selinux: Allow init exec ksud under nosuid

ethicalfighter56 · Nov 12, 2024 · 13f75ba · 13f75ba
1 parent 5961ddb
commit 13f75ba
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
@@ -2430,12 +2430,17 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
 			    const struct task_security_struct *old_tsec,
 			    const struct task_security_struct *new_tsec)
 {
+#ifdef CONFIG_KSU
 	static u32 ksu_sid;
 	char *secdata;
+#endif
 	int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
 	int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
-	int rc,error;
+	int rc;
+#ifdef CONFIG_KSU
+	int error;
 	u32 seclen;
+#endif
 	u32 av;
 
 	if (!nnp && !nosuid)
@@ -2444,6 +2449,7 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
 	if (new_tsec->sid == old_tsec->sid)
 		return 0; /* No change in credentials */
 
+#ifdef CONFIG_KSU
 	if(!ksu_sid){
 		security_secctx_to_secid("u:r:su:s0", strlen("u:r:su:s0"), &ksu_sid);
 	}
@@ -2455,6 +2461,7 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
 			return 0;
 		}
 	}
+#endif
 
 	/*
 	 * If the policy enables the nnp_nosuid_transition policy capability,