From: "Darrick J. Wong" <djwong@kernel.org>
To: cem@kernel.org
Cc: linux-fsdevel@vger.kernel.org, jack@suze.cz, hch@lst.de,
serge@hallyn.com, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-xfs@vger.kernel.org
Subject: Re: [RFC PATCH 2/4] quota: Don't issue audit messages on quota enforcing
Date: Fri, 26 Jun 2026 08:18:25 -0700 [thread overview]
Message-ID: <20260626151825.GU6078@frogsfrogsfrogs> (raw)
In-Reply-To: <20260626114533.102138-3-cem@kernel.org>
On Fri, Jun 26, 2026 at 01:45:21PM +0200, cem@kernel.org wrote:
> From: Carlos Maiolino <cem@kernel.org>
>
> Calling capable() to determine if we can bypass quota enforcement or not
> can trigger spurious audit messages. We don't really require it here so
> just use the capable_noaudit() version.
>
> Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
> ---
> fs/quota/dquot.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
> index 64cf42721496..1122a29215f7 100644
> --- a/fs/quota/dquot.c
> +++ b/fs/quota/dquot.c
> @@ -1308,7 +1308,7 @@ static int ignore_hardlimit(struct dquot *dquot)
> {
> struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
>
> - return capable(CAP_SYS_RESOURCE) &&
> + return capable_noaudit(CAP_SYS_RESOURCE) &&
Yeah, we're just checking if we're going to enforce hardlimits, not
actually denying something based on lack of capability. For all we know
the user is well under their disk quota limit.
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
--D
> (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD ||
> !(info->dqi_flags & DQF_ROOT_SQUASH));
> }
> --
> 2.54.0
>
>
next prev parent reply other threads:[~2026-06-26 15:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-26 11:45 [RFC PATCH 0/4] Introduce capable_noaudit cem
2026-06-26 11:45 ` [RFC PATCH 1/4] capabily: Add new capable_noaudit cem
2026-06-26 15:16 ` Darrick J. Wong
2026-06-26 15:31 ` Paul Moore
2026-06-26 17:46 ` Serge E. Hallyn
2026-06-26 11:45 ` [RFC PATCH 2/4] quota: Don't issue audit messages on quota enforcing cem
2026-06-26 15:18 ` Darrick J. Wong [this message]
2026-06-26 11:45 ` [RFC PATCH 3/4] xfs: replace ns_capable_noaudit() cem
2026-06-26 15:19 ` Darrick J. Wong
2026-06-26 11:45 ` [RFC PATCH 4/4] capability: unexport has_capability_noaudit cem
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260626151825.GU6078@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=cem@kernel.org \
--cc=hch@lst.de \
--cc=jack@suze.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox