Commit 917719c412c4 for kernel

commit 917719c412c48687d4a176965d1fa35320ec457c
Merge: fcee7d82f27d 868f31e4061e
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu May 7 17:26:43 2026 -0700

    Merge tag 'selinux-pr-20260507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

    Pull selinux fixes from Paul Moore:

     - Allow for multiple opens of /sys/fs/selinux/policy

       Prevent a single process from blocking others from reading the
       SELinux policy loaded in the kernel. This does have the side effect
       of potentially allowing userspace to trigger additional kernel memory
       allocations as part of the open/read operation, but this is mitigated
       by requiring the SELinux security/read_policy permission.

     - Reduce the critical sections where the SELinux policy mutex is held

       This includes the patch to the policy loader code where we move the
       permission checks and an allocation outside the mutex as well as the
       the patch to checkreqprot which drops the code/lock entirely.

       While the checkreqprot code had effectively been dropped in an
       earlier release, portions of the code still remained that would have
       triggered the mutex to perform an IMA measurement. This finally drops
       all of that while preserving the user visible behavior.

     - Eliminate potential sources of log spamming

       There were a few areas where processes could flood the system logs
       and hide other, more critical events. The previously disabled
       checkreqprot and runtime disable knobs in selinuxfs were two such
       areas that have now been greatly simplified and a pr_err() replaced
       with a pr_err_once().

       The third such place is the /sys/fs/selinux/user file, which hasn't
       been used by a userspace release since 2020 and was scheduled for
       removal after 2025; this effectively disables this functionality, but
       similar to checkreqprot, it is done in a way that should not break
       old userspace.

    * tag 'selinux-pr-20260507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
      selinux: shrink critical section in sel_write_load()
      selinux: allow multiple opens of /sys/fs/selinux/policy
      selinux: prune /sys/fs/selinux/user
      selinux: prune /sys/fs/selinux/disable
      selinux: prune /sys/fs/selinux/checkreqprot