[PATCH v3 2/5] capability: Add new capable_noaudit
Darrick J. Wong
djwong at kernel.org
Thu Jul 2 15:56:05 UTC 2026
On Thu, Jul 02, 2026 at 11:33:19AM +0200, cem at kernel.org wrote:
> From: Carlos Maiolino <cem at kernel.org>
>
> In some situations (quota enforcement bypass in this case) we'd like to
> check for a specific capability without triggering spurious audit
> messages from security modules like selinux.
>
> Add a new helper so we don't need to use ns_capable_noaudit() directly.
>
> V3: remove the extern declaration
>
> Signed-off-by: Carlos Maiolino <cmaiolino at redhat.com>
> Cc: Jan Kara <jack at suse.cz>
> Cc: Darrick J. Wong <djwong at kernel.org>
> Cc: Dave Chinner <david at fromorbit.com>
> Cc: Eric Sandeen <sandeen at redhat.com>
> Cc: Dr. Thomas Orgis" <thomas.orgis at uni-hamburg.de>
> Cc: linux-xfs at vger.kernel.org
> Cc: linux-fsdevel at vger.kernel.org
> Cc: linux-security-module at vger.kernel.org
> Cc: linux-kernel at vger.kernel.org
> Reviewed-by: Christoph Hellwig <hch at lst.de>
> Reviewed-by: Serge Hallyn <serge at hallyn.com>
> ---
> include/linux/capability.h | 5 +++++
> kernel/capability.c | 17 +++++++++++++++++
> 2 files changed, 22 insertions(+)
>
> diff --git a/include/linux/capability.h b/include/linux/capability.h
> index 37db92b3d6f8..f8532d92fcad 100644
> --- a/include/linux/capability.h
> +++ b/include/linux/capability.h
> @@ -145,6 +145,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap);
> extern bool has_ns_capability_noaudit(struct task_struct *t,
> struct user_namespace *ns, int cap);
> extern bool capable(int cap);
> +bool capable_noaudit(int cap);
> extern bool ns_capable(struct user_namespace *ns, int cap);
> extern bool ns_capable_noaudit(struct user_namespace *ns, int cap);
> extern bool ns_capable_setid(struct user_namespace *ns, int cap);
> @@ -167,6 +168,10 @@ static inline bool capable(int cap)
> {
> return true;
> }
> +static inline bool capable_noaudit(int cap)
> +{
> + return true;
> +}
> static inline bool ns_capable(struct user_namespace *ns, int cap)
> {
> return true;
> diff --git a/kernel/capability.c b/kernel/capability.c
> index 829f49ae07b9..2c2d1e8300bd 100644
> --- a/kernel/capability.c
> +++ b/kernel/capability.c
> @@ -416,6 +416,23 @@ bool capable(int cap)
> return ns_capable(&init_user_ns, cap);
> }
> EXPORT_SYMBOL(capable);
> +
> +/**
> + * capable_noaudit - Determine if the current task has a superior
> + * capability in effect (unaudited).
> + * @cap: The capability to be tested for
> + *
> + * This is the same as capable(), except it uses CAP_OPT_NOAUDIT as to prevent
> + * issuing spurious audit messages.
> + *
> + * This sets PF_SUPERPRIV on the task if the capability is available on the
> + * assumption that it's about to be used.
Same complaint about the documentation as last time:
https://lore.kernel.org/linux-fsdevel/20260626151656.GT6078@frogsfrogsfrogs/
--D
> + */
> +bool capable_noaudit(int cap)
> +{
> + return ns_capable_noaudit(&init_user_ns, cap);
> +}
> +EXPORT_SYMBOL(capable_noaudit);
> #endif /* CONFIG_MULTIUSER */
>
> /**
> --
> 2.54.0
>
>
More information about the Linux-security-module-archive
mailing list