Current limitation in Sysvinit


Sysvinit cannot deal directly with kernel security context, such as standard Linux ACLs. So even that small level of security features are not available by default in non-patched Linux systems

There are patches for:
Sysvinit (set inheritable set to all)
Kernel (change init inheritable set directly)

Debian currently does not have any of those patches. Sysvinit should be able to set the inheritable ACL set to something specified by the user