On Fri, Jan 10, 2020 at 3:15 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> On Wed, Jan 8, 2020 at 11:24 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> > Deprecate setting the SELinux checkreqprot tunable to 1 via kernel
> > parameter or /sys/fs/selinux/checkreqprot. Setting it to 0 is left
> > intact for compatibility since Android and some Linux distributions
> > do so for security and treat an inability to set it as a fatal error.
> > Eventually setting it to 0 will become a no-op and the kernel will
> > stop using checkreqprot's value internally altogether.
> >
> > checkreqprot was originally introduced as a compatibility mechanism
> > for legacy userspace and the READ_IMPLIES_EXEC personality flag.
> > However, if set to 1, it weakens security by allowing mappings to be
> > made executable without authorization by policy. The default value
> > for the SECURITY_SELINUX_CHECKREQPROT_VALUE config option was changed
> > from 1 to 0 in commit 2a35d196c160e3 ("selinux: change
> > CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default") and both Android
> > and Linux distributions began explicitly setting
> > /sys/fs/selinux/checkreqprot to 0 some time ago.
> >
> > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> > ---
> > .../ABI/obsolete/sysfs-selinux-checkreqprot | 23 +++++++++++++++++++
> > .../admin-guide/kernel-parameters.txt | 1 +
> > MAINTAINERS | 1 +
> > security/selinux/Kconfig | 3 +++
> > security/selinux/hooks.c | 5 +++-
> > security/selinux/selinuxfs.c | 8 +++++++
> > 6 files changed, 40 insertions(+), 1 deletion(-)
> > create mode 100644 Documentation/ABI/obsolete/sysfs-selinux-checkreqprot
>
> I think this looks fine, but considering this week was the first time
> we really discussed this, let's hold off until after the next merge
> window so we get a full cycle in linux-next for folks to complain :)
I've queued this up in selinux/next, you'll see it in the tree once
the merge window closes.
--
paul moore
www.paul-moore.com
