Safer version of upstream commit a996031c87e093017c0763326a08896a3a4817f4

Delay capable() checks to avoid (most) AVC denials when checking free blocks
(Bug 478299 -  AVC denials on kernel 2.6.27.9-159.fc10.x86_64)

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---

Index: linux-2.6.27.y/fs/ext4/balloc.c
===================================================================
--- linux-2.6.27.y.orig/fs/ext4/balloc.c
+++ linux-2.6.27.y/fs/ext4/balloc.c
@@ -1770,15 +1770,15 @@ out:
 ext4_fsblk_t ext4_has_free_blocks(struct ext4_sb_info *sbi,
 						ext4_fsblk_t nblocks)
 {
-	ext4_fsblk_t free_blocks;
-	ext4_fsblk_t root_blocks = 0;
+	ext4_fsblk_t free_blocks, root_blocks;
 
 	free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
+	root_blocks = ext4_r_blocks_count(sbi->s_es);
 
-	if (!capable(CAP_SYS_RESOURCE) &&
-		sbi->s_resuid != current->fsuid &&
-		(sbi->s_resgid == 0 || !in_group_p(sbi->s_resgid)))
-		root_blocks = ext4_r_blocks_count(sbi->s_es);
+	if (sbi->s_resuid == current->fsuid ||
+	    ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
+	    capable(CAP_SYS_RESOURCE))
+		root_blocks = 0;
 #ifdef CONFIG_SMP
 	if (free_blocks - root_blocks < FBC_BATCH)
 		free_blocks =