Linux Security Modules development
 help / color / mirror / Atom feed
From: "Darrick J. Wong" <djwong@kernel.org>
To: cem@kernel.org
Cc: Jan Kara <jack@suse.cz>, Christoph Hellwig <hch@lst.de>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Dave Chinner <david@fromorbit.com>,
	Eric Sandeen <sandeen@redhat.com>,
	linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 4/5] xfs: replace ns_capable_noaudit
Date: Thu, 2 Jul 2026 08:58:56 -0700	[thread overview]
Message-ID: <20260702155856.GF9392@frogsfrogsfrogs> (raw)
In-Reply-To: <20260702093324.127450-9-cem@kernel.org>

On Thu, Jul 02, 2026 at 11:33:23AM +0200, cem@kernel.org wrote:
> From: Carlos Maiolino <cem@kernel.org>
> 
> Now that capable_noaudit() is available, we don't need to keep
> using ns_capable_noaudit() and specifying the usernaspace every single
> time.
> 
> Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
> Cc: Jan Kara <jack@suse.cz>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Serge E. Hallyn <serge@hallyn.com>
> Cc: Darrick J. Wong <djwong@kernel.org>
> Cc: Dave Chinner <david@fromorbit.com>
> Cc: Eric Sandeen <sandeen@redhat.com>
> Cc: Dr. Thomas Orgis" <thomas.orgis@uni-hamburg.de>
> Cc: linux-xfs@vger.kernel.org
> Cc: linux-fsdevel@vger.kernel.org
> Cc: linux-security-module@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> ---
>  fs/xfs/xfs_fsmap.c | 3 +--
>  fs/xfs/xfs_ioctl.c | 2 +-
>  fs/xfs/xfs_iops.c  | 2 +-
>  3 files changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/xfs/xfs_fsmap.c b/fs/xfs/xfs_fsmap.c
> index 7c79fbe0a74c..041bb2105ec6 100644
> --- a/fs/xfs/xfs_fsmap.c
> +++ b/fs/xfs/xfs_fsmap.c
> @@ -1174,8 +1174,7 @@ xfs_getfsmap(
>  	if (!xfs_getfsmap_check_keys(&head->fmh_keys[0], &head->fmh_keys[1]))
>  		return -EINVAL;
>  
> -	use_rmap = xfs_has_rmapbt(mp) &&
> -		   ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
> +	use_rmap = xfs_has_rmapbt(mp) && capable_noaudit(CAP_SYS_ADMIN);
>  	head->fmh_entries = 0;
>  
>  	/* Set up our device handlers. */
> diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
> index 1a8af827dde1..374b488f0416 100644
> --- a/fs/xfs/xfs_ioctl.c
> +++ b/fs/xfs/xfs_ioctl.c
> @@ -647,7 +647,7 @@ xfs_ioctl_setattr_get_trans(
>  		goto out_error;
>  
>  	error = xfs_trans_alloc_ichange(ip, NULL, NULL, pdqp,
> -			ns_capable_noaudit(&init_user_ns, CAP_FOWNER), &tp);
> +					capable_noaudit(CAP_FOWNER), &tp);

Not sure why the indentation changed, otherwise the patch looks fine to
me.

--D

>  	if (error)
>  		goto out_error;
>  
> diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
> index 205fe2dae732..ce9f8b8468fc 100644
> --- a/fs/xfs/xfs_iops.c
> +++ b/fs/xfs/xfs_iops.c
> @@ -835,7 +835,7 @@ xfs_setattr_nonsize(
>  	}
>  
>  	error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL,
> -					ns_capable_noaudit(&init_user_ns, CAP_FOWNER),
> +					capable_noaudit(CAP_FOWNER),
>  					&tp);
>  	if (error)
>  		goto out_dqrele;
> -- 
> 2.54.0
> 
> 

  reply	other threads:[~2026-07-02 15:58 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-02  9:33 [PATCH v3 0/5] Fix quota evasion on xfs and add capable_noaudit cem
2026-07-02  9:33 ` [PATCH v3 1/5] xfs: fix capability check in xfs cem
2026-07-02 10:30   ` Christoph Hellwig
2026-07-02 11:17     ` Carlos Maiolino
2026-07-02 11:24       ` Christoph Hellwig
2026-07-02 12:11         ` Carlos Maiolino
2026-07-02 12:24         ` Carlos Maiolino
2026-07-02  9:33 ` [PATCH v3 2/5] capability: Add new capable_noaudit cem
2026-07-02 15:56   ` Darrick J. Wong
2026-07-02  9:33 ` [PATCH v3 3/5] quota: Don't issue audit messages on quota enforcing cem
2026-07-02 10:56   ` Jan Kara
2026-07-02  9:33 ` [PATCH v3 4/5] xfs: replace ns_capable_noaudit cem
2026-07-02 15:58   ` Darrick J. Wong [this message]
2026-07-02  9:33 ` [PATCH v3 5/5] capability: unexport has_capability_noaudit cem

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260702155856.GF9392@frogsfrogsfrogs \
    --to=djwong@kernel.org \
    --cc=cem@kernel.org \
    --cc=david@fromorbit.com \
    --cc=hch@lst.de \
    --cc=jack@suse.cz \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=sandeen@redhat.com \
    --cc=serge@hallyn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox