2 files changed, 8 insertions, 2 deletions

diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 16838ba7ee75..213c61fa3780 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -35,6 +35,13 @@ struct linux_binprm {
 				 * false if not; except for init which inherits
 				 * its parent's caps anyway */
 		/*
+		 * True if most recent call to the commoncaps bprm_set_creds
+		 * hook (due to multiple prepare_binprm() calls from the
+		 * binfmt_script/misc handlers) resulted in elevated
+		 * privileges.
+		 */
+		cap_elevated:1,
+		/*
 		 * Set by bprm_set_creds hook to indicate a privilege-gaining
 		 * exec has happened. Used to sanitize execution environment
 		 * and to set AT_SECURE auxv for glibc.
diff --git a/include/linux/security.h b/include/linux/security.h
index b6ea1dc9cc9d..f89832ccdf55 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -85,7 +85,6 @@ extern int cap_capset(struct cred *new, const struct cred *old,
 		      const kernel_cap_t *inheritable,
 		      const kernel_cap_t *permitted);
 extern int cap_bprm_set_creds(struct linux_binprm *bprm);
-extern int cap_bprm_secureexec(struct linux_binprm *bprm);
 extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
 			      const void *value, size_t size, int flags);
 extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
@@ -543,7 +542,7 @@ static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
 
 static inline int security_bprm_secureexec(struct linux_binprm *bprm)
 {
-	return cap_bprm_secureexec(bprm);
+	return 0;
 }
 
 static inline int security_sb_alloc(struct super_block *sb)