Re: [PATCH] selinux: clean up dead code after removing runtime disable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 23, 2023 at 3:55 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> On Thu, Mar 23, 2023 at 1:12 AM Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx> wrote:
> >
> > Commit f22f9aaf6c3d ("selinux: remove the runtime disable functionality")
> > removes the config SECURITY_SELINUX_DISABLE. This results in some dead code
> > in lsm_hooks.h and a reference in the ABI documentation leading nowhere as
> > the help text is simply gone.
> >
> > Remove the dead code and dead reference.
> >
> > Signed-off-by: Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx>
> > ---
> > Paul, please pick this minor cleanup patch on top of your commit above.
>
> Hi Lukas, thanks for catching this and sending a patch!  For future
> reference, you don't need to add a note asking me to pick up this
> patch, as long as you send it to the right mailing list - you did -
> I'll see it and you'll either get a quick reply when I merge it or a
> longer reply with comments/feedback.
>
> One comment below ...
>
> > diff --git a/Documentation/ABI/removed/sysfs-selinux-disable b/Documentation/ABI/removed/sysfs-selinux-disable
> > index cb783c64cab3..1ae9587231e1 100644
> > --- a/Documentation/ABI/removed/sysfs-selinux-disable
> > +++ b/Documentation/ABI/removed/sysfs-selinux-disable
> > @@ -24,6 +24,3 @@ Description:
> >         SELinux at runtime.  Fedora is in the process of removing the
> >         selinuxfs "disable" node and once that is complete we will start the
> >         slow process of removing this code from the kernel.
> > -
> > -       More information on /sys/fs/selinux/disable can be found under the
> > -       CONFIG_SECURITY_SELINUX_DISABLE Kconfig option.
>
> When I moved the deprecation notice from the "obsolete" to the
> "removed" directory I added a note at the top which read:
>
>   "REMOVAL UPDATE: The SELinux checkreqprot functionality was
>    removed in March 2023, the original deprecation notice is
>    shown below."
>
> My goal was to preserve the original notice as much as possible,
> including the references to the now defunct Kconfig option, to help
> people who are trying to understand how things worked prior to the
> removal.
>
> If you can remove this part of your patch and resubmit I'll happily
> merge it into the selinux/next tree.
>

Okay, I reworked the patch as requested and sent out a PATCH v2:

https://lore.kernel.org/all/20230324092114.13907-1-lukas.bulwahn@xxxxxxxxx/T/#u

Thanks,

Lukas
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux