than June 2021, and now that it is March
    2023 it seems like it is a good time to do the final removal.  The
    deprecation notice in the kernel provides plenty of detail on why
    'checkreqprot' is not desirable, with the key point repeated below:
    
      This was a compatibility mechanism for legacy userspace and
      for the READ_IMPLIES_EXEC personality flag.  However, if set to
      1, it weakens security by allowing mappings to be made executable
      without authorization by policy.  The default value of checkreqprot
      at boot was changed starting in Linux v4.4 to 0 (i.e. check the
      actual protection), and Android and Linux distributions have been
      explicitly writing a "0" to /sys/fs/selinux/checkreqprot during
      initialization for some time.
    
    Along with the official deprecation notice, we have been discussing
    this on-list and directly with several of the larger SELinux-based
    distros and everyone is happy to see this feature finally removed.
    In an attempt to catch all of the smaller, and DIY, Linux systems
    we have been writing a deprecation notice URL into the kernel log,
    along with a growing ssleep() penalty, when admins enabled
    checkreqprot at runtime or via the kernel command line.  We have
    yet to have anyone come to us and raise an objection to the
    deprecation or planned removal.
    
    It is worth noting that while this patch removes the checkreqprot
    functionality, it leaves the user visible interfaces (kernel command
    line and selinuxfs file) intact, just inert.  This should help
    prevent breakages with existing userspace tools that correctly, but
    unnecessarily, disable checkreqprot at boot or runtime.  Admins
    that attempt to enable checkreqprot will be met with a removal
    message in the kernel log.
    Acked-by: default avatarStephen Smalley <stephen.smalley.work@gmail.com>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    a7e4676e
Kconfig 3.48 KB