All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH Notebook] checkreqprot is being deprecated
@ 2022-04-04  9:31 Richard Haines
  2022-04-04 21:37 ` Paul Moore
  0 siblings, 1 reply; 2+ messages in thread
From: Richard Haines @ 2022-04-04  9:31 UTC (permalink / raw)
  To: selinux; +Cc: paul, Richard Haines

This will be deprecated at some stage, with the default set to 0.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 src/lsm_selinux.md                | 8 +++++---
 src/object_classes_permissions.md | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/lsm_selinux.md b/src/lsm_selinux.md
index 560d89f..cb8189b 100644
--- a/src/lsm_selinux.md
+++ b/src/lsm_selinux.md
@@ -515,11 +515,13 @@ or *libsepol* library.
 
 *checkreqprot*
 
-- *0* = Check requested protection applied by kernel.
-  *1* = Check protection requested by application. This is the default.
+- *0* = Check protection applied by kernel (default since kernel v4.4).
+  *1* = Check protection requested by application.
   These apply to the *mmap* and *mprotect* kernel calls. Default value can
   be changed at boot time via the *checkreqprot=* parameter.
-  Requires *security { setcheckreqprot }* permission.
+  Requires *security { setcheckreqprot }* permission. Note *checkreqprot* will
+  be deprecated at some stage, with the default set to 0. See
+  <https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot>
 
 *commit_pending_bools*
 
diff --git a/src/object_classes_permissions.md b/src/object_classes_permissions.md
index 4ad8520..05a2a80 100644
--- a/src/object_classes_permissions.md
+++ b/src/object_classes_permissions.md
@@ -1956,7 +1956,7 @@ object (for the SELinux security server).
 
 - Change a boolean value within the active policy.
 
-*setcheckreqprot*
+*setcheckreqprot* (deprecated)
 
 - Set if SELinux will check original protection mode or modified protection
   mode (read-implies-exec) for *mmap* / *mprotect*.
-- 
2.35.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH Notebook] checkreqprot is being deprecated
  2022-04-04  9:31 [PATCH Notebook] checkreqprot is being deprecated Richard Haines
@ 2022-04-04 21:37 ` Paul Moore
  0 siblings, 0 replies; 2+ messages in thread
From: Paul Moore @ 2022-04-04 21:37 UTC (permalink / raw)
  To: Richard Haines; +Cc: selinux

On Mon, Apr 4, 2022 at 5:31 AM Richard Haines
<richard_c_haines@btinternet.com> wrote:
>
> This will be deprecated at some stage, with the default set to 0.
>
> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> ---
>  src/lsm_selinux.md                | 8 +++++---
>  src/object_classes_permissions.md | 2 +-
>  2 files changed, 6 insertions(+), 4 deletions(-)

Merged, thanks!

-- 
paul-moore.com

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-04 21:53 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-04  9:31 [PATCH Notebook] checkreqprot is being deprecated Richard Haines
2022-04-04 21:37 ` Paul Moore

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.