selinux: add a 5 second sleep to /sys/fs/selinux/user

Commit d7b6918e22c7 ("selinux: Deprecate /sys/fs/selinux/user") started
the deprecation process for /sys/fs/selinux/user:

  The selinuxfs "user" node allows userspace to request a list
  of security contexts that can be reached for a given SELinux
  user from a given starting context. This was used by libselinux
  when various login-style programs requested contexts for
  users, but libselinux stopped using it in 2020.
  Kernel support will be removed no sooner than Dec 2025.

A pr_warn() message has been in place since Linux v6.13, this patch
adds a five second sleep to /sys/fs/selinux/user to help make the
deprecation and upcoming removal more noticeable.

Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index e67a8ce4b64c2dd2e828849f47f242e4a7e869e6..95765374f58d0ff37da8a68ebcf2858404905a22 100644 (file)
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1072,6 +1072,7 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
        pr_warn_ratelimited("SELinux: %s (%d) wrote to /sys/fs/selinux/user!"
                " This will not be supported in the future; please update your"
                " userspace.\n", current->comm, current->pid);
+       ssleep(5);
 
        length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
                              SECCLASS_SECURITY, SECURITY__COMPUTE_USER,