1 files changed, 13 insertions, 0 deletions
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index f42663eaf655..1f74e1d7415f 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -121,6 +121,18 @@ extern struct group_info init_groups;
 #else
 #define INIT_IDS
 #endif
+#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
+/*
+ * Because of the reduced scope of CAP_SETPCAP when filesystem
+ * capabilities are in effect, it is safe to allow CAP_SETPCAP to
+ * be available in the default configuration.
+ */
+# define CAP_INIT_BSET  CAP_FULL_SET
+#else
+# define CAP_INIT_BSET  CAP_INIT_EFF_SET
+#endif
 /*
 *  INIT_TASK is used to set up the first task table, touch at
 * your own risk!. Base=0, limit=0x1fffff (=2MB)
@@ -156,6 +168,7 @@ extern struct group_info init_groups;
        .cap_effective  = CAP_INIT_EFF_SET,                             \
        .cap_inheritable = CAP_INIT_INH_SET,                            \
        .cap_permitted  = CAP_FULL_SET,                                 \
+        .cap_bset       = CAP_INIT_BSET,                                \
        .keep_capabilities = 0,                                         \
        .user           = INIT_USER,                                    \
        .comm           = "swapper",                                    \

diff --git a/include/linux/init_task.h b/include/linux/init_task.h index f42663eaf655..1f74e1d7415f 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h
@@ -121,6 +121,18 @@ extern struct group_info init_groups;
121	#else	121	#else
122	#define INIT_IDS	122	#define INIT_IDS
123	#endif	123	#endif
		124
		125	#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
		126	/*
		127	* Because of the reduced scope of CAP_SETPCAP when filesystem
		128	* capabilities are in effect, it is safe to allow CAP_SETPCAP to
		129	* be available in the default configuration.
		130	*/
		131	# define CAP_INIT_BSET CAP_FULL_SET
		132	#else
		133	# define CAP_INIT_BSET CAP_INIT_EFF_SET
		134	#endif
		135
124	/*	136	/*
125	* INIT_TASK is used to set up the first task table, touch at	137	* INIT_TASK is used to set up the first task table, touch at
126	* your own risk!. Base=0, limit=0x1fffff (=2MB)	138	* your own risk!. Base=0, limit=0x1fffff (=2MB)
@@ -156,6 +168,7 @@ extern struct group_info init_groups;
156	.cap_effective = CAP_INIT_EFF_SET, \	168	.cap_effective = CAP_INIT_EFF_SET, \
157	.cap_inheritable = CAP_INIT_INH_SET, \	169	.cap_inheritable = CAP_INIT_INH_SET, \
158	.cap_permitted = CAP_FULL_SET, \	170	.cap_permitted = CAP_FULL_SET, \
		171	.cap_bset = CAP_INIT_BSET, \
159	.keep_capabilities = 0, \	172	.keep_capabilities = 0, \
160	.user = INIT_USER, \	173	.user = INIT_USER, \
161	.comm = "swapper", \	174	.comm = "swapper", \