From: Paul Moore <paul@paul-moore.com>
To: Stephen Smalley <stephen.smalley.work@gmail.com>,
selinux@vger.kernel.org
Cc: omosnace@redhat.com, Stephen Smalley <stephen.smalley.work@gmail.com>
Subject: Re: [PATCH v2 1/3] selinux: prune /sys/fs/selinux/checkreqprot
Date: Mon, 04 May 2026 22:35:53 -0400 [thread overview]
Message-ID: <7fdab4e591c35b481996ffd3761d5428@paul-moore.com> (raw)
In-Reply-To: <20260429211229.3750-2-stephen.smalley.work@gmail.com>
On Apr 29, 2026 Stephen Smalley <stephen.smalley.work@gmail.com> wrote:
>
> commit a7e4676e8e2cb ("selinux: remove the 'checkreqprot'
> functionality") removed the ability to modify the checkreqprot setting
> but left everything except the updating of the checkreqprot value
> intact. Aside from unnecessary processing, this could produce a local
> DoS from log spam and incorrectly calls selinux_ima_measure_state() on
> each write even though no state has changed. Prune it to just return
> count (i.e. all bytes written successfully) so that userspace never
> breaks.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> ---
> security/selinux/selinuxfs.c | 45 ++++--------------------------------
> 1 file changed, 5 insertions(+), 40 deletions(-)
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 8c107af5140e..71ffa64b15a6 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -689,46 +689,11 @@ static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
> static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
> size_t count, loff_t *ppos)
> {
> - char *page;
> - ssize_t length;
> - unsigned int new_value;
> -
> - length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
> - SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
> - NULL);
> - if (length)
> - return length;
> -
> - if (count >= PAGE_SIZE)
> - return -ENOMEM;
> -
> - /* No partial writes. */
> - if (*ppos != 0)
> - return -EINVAL;
> -
> - page = memdup_user_nul(buf, count);
> - if (IS_ERR(page))
> - return PTR_ERR(page);
> -
> - if (sscanf(page, "%u", &new_value) != 1) {
> - length = -EINVAL;
> - goto out;
> - }
> - length = count;
> -
> - if (new_value) {
> - char comm[sizeof(current->comm)];
> -
> - strscpy(comm, current->comm);
> - pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n",
> - comm, current->pid);
> - }
I agree with Ondrej's comment that the log spam problem could be resolved
with pr_err_once() while still preserving the notification. Since it will
only be reported once, you can probably skip the read/parsing/etc. and
just report that checkreqprot is no longer supported:
static ssize_t swl_write_checkreqprot(...)
{
/*
* Setting ... <deprecation url>
*/
pr_err_once(...);
return count;
}
> - selinux_ima_measure_state();
> -
> -out:
> - kfree(page);
> - return length;
> + /*
> + * Setting checkreqprot is no longer supported, see
> + * https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot
> + */
> + return count;
> }
> static const struct file_operations sel_checkreqprot_ops = {
> .read = sel_read_checkreqprot,
> --
> 2.54.0
--
paul-moore.com
next prev parent reply other threads:[~2026-05-05 2:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 21:12 [PATCH v2 0/3] selinux: prune deprecated interfaces Stephen Smalley
2026-04-29 21:12 ` [PATCH v2 1/3] selinux: prune /sys/fs/selinux/checkreqprot Stephen Smalley
2026-04-30 6:08 ` Ondrej Mosnacek
2026-05-05 2:35 ` Paul Moore [this message]
2026-04-29 21:12 ` [PATCH v2 2/3] selinux: prune /sys/fs/selinux/disable Stephen Smalley
2026-05-05 2:35 ` Paul Moore
2026-04-29 21:12 ` [PATCH v2 3/3] selinux: prune /sys/fs/selinux/user Stephen Smalley
2026-05-05 2:35 ` Paul Moore
2026-04-29 21:30 ` [PATCH v2 0/3] selinux: prune deprecated interfaces Paul Moore
2026-04-30 12:01 ` Stephen Smalley
2026-05-01 12:14 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7fdab4e591c35b481996ffd3761d5428@paul-moore.com \
--to=paul@paul-moore.com \
--cc=omosnace@redhat.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox