On Fri, Mar 15, 2024 at 4:19 PM Serge Hallyn <serge@xxxxxxxxxx> wrote: > On Fri, Mar 15, 2024 at 12:37:23PM +0100, Christian Göttsche wrote: > > Add the interfaces `capable_any()` and `ns_capable_any()` as an > > alternative to multiple `capable()`/`ns_capable()` calls, like > > `capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN)` instead of > > `capable(CAP_SYS_NICE) || capable(CAP_SYS_ADMIN)`. > > > > `capable_any()`/`ns_capable_any()` will in particular generate exactly > > one audit message, either for the left most capability in effect or, if > > the task has none, the first one. > > > > This is especially helpful with regard to SELinux, where each audit > > message about a not allowed capability request will create a denial > > message. Using this new wrapper with the least invasive capability as > > left most argument (e.g. CAP_SYS_NICE before CAP_SYS_ADMIN) enables > > policy writers to only grant the least invasive one for the particular > > subject instead of both. > > > > CC: linux-block@xxxxxxxxxxxxxxx > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > > Reviewed-by: Serge Hallyn <serge@xxxxxxxxxx> Looking over the patchset, I'm not seeing any strong objections from anyone, and most of the patches have ACKs/Reviewed-by tags (exceptions being the block and coccinelle patches), so I'm thinking we could probably merge the first two patches that add the basic support along with all of the subsystem patches except the two that haven't been ACKd (we can push on those later). Serge, as far as I'm concerned it's your call as this is largely a capabilities patchset. Assuming for a moment that you are still okay with these patches, are you planning to pull them into the capabilities tree and send them to Linus, or would you prefer I pull it via the LSM tree? -- paul-moore.com