Apply libselinux patch to handle large groups in seusers.

libselinux-rhat.patch

@@ -317,3 +317,48 @@ index 5914afa..df83b30 100644
  	va_end(ap);
  }
  
+diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c
+index fc75cb6..b653cad 100644
+--- a/libselinux/src/seusers.c
++++ b/libselinux/src/seusers.c
+@@ -5,6 +5,7 @@
+ #include <stdio.h>
+ #include <stdio_ext.h>
+ #include <ctype.h>
++#include <errno.h>
+ #include <selinux/selinux.h>
+ #include <selinux/context.h>
+ #include "selinux_internal.h"
+@@ -118,13 +119,26 @@ static int check_group(const char *group, const char *name, const gid_t gid) {
+ 	long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+ 	if (rbuflen <= 0)
+ 		return 0;
+-	char *rbuf = malloc(rbuflen);
+-	if (rbuf == NULL)
+-		return 0;
++	char *rbuf;
+ 
+-	if (getgrnam_r(group, &gbuf, rbuf, rbuflen, 
+-		       &grent) != 0)
+-		goto done;
++	while(1) {
++		rbuf = malloc(rbuflen);
++		if (rbuf == NULL)
++			return 0;
++		int retval = getgrnam_r(group, &gbuf, rbuf, 
++				rbuflen, &grent);
++		if ( retval == ERANGE )
++		{
++			free(rbuf);
++			rbuflen = rbuflen * 2;
++		} else if ( retval != 0 || grent == NULL )
++		{
++			goto done;
++		} else
++		{
++			break;
++		}
++	}
+ 
+ 	if (getgrouplist(name, gid, NULL, &ng) < 0) {
+ 		groups = (gid_t *) malloc(sizeof (gid_t) * ng);

libselinux.spec

@@ -7,7 +7,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.6
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -231,6 +231,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Mon Oct 24 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-4
+- Apply libselinux patch to handle large groups in seusers.
+
 * Wed Oct 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-3
 - Add selinux_check_access function. Needed for passwd, chfn, chsh