[RFC PATCH 0/4] Introduce capable_noaudit

Next message: cem: "[RFC PATCH 1/4] capabily: Add new capable_noaudit"
Previous message: cem: "[RFC PATCH 2/4] quota: Don't issue audit messages on quota enforcing"
Next in thread: cem: "[RFC PATCH 2/4] quota: Don't issue audit messages on quota enforcing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: cem

Date: Fri Jun 26 2026 - 07:46:26 EST

From: Carlos Maiolino <cem@xxxxxxxxxx>

In some cases - filesystems quota specifically here - we'd like to check
for effective capabilities without issuing spurious audit messages and
without the need to specify a namespace for that.

This series introduce capable_noaudit() which has the same goal as
capable() but without firing audit messages.

Also, this updates both generic quota and xfs quota code to use that.

The last patch unexports has_capability_noaudit() which was originally
exported to be used in xfs but turns out it does not meet our needs.

Note this is based on top of a current series I have to remove
has_capability_noaudit() calls from xfs so the xfs patch won't
apply cleanly without that series.

If adding this helper is acceptable, I'll turn this into a non-rfc
series with the required changes to apply properly.

Comments? Flames?
Cheers

Carlos Maiolino (4):
capabily: Add new capable_noaudit
quota: Don't issue audit messages on quota enforcing
xfs: replace ns_capable_noaudit()
capability: unexport has_capability_noaudit

fs/quota/dquot.c | 2 +-
fs/xfs/xfs_trans_dquot.c | 2 +-
include/linux/capability.h | 5 +++++
kernel/capability.c | 18 +++++++++++++++++-
4 files changed, 24 insertions(+), 3 deletions(-)

--
2.54.0