2 files changed, 8 insertions, 6 deletions

diff --git a/security/commoncap.c b/security/commoncap.c
index 399bfdb9e2da..3976613db829 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -279,10 +279,10 @@ static int get_file_caps(struct linux_binprm *bprm)
 	struct vfs_cap_data vcaps;
 	struct inode *inode;
 
-	if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) {
-		bprm_clear_caps(bprm);
+	bprm_clear_caps(bprm);
+
+	if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)
 		return 0;
-	}
 
 	dentry = dget(bprm->file->f_dentry);
 	inode = dentry->d_inode;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index aedf02b1345a..f3c4bc12fea3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2126,14 +2126,16 @@ static inline void flush_unauthorized_files(struct files_struct *files)
 	tty = get_current_tty();
 	if (tty) {
 		file_list_lock();
-		file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
-		if (file) {
+		if (!list_empty(&tty->tty_files)) {
+			struct inode *inode;
+
 			/* Revalidate access to controlling tty.
 			   Use inode_has_perm on the tty inode directly rather
 			   than using file_has_perm, as this particular open
 			   file may belong to another process and we are only
 			   interested in the inode-based check here. */
-			struct inode *inode = file->f_path.dentry->d_inode;
+			file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
+			inode = file->f_path.dentry->d_inode;
 			if (inode_has_perm(current, inode,
 					   FILE__READ | FILE__WRITE, NULL)) {
 				drop_tty = 1;