[PATCH RESEND] xfs: don't generate selinux audit messages for capability testing

Eric Sandeen sandeen at sandeen.net
Thu Mar 3 17:21:00 UTC 2022


On 2/28/22 8:50 PM, Darrick J. Wong wrote:
> From: Darrick J. Wong <djwong at kernel.org>
> 
> There are a few places where we test the current process' capability set
> to decide if we're going to be more or less generous with resource
> acquisition for a system call.  If the process doesn't have the
> capability, we can continue the call, albeit in a degraded mode.
> 
> These are /not/ the actual security decisions, so it's not proper to use
> capable(), which (in certain selinux setups) causes audit messages to
> get logged.  Switch them to has_capability_noaudit.
> 
> Signed-off-by: Darrick J. Wong <djwong at kernel.org>
> Cc: Ondrej Mosnacek <omosnace at redhat.com>
> Cc: Dave Chinner <david at fromorbit.com>

Thanks Darrick. This looks technically correct to me as well.

You might want to add a:

Fixes: 7317a03df703f ("xfs: refactor inode ownership change transaction/inode/quota allocation idiom")

because I /think/ that's the commit that moved the capable() checks out
from under quota tests, and made the problem more visible.

And maybe:

Fixes: ea9a46e1c4925 ("xfs: only return detailed fsmap info if the caller has CAP_SYS_ADMIN")

as well?

It's not strictly fixing the former; AFAICT the problem existed when quota was
enabled already, so I'll leave all that to your discretion.

Reviewed-by: Eric Sandeen <sandeen at redhat.com>

Thanks,
-Eric



More information about the Linux-security-module-archive mailing list