[RFC PATCH 0/4] Introduce capable_noaudit

Carlos Maiolino cem at kernel.org
Thu Jul 2 08:35:20 UTC 2026


On Thu, Jul 02, 2026 at 09:41:39AM +0200, Christian Brauner wrote:
> On 2026-06-26 13:45 +0200, cem at kernel.org wrote:
> > From: Carlos Maiolino <cem at kernel.org>
> > 
> > In some cases - filesystems quota specifically here - we'd like to check
> > for effective capabilities without issuing spurious audit messages and
> > without the need to specify a namespace for that.
> > 
> > This series introduce capable_noaudit() which has the same goal as
> > capable() but without firing audit messages.
> > 
> > Also, this updates both generic quota and xfs quota code to use that.
> > 
> > The last patch unexports has_capability_noaudit() which was originally
> > exported to be used in xfs but turns out it does not meet our needs.
> > 
> > Note this is based on top of a current series I have to remove
> > has_capability_noaudit() calls from xfs so the xfs patch won't
> > apply cleanly without that series.
> > 
> > If adding this helper is acceptable, I'll turn this into a non-rfc
> > series with the required changes to apply properly.
> > 
> > Comments? Flames?
> 
> Convert more, please.
> 

Convert what? :) more callers from capable() to capable_noaudit()?



More information about the Linux-security-module-archive mailing list