Re: [RFC PATCH 0/4] Introduce capable_noaudit

From: Christian Brauner

Date: Thu Jul 02 2026 - 03:46:00 EST


On 2026-06-26 13:45 +0200, cem@xxxxxxxxxx wrote:
> From: Carlos Maiolino <cem@xxxxxxxxxx>
>
> In some cases - filesystems quota specifically here - we'd like to check
> for effective capabilities without issuing spurious audit messages and
> without the need to specify a namespace for that.
>
> This series introduce capable_noaudit() which has the same goal as
> capable() but without firing audit messages.
>
> Also, this updates both generic quota and xfs quota code to use that.
>
> The last patch unexports has_capability_noaudit() which was originally
> exported to be used in xfs but turns out it does not meet our needs.
>
> Note this is based on top of a current series I have to remove
> has_capability_noaudit() calls from xfs so the xfs patch won't
> apply cleanly without that series.
>
> If adding this helper is acceptable, I'll turn this into a non-rfc
> series with the required changes to apply properly.
>
> Comments? Flames?

Convert more, please.