diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index f20e984ccfb4..a93b3b733079 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -529,15 +529,10 @@ skip: | |||
529 | new->suid = new->fsuid = new->euid; | 529 | new->suid = new->fsuid = new->euid; |
530 | new->sgid = new->fsgid = new->egid; | 530 | new->sgid = new->fsgid = new->egid; |
531 | 531 | ||
532 | /* For init, we want to retain the capabilities set in the initial | 532 | if (effective) |
533 | * task. Thus we skip the usual capability rules | 533 | new->cap_effective = new->cap_permitted; |
534 | */ | 534 | else |
535 | if (!is_global_init(current)) { | 535 | cap_clear(new->cap_effective); |
536 | if (effective) | ||
537 | new->cap_effective = new->cap_permitted; | ||
538 | else | ||
539 | cap_clear(new->cap_effective); | ||
540 | } | ||
541 | bprm->cap_effective = effective; | 536 | bprm->cap_effective = effective; |
542 | 537 | ||
543 | /* | 538 | /* |