On Fri, Aug 10, 2018 at 9:09 AM Darrick J. Wong <darrick.wong@xxxxxxxxxx> wrote:
>
> IOWs, are there security policies where CAP_SYS_ADMIN isn't a "get
> access to everything" wildcard? I imagine the answer is "yes" and
> therefore xfs needs the call, but I thought I'd ask first.
I think the answer is "no", at least for filesystems where it allows
you to just remount the filesystem entirely.
These reports are from some automated logic that doesn't take "some
capabilities are more equal than others" into account.
Linus
