From 159f7d2174908b753fce65d054f2f3b946c99301 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Jul 27 2010 17:50:51 +0000
Subject: - Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list


---

diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 5ab85b9..069e5b6 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -153,6 +153,44 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
  	va_start(ap, fmt);
  	rc = vfprintf(stderr, fmt, ap);
  	va_end(ap);
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/get_context_list.c libselinux-2.0.96/src/get_context_list.c
+--- nsalibselinux/src/get_context_list.c	2010-05-19 14:45:51.000000000 -0400
++++ libselinux-2.0.96/src/get_context_list.c	2010-07-27 13:09:08.000000000 -0400
+@@ -286,7 +286,6 @@
+ 	if (buf[plen - 1] == '\n')
+ 		buf[plen - 1] = 0;
+ 
+-      retry:
+ 	nlen = strlen(user) + 1 + plen + 1;
+ 	*newcon = malloc(nlen);
+ 	if (!(*newcon))
+@@ -306,10 +305,6 @@
+ 	if (security_check_context(*newcon) && errno != ENOENT) {
+ 		free(*newcon);
+ 		*newcon = 0;
+-		if (strcmp(user, SELINUX_DEFAULTUSER)) {
+-			user = SELINUX_DEFAULTUSER;
+-			goto retry;
+-		}
+ 		return -1;
+ 	}
+ 
+@@ -418,13 +413,8 @@
+ 
+ 	/* Determine the set of reachable contexts for the user. */
+ 	rc = security_compute_user(fromcon, user, &reachable);
+-	if (rc < 0) {
+-		/* Retry with the default SELinux user identity. */
+-		user = SELINUX_DEFAULTUSER;
+-		rc = security_compute_user(fromcon, user, &reachable);
+-		if (rc < 0)
+-			goto failsafe;
+-	}
++	if (rc < 0)
++		goto failsafe;
+ 	nreach = 0;
+ 	for (ptr = reachable; *ptr; ptr++)
+ 		nreach++;
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.96/src/Makefile
 --- nsalibselinux/src/Makefile	2010-05-19 14:45:51.000000000 -0400
 +++ libselinux-2.0.96/src/Makefile	2010-06-16 09:20:39.000000000 -0400
@@ -211,7 +249,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.9
  install-rubywrap: rubywrap
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.96/src/matchpathcon.c
 --- nsalibselinux/src/matchpathcon.c	2010-05-19 14:45:51.000000000 -0400
-+++ libselinux-2.0.96/src/matchpathcon.c	2010-06-16 09:20:34.000000000 -0400
++++ libselinux-2.0.96/src/matchpathcon.c	2010-07-26 14:55:18.000000000 -0400
 @@ -2,6 +2,7 @@
  #include <string.h>
  #include <errno.h>
diff --git a/libselinux.spec b/libselinux.spec
index 0bc0902..6b6008a 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -7,7 +7,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.0.96
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
@@ -230,6 +230,9 @@ exit 0
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Tue Jul 27 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-4
+- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
+
 * Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.96-3
 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild