Index: libselinux/include/selinux/selinux.h =================================================================== RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/include/selinux/selinux.h,v retrieving revision 1.50 diff -u -p -r1.50 selinux.h --- libselinux/include/selinux/selinux.h 7 Nov 2005 19:30:36 -0000 1.50 +++ libselinux/include/selinux/selinux.h 8 Nov 2005 19:04:31 -0000 @@ -292,6 +292,7 @@ extern void set_matchpathcon_canoncon(in /* Set flags controlling operation of matchpathcon_init or matchpathcon. */ #define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ +#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ extern void set_matchpathcon_flags(unsigned int flags); /* Load the file contexts configuration specified by 'path' Index: libselinux/src/matchpathcon.c =================================================================== RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/matchpathcon.c,v retrieving revision 1.32 diff -u -p -r1.32 matchpathcon.c --- libselinux/src/matchpathcon.c 7 Nov 2005 19:30:37 -0000 1.32 +++ libselinux/src/matchpathcon.c 8 Nov 2005 19:08:05 -0000 @@ -570,6 +570,10 @@ static int process_line( const char *pat skip_type: if (strcmp(context, "<>")) { char *tmpcon = NULL; + + if (myflags & MATCHPATHCON_NOTRANS) + goto skip_trans; + if (context_translations) { if (raw_to_trans_context(context, &tmpcon)) { myprintf("%s: line %u has invalid " @@ -584,6 +588,7 @@ static int process_line( const char *pat return -1; } +skip_trans: if (myinvalidcon) { /* Old-style validation of context. */ if (myinvalidcon(path, lineno, context)) Index: policycoreutils/setfiles/setfiles.c =================================================================== RCS file: /nfshome/pal/CVS/selinux-usr/policycoreutils/setfiles/setfiles.c,v retrieving revision 1.38 diff -u -p -r1.38 setfiles.c --- policycoreutils/setfiles/setfiles.c 7 Nov 2005 19:31:55 -0000 1.38 +++ policycoreutils/setfiles/setfiles.c 8 Nov 2005 19:12:31 -0000 @@ -388,13 +388,7 @@ int canoncon(const char *path, unsigned int valid = 1; if (policyfile) { - char *raw; - if (selinux_trans_to_raw_context(context, &raw)) - valid = 0; - if (valid) { - valid = (sepol_check_context (raw) >= 0); - freecon(raw); - } + valid = (sepol_check_context (context) >= 0); } else if (security_canonicalize_context(context, &tmpcon) < 0) { if (errno != ENOENT) { valid = 0; @@ -447,8 +441,9 @@ int main(int argc, char **argv) fclose(policystream); /* Only process the specified file_contexts file, not - any .homedirs or .local files. */ - set_matchpathcon_flags(MATCHPATHCON_BASEONLY); + any .homedirs or .local files, and do not perform + context translations. */ + set_matchpathcon_flags(MATCHPATHCON_BASEONLY|MATCHPATHCON_NOTRANS); break; }