base/SOURCES/cronie-1.4.11-selinux-user....

diff -up cronie-1.4.11/src/security.c.selinux-user cronie-1.4.11/src/security.c
--- cronie-1.4.11/src/security.c.selinux-user	2017-03-07 13:52:23.076462218 +0100
+++ cronie-1.4.11/src/security.c	2017-03-07 14:47:32.957371610 +0100
@@ -41,8 +41,6 @@
 #ifdef WITH_SELINUX
 # include <selinux/selinux.h>
 # include <selinux/context.h>
-# include <selinux/flask.h>
-# include <selinux/av_permissions.h>
 # include <selinux/get_context_list.h>
 #endif
 
@@ -476,7 +474,9 @@ get_security_context(const char *name, i
 	security_context_t scontext = NULL;
 	security_context_t file_context = NULL;
 	security_context_t rawcontext=NULL;
-	int retval = 0;
+	context_t current_context = NULL;
+	int retval;
+	char *current_context_str = NULL;
 	char *seuser = NULL;
 	char *level = NULL;
 
@@ -490,10 +490,29 @@ get_security_context(const char *name, i
 			log_it(name, getpid(), "getseuserbyname FAILED", name, 0);
 			return (security_getenforce() > 0);
 		}
+
+		retval = get_default_context_with_level(seuser, level, NULL, &scontext);
+	}
+	else {
+		if (getcon(&current_context_str) < 0) {
+			log_it(name, getpid(), "getcon FAILED", "", 0);
+			return (security_getenforce() > 0);
+		}
+
+		current_context = context_new(current_context_str);
+		if (current_context == NULL) {
+			log_it(name, getpid(), "context_new FAILED", current_context_str, 0);
+			freecon(current_context_str);
+			return (security_getenforce() > 0);
+		}
+
+		const char *current_user = context_user_get(current_context);
+		retval = get_default_context_with_level(current_user, level, NULL, &scontext);
+
+		freecon(current_context_str);
+		context_free(current_context);
 	}
 
-	retval = get_default_context_with_level(name == NULL ? "system_u" : seuser,
-		level, NULL, &scontext);
 	if (selinux_trans_to_raw_context(scontext, &rawcontext) == 0) {
 		freecon(scontext);
 		scontext = rawcontext;
cronie package update Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org> 6 years ago			`diff -up cronie-1.4.11/src/security.c.selinux-user cronie-1.4.11/src/security.c`
			`--- cronie-1.4.11/src/security.c.selinux-user 2017-03-07 13:52:23.076462218 +0100`
			`+++ cronie-1.4.11/src/security.c 2017-03-07 14:47:32.957371610 +0100`
			`@@ -41,8 +41,6 @@`
			`#ifdef WITH_SELINUX`
			`# include <selinux/selinux.h>`
			`# include <selinux/context.h>`
			`-# include <selinux/flask.h>`
			`-# include <selinux/av_permissions.h>`
			`# include <selinux/get_context_list.h>`
			`#endif`

			`@@ -476,7 +474,9 @@ get_security_context(const char *name, i`
			`security_context_t scontext = NULL;`
			`security_context_t file_context = NULL;`
			`security_context_t rawcontext=NULL;`
			`- int retval = 0;`
			`+ context_t current_context = NULL;`
			`+ int retval;`
			`+ char *current_context_str = NULL;`
			`char *seuser = NULL;`
			`char *level = NULL;`

			`@@ -490,10 +490,29 @@ get_security_context(const char *name, i`
			`log_it(name, getpid(), "getseuserbyname FAILED", name, 0);`
			`return (security_getenforce() > 0);`
			`}`
			`+`
			`+ retval = get_default_context_with_level(seuser, level, NULL, &scontext);`
			`+ }`
			`+ else {`
			`+ if (getcon(&current_context_str) < 0) {`
			`+ log_it(name, getpid(), "getcon FAILED", "", 0);`
			`+ return (security_getenforce() > 0);`
			`+ }`
			`+`
			`+ current_context = context_new(current_context_str);`
			`+ if (current_context == NULL) {`
			`+ log_it(name, getpid(), "context_new FAILED", current_context_str, 0);`
			`+ freecon(current_context_str);`
			`+ return (security_getenforce() > 0);`
			`+ }`
			`+`
			`+ const char *current_user = context_user_get(current_context);`
			`+ retval = get_default_context_with_level(current_user, level, NULL, &scontext);`
			`+`
			`+ freecon(current_context_str);`
			`+ context_free(current_context);`
			`}`

			`- retval = get_default_context_with_level(name == NULL ? "system_u" : seuser,`
			`- level, NULL, &scontext);`
			`if (selinux_trans_to_raw_context(scontext, &rawcontext) == 0) {`
			`freecon(scontext);`
			`scontext = rawcontext;`