1*a7e4676eSPaul MooreWhat: /sys/fs/selinux/checkreqprot 2*a7e4676eSPaul MooreDate: April 2005 (predates git) 3*a7e4676eSPaul MooreKernelVersion: 2.6.12-rc2 (predates git) 4*a7e4676eSPaul MooreContact: selinux@vger.kernel.org 5*a7e4676eSPaul MooreDescription: 6*a7e4676eSPaul Moore 7*a7e4676eSPaul Moore REMOVAL UPDATE: The SELinux checkreqprot functionality was removed in 8*a7e4676eSPaul Moore March 2023, the original deprecation notice is shown below. 9*a7e4676eSPaul Moore 10*a7e4676eSPaul Moore The selinuxfs "checkreqprot" node allows SELinux to be configured 11*a7e4676eSPaul Moore to check the protection requested by userspace for mmap/mprotect 12*a7e4676eSPaul Moore calls instead of the actual protection applied by the kernel. 13*a7e4676eSPaul Moore This was a compatibility mechanism for legacy userspace and 14*a7e4676eSPaul Moore for the READ_IMPLIES_EXEC personality flag. However, if set to 15*a7e4676eSPaul Moore 1, it weakens security by allowing mappings to be made executable 16*a7e4676eSPaul Moore without authorization by policy. The default value of checkreqprot 17*a7e4676eSPaul Moore at boot was changed starting in Linux v4.4 to 0 (i.e. check the 18*a7e4676eSPaul Moore actual protection), and Android and Linux distributions have been 19*a7e4676eSPaul Moore explicitly writing a "0" to /sys/fs/selinux/checkreqprot during 20*a7e4676eSPaul Moore initialization for some time. Support for setting checkreqprot to 1 21*a7e4676eSPaul Moore will be removed no sooner than June 2021, at which point the kernel 22*a7e4676eSPaul Moore will always cease using checkreqprot internally and will always 23*a7e4676eSPaul Moore check the actual protections being applied upon mmap/mprotect calls. 24*a7e4676eSPaul Moore The checkreqprot selinuxfs node will remain for backward compatibility 25*a7e4676eSPaul Moore but will discard writes of the "0" value and will reject writes of the 26*a7e4676eSPaul Moore "1" value when this mechanism is removed. 27