diff options
author | Eric Paris <eparis@redhat.com> | 2011-04-01 23:08:28 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-04-04 02:31:06 +0200 |
commit | 4bf2ea77dba76a22f49db3c10773896aaeeb8f66 (patch) | |
tree | a59c1f924c022864f259ed56b6326a35ab2ceee2 /security | |
parent | capabilites: allow the application of capability limits to usermode helpers (diff) | |
download | linux-4bf2ea77dba76a22f49db3c10773896aaeeb8f66.tar.xz linux-4bf2ea77dba76a22f49db3c10773896aaeeb8f66.zip |
capabilities: do not special case exec of init
When the global init task is exec'd we have special case logic to make sure
the pE is not reduced. There is no reason for this. If init wants to drop
it's pE is should be allowed to do so. Remove this special logic.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index f20e984ccfb4..a93b3b733079 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -529,15 +529,10 @@ skip: new->suid = new->fsuid = new->euid; new->sgid = new->fsgid = new->egid; - /* For init, we want to retain the capabilities set in the initial - * task. Thus we skip the usual capability rules - */ - if (!is_global_init(current)) { - if (effective) - new->cap_effective = new->cap_permitted; - else - cap_clear(new->cap_effective); - } + if (effective) + new->cap_effective = new->cap_permitted; + else + cap_clear(new->cap_effective); bprm->cap_effective = effective; /* |