diff options
| author | Eric Paris <eparis@redhat.com> | 2011-04-01 17:08:45 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-04-03 20:31:16 -0400 |
| commit | a3232d2fa2e3cbab3e76d91cdae5890fee8a4034 (patch) | |
| tree | de02161b885ceb58b2c807ac6e0a721aabd3470b | |
| parent | 5163b583a036b103c3cec7171d6731c125773ed6 (diff) | |
capabilities: delete all CAP_INIT macros
The CAP_INIT macros of INH, BSET, and EFF made sense at one point in time,
but now days they aren't helping. Just open code the logic in the
init_cred.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
| -rw-r--r-- | include/linux/capability.h | 3 | ||||
| -rw-r--r-- | include/linux/init_task.h | 7 | ||||
| -rw-r--r-- | kernel/cred.c | 6 |
3 files changed, 3 insertions, 13 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h index 8d0da30dad23..04fed72809de 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h | |||
| @@ -421,9 +421,6 @@ extern const kernel_cap_t __cap_init_eff_set; | |||
| 421 | 421 | ||
| 422 | #endif /* _KERNEL_CAPABILITY_U32S != 2 */ | 422 | #endif /* _KERNEL_CAPABILITY_U32S != 2 */ |
| 423 | 423 | ||
| 424 | #define CAP_INIT_INH_SET CAP_EMPTY_SET | ||
| 425 | #define CAP_INIT_EFF_SET CAP_FULL_SET | ||
| 426 | |||
| 427 | # define cap_clear(c) do { (c) = __cap_empty_set; } while (0) | 424 | # define cap_clear(c) do { (c) = __cap_empty_set; } while (0) |
| 428 | 425 | ||
| 429 | #define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag)) | 426 | #define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag)) |
diff --git a/include/linux/init_task.h b/include/linux/init_task.h index caa151fbebb7..1f277204de34 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h | |||
| @@ -83,13 +83,6 @@ extern struct group_info init_groups; | |||
| 83 | #define INIT_IDS | 83 | #define INIT_IDS |
| 84 | #endif | 84 | #endif |
| 85 | 85 | ||
| 86 | /* | ||
| 87 | * Because of the reduced scope of CAP_SETPCAP when filesystem | ||
| 88 | * capabilities are in effect, it is safe to allow CAP_SETPCAP to | ||
| 89 | * be available in the default configuration. | ||
| 90 | */ | ||
| 91 | # define CAP_INIT_BSET CAP_FULL_SET | ||
| 92 | |||
| 93 | #ifdef CONFIG_RCU_BOOST | 86 | #ifdef CONFIG_RCU_BOOST |
| 94 | #define INIT_TASK_RCU_BOOST() \ | 87 | #define INIT_TASK_RCU_BOOST() \ |
| 95 | .rcu_boost_mutex = NULL, | 88 | .rcu_boost_mutex = NULL, |
diff --git a/kernel/cred.c b/kernel/cred.c index 5557b55048df..b982f0863ae9 100644 --- a/kernel/cred.c +++ b/kernel/cred.c | |||
| @@ -49,10 +49,10 @@ struct cred init_cred = { | |||
| 49 | .magic = CRED_MAGIC, | 49 | .magic = CRED_MAGIC, |
| 50 | #endif | 50 | #endif |
| 51 | .securebits = SECUREBITS_DEFAULT, | 51 | .securebits = SECUREBITS_DEFAULT, |
| 52 | .cap_inheritable = CAP_INIT_INH_SET, | 52 | .cap_inheritable = CAP_EMPTY_SET, |
| 53 | .cap_permitted = CAP_FULL_SET, | 53 | .cap_permitted = CAP_FULL_SET, |
| 54 | .cap_effective = CAP_INIT_EFF_SET, | 54 | .cap_effective = CAP_FULL_SET, |
| 55 | .cap_bset = CAP_INIT_BSET, | 55 | .cap_bset = CAP_FULL_SET, |
| 56 | .user = INIT_USER, | 56 | .user = INIT_USER, |
| 57 | .group_info = &init_groups, | 57 | .group_info = &init_groups, |
| 58 | #ifdef CONFIG_KEYS | 58 | #ifdef CONFIG_KEYS |