~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/ABI/removed/sysfs-selinux-checkreqprot

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/ABI/removed/sysfs-selinux-checkreqprot (Version linux-6.12-rc7) and /Documentation/ABI/removed/sysfs-selinux-checkreqprot (Version linux-6.4.16)

  1 What:           /sys/fs/selinux/checkreqprot        1 What:           /sys/fs/selinux/checkreqprot
  2 Date:           April 2005 (predates git)           2 Date:           April 2005 (predates git)
  3 KernelVersion:  2.6.12-rc2 (predates git)           3 KernelVersion:  2.6.12-rc2 (predates git)
  4 Contact:        selinux@vger.kernel.org             4 Contact:        selinux@vger.kernel.org
  5 Description:                                        5 Description:
  6                                                     6 
  7         REMOVAL UPDATE: The SELinux checkreqpr      7         REMOVAL UPDATE: The SELinux checkreqprot functionality was removed in
  8         March 2023, the original deprecation n      8         March 2023, the original deprecation notice is shown below.
  9                                                     9 
 10         The selinuxfs "checkreqprot" node allo     10         The selinuxfs "checkreqprot" node allows SELinux to be configured
 11         to check the protection requested by u     11         to check the protection requested by userspace for mmap/mprotect
 12         calls instead of the actual protection     12         calls instead of the actual protection applied by the kernel.
 13         This was a compatibility mechanism for     13         This was a compatibility mechanism for legacy userspace and
 14         for the READ_IMPLIES_EXEC personality      14         for the READ_IMPLIES_EXEC personality flag.  However, if set to
 15         1, it weakens security by allowing map     15         1, it weakens security by allowing mappings to be made executable
 16         without authorization by policy.  The      16         without authorization by policy.  The default value of checkreqprot
 17         at boot was changed starting in Linux      17         at boot was changed starting in Linux v4.4 to 0 (i.e. check the
 18         actual protection), and Android and Li     18         actual protection), and Android and Linux distributions have been
 19         explicitly writing a "0" to /sys/fs/se     19         explicitly writing a "0" to /sys/fs/selinux/checkreqprot during
 20         initialization for some time.  Support     20         initialization for some time.  Support for setting checkreqprot to 1
 21         will be removed no sooner than June 20     21         will be removed no sooner than June 2021, at which point the kernel
 22         will always cease using checkreqprot i     22         will always cease using checkreqprot internally and will always
 23         check the actual protections being app     23         check the actual protections being applied upon mmap/mprotect calls.
 24         The checkreqprot selinuxfs node will r     24         The checkreqprot selinuxfs node will remain for backward compatibility
 25         but will discard writes of the "0" val     25         but will discard writes of the "0" value and will reject writes of the
 26         "1" value when this mechanism is remov     26         "1" value when this mechanism is removed.
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php