f2fs: avoid selinux denial on CAP_SYS_RESOURCE

This fixes CAP_SYS_RESOURCE denial of selinux when using resgid, since it seems selinux reports it at the first place, but mostly we don't need to check this condition first. Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
author: Jaegeuk Kim <jaegeuk@kernel.org> 2018-03-08 20:47:33 -0800
committer: Jaegeuk Kim <jaegeuk@kernel.org> 2018-04-08 03:51:09 -0700
commit: 6c6611223a79ead8030efbe3443f870c0f11540f (patch)
tree: 7375f0c77160be308705ebf966f9f885612d1cb5
parent: 076a6f32fe5d2d8c43f44e625c67d796eeb8f1ed (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index e3bfecf7852b..3e05162bbeb7 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -1671,13 +1671,13 @@ static inline bool __allow_reserved_blocks(struct f2fs_sb_info *sbi,
 		return false;
 	if (IS_NOQUOTA(inode))
 		return true;
-	if (capable(CAP_SYS_RESOURCE))
-		return true;
 	if (uid_eq(sbi->s_resuid, current_fsuid()))
 		return true;
 	if (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) &&
 					in_group_p(sbi->s_resgid))
 		return true;
+	if (capable(CAP_SYS_RESOURCE))
+		return true;
 	return false;
 }
author	Jaegeuk Kim <jaegeuk@kernel.org>	2018-03-08 20:47:33 -0800
committer	Jaegeuk Kim <jaegeuk@kernel.org>	2018-04-08 03:51:09 -0700
commit	6c6611223a79ead8030efbe3443f870c0f11540f (patch)
tree	7375f0c77160be308705ebf966f9f885612d1cb5
parent	076a6f32fe5d2d8c43f44e625c67d796eeb8f1ed (diff)