[PATCH v3 2/5] capability: Add new capable_noaudit

Darrick J. Wong djwong at kernel.org
Thu Jul 2 15:56:05 UTC 2026


On Thu, Jul 02, 2026 at 11:33:19AM +0200, cem at kernel.org wrote:
> From: Carlos Maiolino <cem at kernel.org>
> 
> In some situations (quota enforcement bypass in this case) we'd like to
> check for a specific capability without triggering spurious audit
> messages from security modules like selinux.
> 
> Add a new helper so we don't need to use ns_capable_noaudit() directly.
> 
> V3: remove the extern declaration
> 
> Signed-off-by: Carlos Maiolino <cmaiolino at redhat.com>
> Cc: Jan Kara <jack at suse.cz>
> Cc: Darrick J. Wong <djwong at kernel.org>
> Cc: Dave Chinner <david at fromorbit.com>
> Cc: Eric Sandeen <sandeen at redhat.com>
> Cc: Dr. Thomas Orgis" <thomas.orgis at uni-hamburg.de>
> Cc: linux-xfs at vger.kernel.org
> Cc: linux-fsdevel at vger.kernel.org
> Cc: linux-security-module at vger.kernel.org
> Cc: linux-kernel at vger.kernel.org
> Reviewed-by: Christoph Hellwig <hch at lst.de>
> Reviewed-by: Serge Hallyn <serge at hallyn.com>
> ---
>  include/linux/capability.h |  5 +++++
>  kernel/capability.c        | 17 +++++++++++++++++
>  2 files changed, 22 insertions(+)
> 
> diff --git a/include/linux/capability.h b/include/linux/capability.h
> index 37db92b3d6f8..f8532d92fcad 100644
> --- a/include/linux/capability.h
> +++ b/include/linux/capability.h
> @@ -145,6 +145,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap);
>  extern bool has_ns_capability_noaudit(struct task_struct *t,
>  				      struct user_namespace *ns, int cap);
>  extern bool capable(int cap);
> +bool capable_noaudit(int cap);
>  extern bool ns_capable(struct user_namespace *ns, int cap);
>  extern bool ns_capable_noaudit(struct user_namespace *ns, int cap);
>  extern bool ns_capable_setid(struct user_namespace *ns, int cap);
> @@ -167,6 +168,10 @@ static inline bool capable(int cap)
>  {
>  	return true;
>  }
> +static inline bool capable_noaudit(int cap)
> +{
> +	return true;
> +}
>  static inline bool ns_capable(struct user_namespace *ns, int cap)
>  {
>  	return true;
> diff --git a/kernel/capability.c b/kernel/capability.c
> index 829f49ae07b9..2c2d1e8300bd 100644
> --- a/kernel/capability.c
> +++ b/kernel/capability.c
> @@ -416,6 +416,23 @@ bool capable(int cap)
>  	return ns_capable(&init_user_ns, cap);
>  }
>  EXPORT_SYMBOL(capable);
> +
> +/**
> + * capable_noaudit - Determine if the current task has a superior
> + * capability in effect (unaudited).
> + * @cap: The capability to be tested for
> + *
> + * This is the same as capable(), except it uses CAP_OPT_NOAUDIT as to prevent
> + * issuing spurious audit messages.
> + *
> + * This sets PF_SUPERPRIV on the task if the capability is available on the
> + * assumption that it's about to be used.

Same complaint about the documentation as last time:
https://lore.kernel.org/linux-fsdevel/20260626151656.GT6078@frogsfrogsfrogs/

--D

> + */
> +bool capable_noaudit(int cap)
> +{
> +	return ns_capable_noaudit(&init_user_ns, cap);
> +}
> +EXPORT_SYMBOL(capable_noaudit);
>  #endif /* CONFIG_MULTIUSER */
>  
>  /**
> -- 
> 2.54.0
> 
> 



More information about the Linux-security-module-archive mailing list