From: "Justin M. Forbes" <jforbes(a)fedoraproject.org>
From
https://www.paul-moore.com/blog/d/2020/06/linux_v57.html
"Deprecate setting â/sys/fs/selinux/checkreqprotâ to 1. This flag was
originally created to deal with legacy userspace and the READ_IMPLIES_EXEC
personality flag. We changed the default from 1 to 0 back in Linux v4.4 and
now we are taking the next step of deprecating it, at some point in the future
we will take the final step of rejecting 1."
Signed-off-by: Justin M. Forbes <jforbes(a)fedoraproject.org>
---
.../common/generic/CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/redhat/configs/common/generic/CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE
b/redhat/configs/common/generic/CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE
index 47810c7e452a..9fefaf319b27 100644
--- a/redhat/configs/common/generic/CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE
+++ b/redhat/configs/common/generic/CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE
@@ -1 +1 @@
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
--
2.26.2