| Message ID | Y5dKudhCyAktI/8E@do-x1extreme (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [GIT,PULL] xattr audit fix for v6.2 | expand |
The pull request you sent on Mon, 12 Dec 2022 09:37:29 -0600:
> git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.xattr.simple.noaudit.v6.2
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/07d7a4d6961a221af7023d08c89da8ed12fa7dda
Thank you!
Hi Linus, /* Summary */ This is a single patch to remove auditing of the capability check in simple_xattr_list(). This check is done to check whether trusted xattrs should be included by listxattr(2). SELinux will normally log a denial when capable() is called and the task's SELinux context doesn't have the corresponding capability permission allowed, which can end up spamming the log. Since a failed check here cannot be used to infer malicious intent, auditing is of no real value, and it makes sense to stop auditing the capability check. /* Testing */ The patch is based off of 6.1-rc4 and has been sitting in linux-next. No build failures or warnings were observed and fstests, selftests, and LTP show no regressions. /* Conflicts */ At the time of creating this PR no merge conflicts were reported from linux-next. A test merge with current mainline also showed no conflicts. The following changes since commit f0c4d9fc9cc9462659728d168387191387e903cc: Linux 6.1-rc4 (2022-11-06 15:07:11 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.xattr.simple.noaudit.v6.2 for you to fetch changes up to e7eda157c4071cd1e69f4b1687b0fbe1ae5e6f46: fs: don't audit the capability check in simple_xattr_list() (2022-11-07 16:55:45 +0100) Please consider pulling these changes from the signed fs.xattr.simple.noaudit.v6.2. Thanks! Seth ---------------------------------------------------------------- fs.xattr.simple.noaudit.v6.2 ---------------------------------------------------------------- Ondrej Mosnacek (1): fs: don't audit the capability check in simple_xattr_list() fs/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)