capabilities: do not special case exec of init

[~andy/linux] / security / commoncap.c

diff --git a/security/commoncap.c b/security/commoncap.c
index f20e984ccfb459c141222f51791f4b5a3fcab6a9..a93b3b73307991c69738bc0dab712e56330ba932 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -529,15 +529,10 @@ skip:
        new->suid = new->fsuid = new->euid;
        new->sgid = new->fsgid = new->egid;
 
-       /* For init, we want to retain the capabilities set in the initial
-        * task.  Thus we skip the usual capability rules
-        */
-       if (!is_global_init(current)) {
-               if (effective)
-                       new->cap_effective = new->cap_permitted;
-               else
-                       cap_clear(new->cap_effective);
-       }
+       if (effective)
+               new->cap_effective = new->cap_permitted;
+       else
+               cap_clear(new->cap_effective);
        bprm->cap_effective = effective;
 
        /*