From: Paul Moore <paul@paul-moore.com>
Date: Fri, 23 Sep 2022 01:50:22 +0000 (-0400)
Subject: selinux: increase the deprecation sleep for checkreqprot and runtime disable
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=e0d8259355cb846f9cf2e38f6ba3430aecb9ebcc;p=linux.git

selinux: increase the deprecation sleep for checkreqprot and runtime disable

Further the checkreqprot and runtime disable deprecation efforts by
increasing the sleep time from 5 to 15 seconds to help make this more
noticeable for any users who are still using these knobs.

Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index a00d191394365..0a6894cdc54d9 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -294,7 +294,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
 	 */
 	pr_err("SELinux:  Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n");
 	pr_err("SELinux:  https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
-	ssleep(5);
+	ssleep(15);
 
 	if (count >= PAGE_SIZE)
 		return -ENOMEM;
@@ -763,7 +763,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
 
 	checkreqprot_set(fsi->state, (new_value ? 1 : 0));
 	if (new_value)
-		ssleep(5);
+		ssleep(15);
 	length = count;
 
 	selinux_ima_measure_state(fsi->state);