diff options
| author | Stephen Smalley <stephen.smalley.work@gmail.com> | 2026-05-05 08:49:50 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2026-05-05 15:27:44 -0400 |
| commit | ad1ac3d740cc6b858a99ab9c45c8c0574be7d1d3 (patch) | |
| tree | b78a4b1d56ed40976b7ad7b68bc08f03d54c2c2a /scripts/dummy-tools/python3 | |
| parent | 19cfa0099024bb9cd40f6d950caa7f47ff8e77f6 (diff) | |
selinux: prune /sys/fs/selinux/user
Remove the previously deprecated /sys/fs/selinux/user interface aside
from a residual stub for userspace compatibility.
Commit d7b6918e22c7 ("selinux: Deprecate /sys/fs/selinux/user") started
the deprecation process for /sys/fs/selinux/user:
The selinuxfs "user" node allows userspace to request a list
of security contexts that can be reached for a given SELinux
user from a given starting context. This was used by libselinux
when various login-style programs requested contexts for
users, but libselinux stopped using it in 2020.
Kernel support will be removed no sooner than Dec 2025.
A pr_warn() message has been in place since Linux v6.13, and a 5
second sleep was introduced since Linux v6.17 to help make it more
noticeable.
We are now past the stated deadline of Dec 2025, so remove the
underlying functionality and replace it with a stub that returns a
'0\0' buffer to avoid breaking userspace. This also avoids a local DoS
from logspam and an uninterruptible sleep delay.
Cc: stable@vger.kernel.org
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'scripts/dummy-tools/python3')
0 files changed, 0 insertions, 0 deletions