From: Richard Haines <richard_c_haines@btinternet.com>
To: selinux@vger.kernel.org
Cc: paul@paul-moore.com, Richard Haines <richard_c_haines@btinternet.com>
Subject: [PATCH Notebook] checkreqprot is being deprecated
Date: Mon, 4 Apr 2022 10:31:15 +0100 [thread overview]
Message-ID: <20220404093115.6451-1-richard_c_haines@btinternet.com> (raw)
This will be deprecated at some stage, with the default set to 0.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
src/lsm_selinux.md | 8 +++++---
src/object_classes_permissions.md | 2 +-
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/lsm_selinux.md b/src/lsm_selinux.md
index 560d89f..cb8189b 100644
--- a/src/lsm_selinux.md
+++ b/src/lsm_selinux.md
@@ -515,11 +515,13 @@ or *libsepol* library.
*checkreqprot*
-- *0* = Check requested protection applied by kernel.
- *1* = Check protection requested by application. This is the default.
+- *0* = Check protection applied by kernel (default since kernel v4.4).
+ *1* = Check protection requested by application.
These apply to the *mmap* and *mprotect* kernel calls. Default value can
be changed at boot time via the *checkreqprot=* parameter.
- Requires *security { setcheckreqprot }* permission.
+ Requires *security { setcheckreqprot }* permission. Note *checkreqprot* will
+ be deprecated at some stage, with the default set to 0. See
+ <https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot>
*commit_pending_bools*
diff --git a/src/object_classes_permissions.md b/src/object_classes_permissions.md
index 4ad8520..05a2a80 100644
--- a/src/object_classes_permissions.md
+++ b/src/object_classes_permissions.md
@@ -1956,7 +1956,7 @@ object (for the SELinux security server).
- Change a boolean value within the active policy.
-*setcheckreqprot*
+*setcheckreqprot* (deprecated)
- Set if SELinux will check original protection mode or modified protection
mode (read-implies-exec) for *mmap* / *mprotect*.
--
2.35.1
next reply other threads:[~2022-04-04 9:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-04 9:31 Richard Haines [this message]
2022-04-04 21:37 ` [PATCH Notebook] checkreqprot is being deprecated Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220404093115.6451-1-richard_c_haines@btinternet.com \
--to=richard_c_haines@btinternet.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.