From: Paul Moore <paul@paul-moore.com>
Date: Thu, 1 May 2025 19:18:56 +0000 (-0400)
Subject: selinux: add a 5 second sleep to /sys/fs/selinux/user
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8a71d8fa55760eb7f6b1c8a96e771e2678625b9c;p=thirdparty%2Fkernel%2Flinux.git

selinux: add a 5 second sleep to /sys/fs/selinux/user

Commit d7b6918e22c7 ("selinux: Deprecate /sys/fs/selinux/user") started
the deprecation process for /sys/fs/selinux/user:

  The selinuxfs "user" node allows userspace to request a list
  of security contexts that can be reached for a given SELinux
  user from a given starting context. This was used by libselinux
  when various login-style programs requested contexts for
  users, but libselinux stopped using it in 2020.
  Kernel support will be removed no sooner than Dec 2025.

A pr_warn() message has been in place since Linux v6.13, this patch
adds a five second sleep to /sys/fs/selinux/user to help make the
deprecation and upcoming removal more noticeable.

Signed-off-by: Paul Moore <paul@paul-moore.com>
---

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index e67a8ce4b64c2..95765374f58d0 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1072,6 +1072,7 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
 	pr_warn_ratelimited("SELinux: %s (%d) wrote to /sys/fs/selinux/user!"
 		" This will not be supported in the future; please update your"
 		" userspace.\n", current->comm, current->pid);
+	ssleep(5);
 
 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
 			      SECCLASS_SECURITY, SECURITY__COMPUTE_USER,