Re: [PATCH] filesystems: use has_capability_noaudit interface for reserved blocks checks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 11 Nov 2008 14:12:49 -0500
Eric Paris <eparis@xxxxxxxxxx> wrote:

> ext[2,3,4], ufs, and ubifs all check for  CAP_SYS_RESOURCE to determine
> if they should allow reserved blocks to be used.  A process not having
> this capability is not failing some security decision and should not be
> audited.  Thus move to using has_capability_noaudit.
> 
> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
> ---
> 
> I would like to push this patch through the security tree (since that's
> the only place the new cap_noaudit interface exists), but I'd like to
> get an ACK from each subsystem maintainer.

OK by me.

Whoever added has_capability_noaudit() forgot to document it, so the
difference between has_capability_noaudit() and has_capability() eludes
this reader.

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux