capabilities: delete all CAP_INIT macros
The CAP_INIT macros of INH, BSET, and EFF made sense at one point in time, but now days they aren't helping. Just open code the logic in the init_cred. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
5163b583a0
commit
a3232d2fa2
3 changed files with 3 additions and 13 deletions
|
@ -421,9 +421,6 @@ extern const kernel_cap_t __cap_init_eff_set;
|
|||
|
||||
#endif /* _KERNEL_CAPABILITY_U32S != 2 */
|
||||
|
||||
#define CAP_INIT_INH_SET CAP_EMPTY_SET
|
||||
#define CAP_INIT_EFF_SET CAP_FULL_SET
|
||||
|
||||
# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
|
||||
|
||||
#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
|
||||
|
|
|
@ -83,13 +83,6 @@ extern struct group_info init_groups;
|
|||
#define INIT_IDS
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Because of the reduced scope of CAP_SETPCAP when filesystem
|
||||
* capabilities are in effect, it is safe to allow CAP_SETPCAP to
|
||||
* be available in the default configuration.
|
||||
*/
|
||||
# define CAP_INIT_BSET CAP_FULL_SET
|
||||
|
||||
#ifdef CONFIG_RCU_BOOST
|
||||
#define INIT_TASK_RCU_BOOST() \
|
||||
.rcu_boost_mutex = NULL,
|
||||
|
|
|
@ -49,10 +49,10 @@ struct cred init_cred = {
|
|||
.magic = CRED_MAGIC,
|
||||
#endif
|
||||
.securebits = SECUREBITS_DEFAULT,
|
||||
.cap_inheritable = CAP_INIT_INH_SET,
|
||||
.cap_inheritable = CAP_EMPTY_SET,
|
||||
.cap_permitted = CAP_FULL_SET,
|
||||
.cap_effective = CAP_INIT_EFF_SET,
|
||||
.cap_bset = CAP_INIT_BSET,
|
||||
.cap_effective = CAP_FULL_SET,
|
||||
.cap_bset = CAP_FULL_SET,
|
||||
.user = INIT_USER,
|
||||
.group_info = &init_groups,
|
||||
#ifdef CONFIG_KEYS
|
||||
|
|
Loading…
Reference in a new issue