path: root/security/selinux/selinuxfs.c
diff options
authorPaul Moore <>2022-03-01 17:53:01 -0500
committerPaul Moore <>2022-04-04 16:20:51 -0400
commit43b666622c60bc001f2f8a19f5f97946ff53a5cc (patch)
tree4ff2512ec24ba3e83cd6030aaa6addc6e38047cc /security/selinux/selinuxfs.c
parent0a9876f36b08706d9954d8ccb42d0cd85f210333 (diff)
selinux: runtime disable is deprecated, add some ssleep() discomfort
We deprecated the SELinux runtime disable functionality in Linux v5.6, and it is time to get a bit more serious about removing it. Add a five second sleep to anyone using it to help draw their attention to the deprecation and provide a URL which helps explain things in more detail, including how to add kernel command line parameters to some of the more popular Linux distributions. Acked-by: Casey Schaufler <> Signed-off-by: Paul Moore <>
Diffstat (limited to 'security/selinux/selinuxfs.c')
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 097c6d866ec4..6568bc48cd3e 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -293,6 +293,8 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
* kernel releases until eventually it is removed
pr_err("SELinux: Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n");
+ pr_err("SELinux:\n");
+ ssleep(5);
if (count >= PAGE_SIZE)
return -ENOMEM;