[linux] 05/05: selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Tue May 2 04:35:56 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch sid
in repository linux.
commit c4f7fb8fd35cf9f100e1815186e69c881cf97855
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Tue May 2 05:22:00 2017 +0100
selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default
---
debian/changelog | 3 +++
debian/config/config | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 80a9076..b1136e3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -392,6 +392,9 @@ linux (4.9.25-1) UNRELEASED; urgency=medium
* udeb: Add tifm_7xx1 to mmc-modules (Closes: #861195)
* leds: Enable LEDS_GPIO as module for all configurations with GPIOs
(Closes: #860569)
+ * selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default.
+ This may break some old applications if SELinux is enabled, and can be
+ reverted using the kernel parameter: checkreqprot=1
[ Salvatore Bonaccorso ]
* ping: implement proper locking (CVE-2017-2671)
diff --git a/debian/config/config b/debian/config/config
index e65fe0f..55df382 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -7147,7 +7147,7 @@ CONFIG_SECURITY_SELINUX=y
# CONFIG_SECURITY_SELINUX_DISABLE is not set
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
##
## file: security/smack/Kconfig
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list