On Wed, Sep 23, 2020 at 2:33 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Thu, Sep 10, 2020 at 8:34 AM Stephen Smalley > <stephen.smalley.work@xxxxxxxxx> wrote: > > > Speaking of this, I noticed that Documentation/ABI/README says that > > files under obsolete should say when to expect the interface to be > > removed, and at least a couple of them do, e.g. > > sysfs-class-net-batman-adv:This ABI is deprecated and will be removed > > after 2021. > > > > Should we add similar lines to the two sysfs-selinux-* files, and if > > so, what target date should we propose for each? > > Sorry, I overlooked the updates to this thread in my inbox until I saw > the LWN article today and revisited this thread. > > The lack of a specific date in the disable sysctl was a deliberate > omission on my part as when the commit was made it wasn't clear when > Fedora would be ready to make the transition. As we documented in the > the sysfs-selinux-disable obsolescence notice: > > "Fedora is in the process of removing the selinuxfs "disable" > node and once that is complete we will start the slow process > of removing this code from the kernel." > > As far as the checkreqprot notice is concerned, it probably would be a > good idea to outline a process for its eventual removal. It isn't > quite the same as the runtime disable issue since the distro work > should all be done at this point, it's just a matter of finally > blocking any "1" writes. The deprecation made its first appearance in > v5.7, which was released in June 2020, and a year seems like a > reasonable amount of time for this so perhaps we target summer 2021? Sounds good to me.
