selinux: increase the deprecation sleep for checkreqprot and runtime disable

Further the checkreqprot and runtime disable deprecation efforts by
increasing the sleep time from 5 to 15 seconds to help make this more
noticeable for any users who are still using these knobs.

Acked-by: Casey Schaufler <[email protected]>
Signed-off-by: Paul Moore <[email protected]>

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index a00d191394365b50fd59fcdda75ba8f1343ec1f9..0a6894cdc54d990a908443d23e1e15586578465c 100644 (file)
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -294,7 +294,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
         */
        pr_err("SELinux:  Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n");
        pr_err("SELinux:  https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
-       ssleep(5);
+       ssleep(15);
 
        if (count >= PAGE_SIZE)
                return -ENOMEM;
@@ -763,7 +763,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
 
        checkreqprot_set(fsi->state, (new_value ? 1 : 0));
        if (new_value)
-               ssleep(5);
+               ssleep(15);
        length = count;
 
        selinux_ima_measure_state(fsi->state);