github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-22 14:12:07 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
master
linux/security/selinux/ss
History
Stephen Smalley ad1ac3d740 selinux: prune /sys/fs/selinux/user 
Remove the previously deprecated /sys/fs/selinux/user interface aside
from a residual stub for userspace compatibility.

Commit d7b6918e22 ("selinux: Deprecate /sys/fs/selinux/user") started
the deprecation process for /sys/fs/selinux/user:

    The selinuxfs "user" node allows userspace to request a list
    of security contexts that can be reached for a given SELinux
    user from a given starting context. This was used by libselinux
    when various login-style programs requested contexts for
    users, but libselinux stopped using it in 2020.
    Kernel support will be removed no sooner than Dec 2025.

A pr_warn() message has been in place since Linux v6.13, and a 5
second sleep was introduced since Linux v6.17 to help make it more
noticeable.

We are now past the stated deadline of Dec 2025, so remove the
underlying functionality and replace it with a stub that returns a
'0\0' buffer to avoid breaking userspace. This also avoids a local DoS
from logspam and an uninterruptible sleep delay.

Cc: stable@vger.kernel.org
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2026-05-05 15:27:44 -04:00
..
avtab.c selinux: improve bucket distribution uniformity of avc_hash() 2025-10-23 18:24:30 -04:00
avtab.h selinux: use known type instead of void pointer 2025-01-07 23:14:39 -05:00
conditional.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
conditional.h selinux: use known type instead of void pointer 2025-01-07 23:14:39 -05:00
constraint.h selinux: fix style issues in security/selinux/ss/constraint.h 2024-02-23 17:26:02 -05:00
context.c selinux: rename comparison functions for clarity 2025-01-07 23:14:39 -05:00
context.h selinux: rename comparison functions for clarity 2025-01-07 23:14:39 -05:00
ebitmap.c selinux: use known type instead of void pointer 2025-01-07 23:14:39 -05:00
ebitmap.h selinux: use known type instead of void pointer 2025-01-07 23:14:39 -05:00
hashtab.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
hashtab.h selinux: constify source policy in cond_policydb_dup() 2024-04-30 19:01:04 -04:00
mls_types.h selinux: rename comparison functions for clarity 2025-01-07 23:14:39 -05:00
mls.c selinux: avoid unnecessary indirection in struct level_datum 2025-01-07 23:14:40 -05:00
mls.h selinux: fix style issues in security/selinux/ss/mls.h 2024-02-23 17:26:05 -05:00
policydb.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
policydb.h selinux: introduce neveraudit types 2025-06-19 17:23:04 -04:00
services.c selinux: prune /sys/fs/selinux/user 2026-05-05 15:27:44 -04:00
services.h selinux: fix style issues in security/selinux/ss/services.h 2024-02-23 17:26:07 -05:00
sidtab.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
sidtab.h selinux: fix style issues in security/selinux/ss/sidtab.h 2024-02-23 17:26:07 -05:00
symtab.c selinux: improve symtab string hashing 2024-03-27 19:26:25 -04:00
symtab.h selinux: fix style issues in security/selinux/ss/symtab.h 2024-02-23 17:26:08 -05:00