forked from Minki/linux
xfs: don't generate selinux audit messages for capability testing
There are a few places where we test the current process' capability set to decide if we're going to be more or less generous with resource acquisition for a system call. If the process doesn't have the capability, we can continue the call, albeit in a degraded mode. These are /not/ the actual security decisions, so it's not proper to use capable(), which (in certain selinux setups) causes audit messages to get logged. Switch them to has_capability_noaudit. Fixes:7317a03df7
("xfs: refactor inode ownership change transaction/inode/quota allocation idiom") Fixes:ea9a46e1c4
("xfs: only return detailed fsmap info if the caller has CAP_SYS_ADMIN") Signed-off-by: Darrick J. Wong <djwong@kernel.org> Cc: Dave Chinner <david@fromorbit.com> Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com>
This commit is contained in:
parent
1a39ae415c
commit
eba0549bc7
@ -864,8 +864,8 @@ xfs_getfsmap(
|
||||
!xfs_getfsmap_is_valid_device(mp, &head->fmh_keys[1]))
|
||||
return -EINVAL;
|
||||
|
||||
use_rmap = capable(CAP_SYS_ADMIN) &&
|
||||
xfs_has_rmapbt(mp);
|
||||
use_rmap = xfs_has_rmapbt(mp) &&
|
||||
has_capability_noaudit(current, CAP_SYS_ADMIN);
|
||||
head->fmh_entries = 0;
|
||||
|
||||
/* Set up our device handlers. */
|
||||
|
@ -1189,7 +1189,7 @@ xfs_ioctl_setattr_get_trans(
|
||||
goto out_error;
|
||||
|
||||
error = xfs_trans_alloc_ichange(ip, NULL, NULL, pdqp,
|
||||
capable(CAP_FOWNER), &tp);
|
||||
has_capability_noaudit(current, CAP_FOWNER), &tp);
|
||||
if (error)
|
||||
goto out_error;
|
||||
|
||||
|
@ -723,7 +723,7 @@ xfs_setattr_nonsize(
|
||||
}
|
||||
|
||||
error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL,
|
||||
capable(CAP_FOWNER), &tp);
|
||||
has_capability_noaudit(current, CAP_FOWNER), &tp);
|
||||
if (error)
|
||||
goto out_dqrele;
|
||||
|
||||
|
@ -360,6 +360,7 @@ bool has_capability_noaudit(struct task_struct *t, int cap)
|
||||
{
|
||||
return has_ns_capability_noaudit(t, &init_user_ns, cap);
|
||||
}
|
||||
EXPORT_SYMBOL(has_capability_noaudit);
|
||||
|
||||
static bool ns_capable_common(struct user_namespace *ns,
|
||||
int cap,
|
||||
|
Loading…
Reference in New Issue
Block a user