aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/commoncap.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index f20e984ccfb4..a93b3b733079 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -529,15 +529,10 @@ skip:
529 new->suid = new->fsuid = new->euid; 529 new->suid = new->fsuid = new->euid;
530 new->sgid = new->fsgid = new->egid; 530 new->sgid = new->fsgid = new->egid;
531 531
532 /* For init, we want to retain the capabilities set in the initial 532 if (effective)
533 * task. Thus we skip the usual capability rules 533 new->cap_effective = new->cap_permitted;
534 */ 534 else
535 if (!is_global_init(current)) { 535 cap_clear(new->cap_effective);
536 if (effective)
537 new->cap_effective = new->cap_permitted;
538 else
539 cap_clear(new->cap_effective);
540 }
541 bprm->cap_effective = effective; 536 bprm->cap_effective = effective;
542 537
543 /* 538 /*