linux-2.6-810-ext4-cap-check-delay.patch

   1 Safer version of upstream commit a996031c87e093017c0763326a08896a3a4817f4
   2
   3 Delay capable() checks to avoid (most) AVC denials when checking free blocks
   4 (Bug 478299 -  AVC denials on kernel 2.6.27.9-159.fc10.x86_64)
   5
   6 Signed-off-by: Eric Sandeen <sandeen@redhat.com>
   7 ---
   8
   9 Index: linux-2.6.27.y/fs/ext4/balloc.c
  10 ===================================================================
  11 --- linux-2.6.27.y.orig/fs/ext4/balloc.c
  12 +++ linux-2.6.27.y/fs/ext4/balloc.c
  13 @@ -1770,15 +1770,15 @@ out:
  14  ext4_fsblk_t ext4_has_free_blocks(struct ext4_sb_info *sbi,
  15                                                 ext4_fsblk_t nblocks)
  16  {
  17 -       ext4_fsblk_t free_blocks;
  18 -       ext4_fsblk_t root_blocks = 0;
  19 +       ext4_fsblk_t free_blocks, root_blocks;
  20
  21         free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
  22 +       root_blocks = ext4_r_blocks_count(sbi->s_es);
  23
  24 -       if (!capable(CAP_SYS_RESOURCE) &&
  25 -               sbi->s_resuid != current->fsuid &&
  26 -               (sbi->s_resgid == 0 || !in_group_p(sbi->s_resgid)))
  27 -               root_blocks = ext4_r_blocks_count(sbi->s_es);
  28 +       if (sbi->s_resuid == current->fsuid ||
  29 +           ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
  30 +           capable(CAP_SYS_RESOURCE))
  31 +               root_blocks = 0;
  32  #ifdef CONFIG_SMP
  33         if (free_blocks - root_blocks < FBC_BATCH)
  34                 free_blocks =