capabilities: delete all CAP_INIT macros
The CAP_INIT macros of INH, BSET, and EFF made sense at one point in time,
but now days they aren't helping. Just open code the logic in the
init_cred.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 8d0da30..04fed72 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -421,9 +421,6 @@
#endif /* _KERNEL_CAPABILITY_U32S != 2 */
-#define CAP_INIT_INH_SET CAP_EMPTY_SET
-#define CAP_INIT_EFF_SET CAP_FULL_SET
-
# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index caa151f..1f27720 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -83,13 +83,6 @@
#define INIT_IDS
#endif
-/*
- * Because of the reduced scope of CAP_SETPCAP when filesystem
- * capabilities are in effect, it is safe to allow CAP_SETPCAP to
- * be available in the default configuration.
- */
-# define CAP_INIT_BSET CAP_FULL_SET
-
#ifdef CONFIG_RCU_BOOST
#define INIT_TASK_RCU_BOOST() \
.rcu_boost_mutex = NULL,
diff --git a/kernel/cred.c b/kernel/cred.c
index 5557b55..b982f08 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -49,10 +49,10 @@
.magic = CRED_MAGIC,
#endif
.securebits = SECUREBITS_DEFAULT,
- .cap_inheritable = CAP_INIT_INH_SET,
+ .cap_inheritable = CAP_EMPTY_SET,
.cap_permitted = CAP_FULL_SET,
- .cap_effective = CAP_INIT_EFF_SET,
- .cap_bset = CAP_INIT_BSET,
+ .cap_effective = CAP_FULL_SET,
+ .cap_bset = CAP_FULL_SET,
.user = INIT_USER,
.group_info = &init_groups,
#ifdef CONFIG_KEYS