All of lore.kernel.org
 help / color / mirror / Atom feed
From: cem@kernel.org
To: cem@kernel.org
Cc: Jan Kara <jack@suse.cz>, "Serge E. Hallyn" <serge@hallyn.com>,
	Dave Chinner <david@fromorbit.com>,
	Eric Sandeen <sandeen@redhat.com>,
	linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	"Darrick J. Wong" <djwong@kernel.org>,
	Christoph Hellwig <hch@lst.de>
Subject: [PATCH v3 3/5] quota: Don't issue audit messages on quota enforcing
Date: Thu,  2 Jul 2026 11:33:21 +0200	[thread overview]
Message-ID: <20260702093324.127450-7-cem@kernel.org> (raw)
In-Reply-To: <20260702093324.127450-1-cem@kernel.org>

From: Carlos Maiolino <cem@kernel.org>

Calling capable() to determine if we can bypass quota enforcement or not
can trigger spurious audit messages. We don't really require it here so
just use the capable_noaudit() version.

Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Serge E. Hallyn <serge@hallyn.com>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Eric Sandeen <sandeen@redhat.com>
Cc: Dr. Thomas Orgis" <thomas.orgis@uni-hamburg.de>
Cc: linux-xfs@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
---
 fs/quota/dquot.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index 9850de3955d3..dab93422a57b 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -1308,7 +1308,7 @@ static int ignore_hardlimit(struct dquot *dquot)
 {
 	struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
 
-	return capable(CAP_SYS_RESOURCE) &&
+	return capable_noaudit(CAP_SYS_RESOURCE) &&
 	       (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD ||
 		!(info->dqi_flags & DQF_ROOT_SQUASH));
 }
-- 
2.54.0


  parent reply	other threads:[~2026-07-02  9:37 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-02  9:33 [PATCH v3 0/5] Fix quota evasion on xfs and add capable_noaudit cem
2026-07-02  9:33 ` [PATCH v3 1/5] xfs: fix capability check in xfs cem
2026-07-02 10:30   ` Christoph Hellwig
2026-07-02 11:17     ` Carlos Maiolino
2026-07-02 11:24       ` Christoph Hellwig
2026-07-02 12:11         ` Carlos Maiolino
2026-07-02 12:24         ` Carlos Maiolino
2026-07-02  9:33 ` [PATCH v3 2/5] capability: Add new capable_noaudit cem
2026-07-02 15:56   ` Darrick J. Wong
2026-07-02  9:33 ` cem [this message]
2026-07-02 10:56   ` [PATCH v3 3/5] quota: Don't issue audit messages on quota enforcing Jan Kara
2026-07-02  9:33 ` [PATCH v3 4/5] xfs: replace ns_capable_noaudit cem
2026-07-02 15:58   ` Darrick J. Wong
2026-07-02  9:33 ` [PATCH v3 5/5] capability: unexport has_capability_noaudit cem

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260702093324.127450-7-cem@kernel.org \
    --to=cem@kernel.org \
    --cc=david@fromorbit.com \
    --cc=djwong@kernel.org \
    --cc=hch@lst.de \
    --cc=jack@suse.cz \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=sandeen@redhat.com \
    --cc=serge@hallyn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.