1 files changed, 7 insertions, 6 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e6b1b7410321..0c2ac318aa7f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -28,7 +28,8 @@
 #include <linux/kernel.h>
 #include <linux/tracehook.h>
 #include <linux/errno.h>
-#include <linux/sched.h>
+#include <linux/sched/signal.h>
+#include <linux/sched/task.h>
 #include <linux/lsm_hooks.h>
 #include <linux/xattr.h>
 #include <linux/capability.h>
@@ -480,12 +481,13 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
                 sbsec->behavior == SECURITY_FS_USE_NATIVE ||
                 /* Special handling. Genfs but also in-core setxattr handler */
                 !strcmp(sb->s_type->name, "sysfs") ||
-                !strcmp(sb->s_type->name, "cgroup") ||
-                !strcmp(sb->s_type->name, "cgroup2") ||
                 !strcmp(sb->s_type->name, "pstore") ||
                 !strcmp(sb->s_type->name, "debugfs") ||
                 !strcmp(sb->s_type->name, "tracefs") ||
-                !strcmp(sb->s_type->name, "rootfs");
+                !strcmp(sb->s_type->name, "rootfs") ||
+                (selinux_policycap_cgroupseclabel &&
+                 (!strcmp(sb->s_type->name, "cgroup") ||
+                  !strcmp(sb->s_type->name, "cgroup2")));
 }
 
 static int sb_finish_set_opts(struct super_block *sb)
@@ -2399,8 +2401,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
 
                 /* Make sure that anyone attempting to ptrace over a task that
                  * changes its SID has the appropriate permit */
-                if (bprm->unsafe &
-                    (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
+                if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
                         u32 ptsid = ptrace_parent_sid();
                         if (ptsid != 0) {
                                 rc = avc_has_perm(ptsid, new_tsec->sid,