All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Christoph Hellwig <hch@lst.de>
Cc: cem@kernel.org, linux-fsdevel@vger.kernel.org, jack@suze.cz,
	djwong@kernel.org, serge@hallyn.com,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-xfs@vger.kernel.org
Subject: Re: [RFC PATCH 1/4] capabily: Add new capable_noaudit
Date: Mon, 29 Jun 2026 08:49:26 -0500	[thread overview]
Message-ID: <akJ35qliH+npZ3iv@mail.hallyn.com> (raw)
In-Reply-To: <20260629122939.GA21958@lst.de>

On Mon, Jun 29, 2026 at 02:29:39PM +0200, Christoph Hellwig wrote:
> On Fri, Jun 26, 2026 at 01:45:20PM +0200, cem@kernel.org wrote:
> > +extern bool capable_noaudit(int cap);
> 
> No need for the extern.
> 
> Otherwise this does look nice an clean to me:
> 
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> 
> But if the security folks don't like we can live with the more
> verbose version of it I guess.

Honestly I'm ok either way.  If people misunderstand the shortcut,
and ove-ruse it, that's safer than the other way.  The one that
scare me more is ns_capable(&current_user_ns, X).  I need to do an
audit of the current users of that.

So I'm happy to put

Reviewed-by: Serge Hallyn <serge@hallyn.com>

on the set.

  reply	other threads:[~2026-06-29 13:49 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-26 11:45 [RFC PATCH 0/4] Introduce capable_noaudit cem
2026-06-26 11:45 ` [RFC PATCH 1/4] capabily: Add new capable_noaudit cem
2026-06-26 15:16   ` Darrick J. Wong
2026-06-26 15:31   ` Paul Moore
2026-06-26 17:46     ` Serge E. Hallyn
2026-06-29 12:29   ` Christoph Hellwig
2026-06-29 13:49     ` Serge E. Hallyn [this message]
2026-07-02  7:53     ` Carlos Maiolino
2026-06-26 11:45 ` [RFC PATCH 2/4] quota: Don't issue audit messages on quota enforcing cem
2026-06-26 15:18   ` Darrick J. Wong
2026-06-29 12:30   ` Christoph Hellwig
2026-06-26 11:45 ` [RFC PATCH 3/4] xfs: replace ns_capable_noaudit() cem
2026-06-26 15:19   ` Darrick J. Wong
2026-06-29 12:30     ` Christoph Hellwig
2026-06-29 12:30   ` Christoph Hellwig
2026-06-26 11:45 ` [RFC PATCH 4/4] capability: unexport has_capability_noaudit cem
2026-06-26 15:20   ` Darrick J. Wong
2026-06-29 12:31     ` Christoph Hellwig
2026-06-29 12:31   ` Christoph Hellwig
2026-07-02  7:41 ` [RFC PATCH 0/4] Introduce capable_noaudit Christian Brauner
2026-07-02  8:35   ` Carlos Maiolino
2026-07-02 13:47     ` Christian Brauner
2026-07-02 14:51       ` Carlos Maiolino

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=akJ35qliH+npZ3iv@mail.hallyn.com \
    --to=serge@hallyn.com \
    --cc=cem@kernel.org \
    --cc=djwong@kernel.org \
    --cc=hch@lst.de \
    --cc=jack@suze.cz \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.