lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 23 Mar 2023 10:55:01 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Lukas Bulwahn <lukas.bulwahn@...il.com>
Cc:     Stephen Smalley <stephen.smalley.work@...il.com>,
        Eric Paris <eparis@...isplace.org>, selinux@...r.kernel.org,
        kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] selinux: clean up dead code after removing runtime disable

On Thu, Mar 23, 2023 at 1:12 AM Lukas Bulwahn <lukas.bulwahn@...il.com> wrote:
>
> Commit f22f9aaf6c3d ("selinux: remove the runtime disable functionality")
> removes the config SECURITY_SELINUX_DISABLE. This results in some dead code
> in lsm_hooks.h and a reference in the ABI documentation leading nowhere as
> the help text is simply gone.
>
> Remove the dead code and dead reference.
>
> Signed-off-by: Lukas Bulwahn <lukas.bulwahn@...il.com>
> ---
> Paul, please pick this minor cleanup patch on top of your commit above.

Hi Lukas, thanks for catching this and sending a patch!  For future
reference, you don't need to add a note asking me to pick up this
patch, as long as you send it to the right mailing list - you did -
I'll see it and you'll either get a quick reply when I merge it or a
longer reply with comments/feedback.

One comment below ...

> diff --git a/Documentation/ABI/removed/sysfs-selinux-disable b/Documentation/ABI/removed/sysfs-selinux-disable
> index cb783c64cab3..1ae9587231e1 100644
> --- a/Documentation/ABI/removed/sysfs-selinux-disable
> +++ b/Documentation/ABI/removed/sysfs-selinux-disable
> @@ -24,6 +24,3 @@ Description:
>         SELinux at runtime.  Fedora is in the process of removing the
>         selinuxfs "disable" node and once that is complete we will start the
>         slow process of removing this code from the kernel.
> -
> -       More information on /sys/fs/selinux/disable can be found under the
> -       CONFIG_SECURITY_SELINUX_DISABLE Kconfig option.

When I moved the deprecation notice from the "obsolete" to the
"removed" directory I added a note at the top which read:

  "REMOVAL UPDATE: The SELinux checkreqprot functionality was
   removed in March 2023, the original deprecation notice is
   shown below."

My goal was to preserve the original notice as much as possible,
including the references to the now defunct Kconfig option, to help
people who are trying to understand how things worked prior to the
removal.

If you can remove this part of your patch and resubmit I'll happily
merge it into the selinux/next tree.

Thanks!

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ