capabilities: delete all CAP_INIT macros

The CAP_INIT macros of INH, BSET, and EFF made sense at one point in time, but now days they aren't helping. Just open code the logic in the init_cred. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>

capabilities: delete all CAP_INIT macros
The CAP_INIT macros of INH, BSET, and EFF made sense at one point in time, but now days they aren't helping. Just open code the logic in the init_cred. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Eric Paris · James Morris
1 parent 5163b583a0
Showing 3 changed files with 3 additions and 13 deletions Side-by-side Diff
include/linux/capability.h
include/linux/init_task.h
kernel/cred.c
@@ -421,9 +421,6 @@
  
 #endif /* _KERNEL_CAPABILITY_U32S != 2 */
  
-#define CAP_INIT_INH_SET    CAP_EMPTY_SET
-#define CAP_INIT_EFF_SET    CAP_FULL_SET
-
 # define cap_clear(c)         do { (c) = __cap_empty_set; } while (0)
  
 #define cap_raise(c, flag)  ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
@@ -83,13 +83,6 @@
 #define INIT_IDS
 #endif
  
-/*
- * Because of the reduced scope of CAP_SETPCAP when filesystem
- * capabilities are in effect, it is safe to allow CAP_SETPCAP to
- * be available in the default configuration.
- */
-# define CAP_INIT_BSET  CAP_FULL_SET
-
 #ifdef CONFIG_RCU_BOOST
 #define INIT_TASK_RCU_BOOST()						\
 	.rcu_boost_mutex = NULL,
@@ -49,10 +49,10 @@
 	.magic			= CRED_MAGIC,
 #endif
 	.securebits		= SECUREBITS_DEFAULT,
-	.cap_inheritable	= CAP_INIT_INH_SET,
+	.cap_inheritable	= CAP_EMPTY_SET,
 	.cap_permitted		= CAP_FULL_SET,
-	.cap_effective		= CAP_INIT_EFF_SET,
-	.cap_bset		= CAP_INIT_BSET,
+	.cap_effective		= CAP_FULL_SET,
+	.cap_bset		= CAP_FULL_SET,
 	.user			= INIT_USER,
 	.group_info		= &init_groups,
 #ifdef CONFIG_KEYS
...	...	@@ -421,9 +421,6 @@
421	421
422	422	#endif /* _KERNEL_CAPABILITY_U32S != 2 */
423	423
424		-#define CAP_INIT_INH_SET CAP_EMPTY_SET
425		-#define CAP_INIT_EFF_SET CAP_FULL_SET
426		-
427	424	# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
428	425
429	426	#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] \|= CAP_TO_MASK(flag))
...	...	@@ -83,13 +83,6 @@
83	83	#define INIT_IDS
84	84	#endif
85	85
86		-/*
87		- * Because of the reduced scope of CAP_SETPCAP when filesystem
88		- * capabilities are in effect, it is safe to allow CAP_SETPCAP to
89		- * be available in the default configuration.
90		- */
91		-# define CAP_INIT_BSET CAP_FULL_SET
92		-
93	86	#ifdef CONFIG_RCU_BOOST
94	87	#define INIT_TASK_RCU_BOOST() \
95	88	.rcu_boost_mutex = NULL,
...	...	@@ -49,10 +49,10 @@
49	49	.magic = CRED_MAGIC,
50	50	#endif
51	51	.securebits = SECUREBITS_DEFAULT,
52		- .cap_inheritable = CAP_INIT_INH_SET,
	52	+ .cap_inheritable = CAP_EMPTY_SET,
53	53	.cap_permitted = CAP_FULL_SET,
54		- .cap_effective = CAP_INIT_EFF_SET,
55		- .cap_bset = CAP_INIT_BSET,
	54	+ .cap_effective = CAP_FULL_SET,
	55	+ .cap_bset = CAP_FULL_SET,
56	56	.user = INIT_USER,
57	57	.group_info = &init_groups,
58	58	#ifdef CONFIG_KEYS