diff options
author | Paul Moore <paul@paul-moore.com> | 2022-09-22 21:50:22 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2022-10-17 16:15:30 -0400 |
commit | e0d8259355cb846f9cf2e38f6ba3430aecb9ebcc (patch) | |
tree | 7b97c7b94d629a8c7ff93d8f8698ac3c24b3cfaa | |
parent | 9abf2313adc1ca1b6180c508c25f22f9395cc780 (diff) |
selinux: increase the deprecation sleep for checkreqprot and runtime disable
Further the checkreqprot and runtime disable deprecation efforts by
increasing the sleep time from 5 to 15 seconds to help make this more
noticeable for any users who are still using these knobs.
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | security/selinux/selinuxfs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index a00d19139436..0a6894cdc54d 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -294,7 +294,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf, */ pr_err("SELinux: Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n"); pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n"); - ssleep(5); + ssleep(15); if (count >= PAGE_SIZE) return -ENOMEM; @@ -763,7 +763,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, checkreqprot_set(fsi->state, (new_value ? 1 : 0)); if (new_value) - ssleep(5); + ssleep(15); length = count; selinux_ima_measure_state(fsi->state); |