selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default

2017-05-02 05:22:00 +01:00 · 2017-05-02 05:22:00 +01:00 · c4f7fb8fd3
parent 97c9515edc
commit c4f7fb8fd3
2 changed files with 4 additions and 1 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -392,6 +392,9 @@ linux (4.9.25-1) UNRELEASED; urgency=medium
  * udeb: Add tifm_7xx1 to mmc-modules (Closes: #861195)
  * leds: Enable LEDS_GPIO as module for all configurations with GPIOs
    (Closes: #860569)
+  * selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default.
+    This may break some old applications if SELinux is enabled, and can be
+    reverted using the kernel parameter: checkreqprot=1

  [ Salvatore Bonaccorso ]
  * ping: implement proper locking (CVE-2017-2671)
--- a/debian/config/config
+++ b/debian/config/config
@ -7147,7 +7147,7 @@ CONFIG_SECURITY_SELINUX=y
 # CONFIG_SECURITY_SELINUX_DISABLE is not set
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0

 ##
 ## file: security/smack/Kconfig