1 Safer version of upstream commit a996031c87e093017c0763326a08896a3a4817f4
3 Delay capable() checks to avoid (most) AVC denials when checking free blocks
4 (Bug 478299 - AVC denials on kernel 2.6.27.9-159.fc10.x86_64)
6 Signed-off-by: Eric Sandeen <sandeen@redhat.com>
9 Index: linux-2.6.27.y/fs/ext4/balloc.c
10 ===================================================================
11 --- linux-2.6.27.y.orig/fs/ext4/balloc.c
12 +++ linux-2.6.27.y/fs/ext4/balloc.c
13 @@ -1770,15 +1770,15 @@ out:
14 ext4_fsblk_t ext4_has_free_blocks(struct ext4_sb_info *sbi,
17 - ext4_fsblk_t free_blocks;
18 - ext4_fsblk_t root_blocks = 0;
19 + ext4_fsblk_t free_blocks, root_blocks;
21 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
22 + root_blocks = ext4_r_blocks_count(sbi->s_es);
24 - if (!capable(CAP_SYS_RESOURCE) &&
25 - sbi->s_resuid != current->fsuid &&
26 - (sbi->s_resgid == 0 || !in_group_p(sbi->s_resgid)))
27 - root_blocks = ext4_r_blocks_count(sbi->s_es);
28 + if (sbi->s_resuid == current->fsuid ||
29 + ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
30 + capable(CAP_SYS_RESOURCE))
33 if (free_blocks - root_blocks < FBC_BATCH)