diff -up cronie-1.4.11/src/security.c.selinux-user cronie-1.4.11/src/security.c
--- cronie-1.4.11/src/security.c.selinux-user	2017-03-07 13:52:23.076462218 +0100
+++ cronie-1.4.11/src/security.c	2017-03-07 14:47:32.957371610 +0100
@@ -41,8 +41,6 @@
 #ifdef WITH_SELINUX
 # include <selinux/selinux.h>
 # include <selinux/context.h>
-# include <selinux/flask.h>
-# include <selinux/av_permissions.h>
 # include <selinux/get_context_list.h>
 #endif
 
@@ -476,7 +474,9 @@ get_security_context(const char *name, i
 	security_context_t scontext = NULL;
 	security_context_t file_context = NULL;
 	security_context_t rawcontext=NULL;
-	int retval = 0;
+	context_t current_context = NULL;
+	int retval;
+	char *current_context_str = NULL;
 	char *seuser = NULL;
 	char *level = NULL;
 
@@ -490,10 +490,29 @@ get_security_context(const char *name, i
 			log_it(name, getpid(), "getseuserbyname FAILED", name, 0);
 			return (security_getenforce() > 0);
 		}
+
+		retval = get_default_context_with_level(seuser, level, NULL, &scontext);
+	}
+	else {
+		if (getcon(&current_context_str) < 0) {
+			log_it(name, getpid(), "getcon FAILED", "", 0);
+			return (security_getenforce() > 0);
+		}
+
+		current_context = context_new(current_context_str);
+		if (current_context == NULL) {
+			log_it(name, getpid(), "context_new FAILED", current_context_str, 0);
+			freecon(current_context_str);
+			return (security_getenforce() > 0);
+		}
+
+		const char *current_user = context_user_get(current_context);
+		retval = get_default_context_with_level(current_user, level, NULL, &scontext);
+
+		freecon(current_context_str);
+		context_free(current_context);
 	}
 
-	retval = get_default_context_with_level(name == NULL ? "system_u" : seuser,
-		level, NULL, &scontext);
 	if (selinux_trans_to_raw_context(scontext, &rawcontext) == 0) {
 		freecon(scontext);
 		scontext = rawcontext;