Re: [PATCH] selinux: clean up dead code after removing runtime disable

From: Lukas Bulwahn
Date: Fri Mar 24 2023 - 05:26:02 EST

Next message: David Hildenbrand: "Re: [RFC 00/12] module: avoid userspace pressure on unwanted allocations"
Previous message: Charles Keepax: "Re: [PATCH] regulator: wm8994: Use PROBE_FORCE_SYNCHRONOUS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 23, 2023 at 3:55 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> On Thu, Mar 23, 2023 at 1:12 AM Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx> wrote:
> >
> > Commit f22f9aaf6c3d ("selinux: remove the runtime disable functionality")
> > removes the config SECURITY_SELINUX_DISABLE. This results in some dead code
> > in lsm_hooks.h and a reference in the ABI documentation leading nowhere as
> > the help text is simply gone.
> >
> > Remove the dead code and dead reference.
> >
> > Signed-off-by: Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx>
> > ---
> > Paul, please pick this minor cleanup patch on top of your commit above.
>
> Hi Lukas, thanks for catching this and sending a patch! For future
> reference, you don't need to add a note asking me to pick up this
> patch, as long as you send it to the right mailing list - you did -
> I'll see it and you'll either get a quick reply when I merge it or a
> longer reply with comments/feedback.
>
> One comment below ...
>
> > diff --git a/Documentation/ABI/removed/sysfs-selinux-disable b/Documentation/ABI/removed/sysfs-selinux-disable
> > index cb783c64cab3..1ae9587231e1 100644
> > --- a/Documentation/ABI/removed/sysfs-selinux-disable
> > +++ b/Documentation/ABI/removed/sysfs-selinux-disable
> > @@ -24,6 +24,3 @@ Description:
> > SELinux at runtime. Fedora is in the process of removing the
> > selinuxfs "disable" node and once that is complete we will start the
> > slow process of removing this code from the kernel.
> > -
> > - More information on /sys/fs/selinux/disable can be found under the
> > - CONFIG_SECURITY_SELINUX_DISABLE Kconfig option.
>
> When I moved the deprecation notice from the "obsolete" to the
> "removed" directory I added a note at the top which read:
>
> "REMOVAL UPDATE: The SELinux checkreqprot functionality was
> removed in March 2023, the original deprecation notice is
> shown below."
>
> My goal was to preserve the original notice as much as possible,
> including the references to the now defunct Kconfig option, to help
> people who are trying to understand how things worked prior to the
> removal.
>
> If you can remove this part of your patch and resubmit I'll happily
> merge it into the selinux/next tree.
>

Okay, I reworked the patch as requested and sent out a PATCH v2:

https://lore.kernel.org/all/20230324092114.13907-1-lukas.bulwahn@xxxxxxxxx/T/#u

Thanks,

Lukas

Next message: David Hildenbrand: "Re: [RFC 00/12] module: avoid userspace pressure on unwanted allocations"
Previous message: Charles Keepax: "Re: [PATCH] regulator: wm8994: Use PROBE_FORCE_SYNCHRONOUS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]