[PATCH 0/2] fanotify: avid some premature LSM checks
Ondrej Mosnacek
omosnace at redhat.com
Wed Feb 18 12:36:18 UTC 2026
On Tue, Feb 17, 2026 at 12:09 PM Jan Kara <jack at suse.cz> wrote:
>
> On Mon 16-02-26 16:06:23, Ondrej Mosnacek wrote:
> > Restructure some of the validity and security checks in
> > fs/notify/fanotify/fanotify_user.c to avoid generating LSM access
> > denials in the audit log where hey shouldn't be.
> >
> > Ondrej Mosnacek (2):
> > fanotify: avoid/silence premature LSM capability checks
> > fanotify: call fanotify_events_supported() before path_permission()
> > and security_path_notify()
> >
> > fs/notify/fanotify/fanotify_user.c | 50 ++++++++++++++----------------
> > 1 file changed, 23 insertions(+), 27 deletions(-)
>
> The series looks good to me as well. Thanks! I'll commit the series to my
> tree once the merge window closes and fixup the comment formatting on
> commit. No need to resend.
Great, thanks!
--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
More information about the Linux-security-module-archive
mailing list