[RFC PATCH 0/4] Introduce capable_noaudit
Christian Brauner
brauner at kernel.org
Thu Jul 2 07:41:39 UTC 2026
On 2026-06-26 13:45 +0200, cem at kernel.org wrote:
> From: Carlos Maiolino <cem at kernel.org>
>
> In some cases - filesystems quota specifically here - we'd like to check
> for effective capabilities without issuing spurious audit messages and
> without the need to specify a namespace for that.
>
> This series introduce capable_noaudit() which has the same goal as
> capable() but without firing audit messages.
>
> Also, this updates both generic quota and xfs quota code to use that.
>
> The last patch unexports has_capability_noaudit() which was originally
> exported to be used in xfs but turns out it does not meet our needs.
>
> Note this is based on top of a current series I have to remove
> has_capability_noaudit() calls from xfs so the xfs patch won't
> apply cleanly without that series.
>
> If adding this helper is acceptable, I'll turn this into a non-rfc
> series with the required changes to apply properly.
>
> Comments? Flames?
Convert more, please.
More information about the Linux-security-module-archive
mailing list