From: cem@kernel.org
To: linux-fsdevel@vger.kernel.org
Cc: jack@suze.cz, djwong@kernel.org, hch@lst.de, serge@hallyn.com,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-xfs@vger.kernel.org,
Carlos Maiolino <cem@kernel.org>
Subject: [RFC PATCH 0/4] Introduce capable_noaudit
Date: Fri, 26 Jun 2026 13:45:19 +0200 [thread overview]
Message-ID: <20260626114533.102138-1-cem@kernel.org> (raw)
From: Carlos Maiolino <cem@kernel.org>
In some cases - filesystems quota specifically here - we'd like to check
for effective capabilities without issuing spurious audit messages and
without the need to specify a namespace for that.
This series introduce capable_noaudit() which has the same goal as
capable() but without firing audit messages.
Also, this updates both generic quota and xfs quota code to use that.
The last patch unexports has_capability_noaudit() which was originally
exported to be used in xfs but turns out it does not meet our needs.
Note this is based on top of a current series I have to remove
has_capability_noaudit() calls from xfs so the xfs patch won't
apply cleanly without that series.
If adding this helper is acceptable, I'll turn this into a non-rfc
series with the required changes to apply properly.
Comments? Flames?
Cheers
Carlos Maiolino (4):
capabily: Add new capable_noaudit
quota: Don't issue audit messages on quota enforcing
xfs: replace ns_capable_noaudit()
capability: unexport has_capability_noaudit
fs/quota/dquot.c | 2 +-
fs/xfs/xfs_trans_dquot.c | 2 +-
include/linux/capability.h | 5 +++++
kernel/capability.c | 18 +++++++++++++++++-
4 files changed, 24 insertions(+), 3 deletions(-)
--
2.54.0
next reply other threads:[~2026-06-26 11:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-26 11:45 cem [this message]
2026-06-26 11:45 ` [RFC PATCH 1/4] capabily: Add new capable_noaudit cem
2026-06-26 15:16 ` Darrick J. Wong
2026-06-26 15:31 ` Paul Moore
2026-06-26 17:46 ` Serge E. Hallyn
2026-06-26 11:45 ` [RFC PATCH 2/4] quota: Don't issue audit messages on quota enforcing cem
2026-06-26 15:18 ` Darrick J. Wong
2026-06-26 11:45 ` [RFC PATCH 3/4] xfs: replace ns_capable_noaudit() cem
2026-06-26 15:19 ` Darrick J. Wong
2026-06-26 11:45 ` [RFC PATCH 4/4] capability: unexport has_capability_noaudit cem
2026-06-26 15:20 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260626114533.102138-1-cem@kernel.org \
--to=cem@kernel.org \
--cc=djwong@kernel.org \
--cc=hch@lst.de \
--cc=jack@suze.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.