Commit 66f6e9ab authored by Darrick J. Wong's avatar Darrick J. Wong Committed by Zheng Zengkai
Browse files

xfs: don't generate selinux audit messages for capability testing 

mainline inclusion
from mainline-v5.16-rc3
commit eba0549b
category: bugfix
bugzilla: 187526,https://gitee.com/openeuler/kernel/issues/I4KIAO

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eba0549bc7d100691c13384b774346b8aa9cf9a9



--------------------------------

There are a few places where we test the current process' capability set
to decide if we're going to be more or less generous with resource
acquisition for a system call.  If the process doesn't have the
capability, we can continue the call, albeit in a degraded mode.

These are /not/ the actual security decisions, so it's not proper to use
capable(), which (in certain selinux setups) causes audit messages to
get logged.  Switch them to has_capability_noaudit.

Fixes: 7317a03d ("xfs: refactor inode ownership change transaction/inode/quota allocation idiom")
Fixes: ea9a46e1 ("xfs: only return detailed fsmap info if the caller has CAP_SYS_ADMIN")
Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
Cc: Dave Chinner <david@fromorbit.com>
Reviewed-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
Signed-off-by: default avatarGuo Xuenan <guoxuenan@huawei.com>

Conflicts:
	fs/xfs/xfs_fsmap.c
Reviewed-by: default avatarZhang Yi <yi.zhang@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 7ba028af
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment