From 610584a4f1120a517558b35efacea21270a3df29 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 17 Sep 2018 14:31:33 +0200
Subject: [PATCH] libsemanage-2.8-5

- Include user name in ROLE_REMOVE audit events
---
 libsemanage-fedora.patch | 28 ++++++++++++++++++++++++++++
 libsemanage.spec         |  9 ++++++---
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/libsemanage-fedora.patch b/libsemanage-fedora.patch
index a2969bb..f96dce8 100644
--- a/libsemanage-fedora.patch
+++ b/libsemanage-fedora.patch
@@ -156,3 +156,31 @@ index f1984c5..58dded6 100644
  	return 0;
  
        cleanup:
+diff --git libsemanage-2.8/src/seusers_local.c libsemanage-2.8/src/seusers_local.c
+index 413ebdd..a79e2d3 100644
+--- libsemanage-2.8/src/seusers_local.c
++++ libsemanage-2.8/src/seusers_local.c
+@@ -71,17 +71,18 @@ static int semanage_seuser_audit(semanage_handle_t * handle,
+ 	const char *sep = "-";
+ 	int rc = -1;
+ 	strcpy(msg, "login");
++	if (previous) {
++		name = semanage_seuser_get_name(previous);
++		psename = semanage_seuser_get_sename(previous);
++		pmls = semanage_seuser_get_mlsrange(previous);
++		proles = semanage_user_roles(handle, psename);
++	}
+ 	if (seuser) {
+ 		name = semanage_seuser_get_name(seuser);
+ 		sename = semanage_seuser_get_sename(seuser);
+ 		mls = semanage_seuser_get_mlsrange(seuser);
+ 		roles = semanage_user_roles(handle, sename);
+ 	}
+-	if (previous) {
+-		psename = semanage_seuser_get_sename(previous);
+-		pmls = semanage_seuser_get_mlsrange(previous);
+-		proles = semanage_user_roles(handle, psename);
+-	}
+ 	if (audit_type != AUDIT_ROLE_REMOVE) {
+ 		if (sename && (!psename || strcmp(psename, sename) != 0)) {
+ 			strcat(msg,sep);
diff --git a/libsemanage.spec b/libsemanage.spec
index b8b24dd..582998f 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -4,14 +4,14 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
 Version: 2.8
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: LGPLv2+
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libsemanage-2.8.tar.gz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.8 ./make-fedora-selinux-patch.sh libsemanage
-# HEAD https://github.com/fedora-selinux/selinux/commit/db1433d3b785eadb4eecf5c82430d57c92855a35
-# Patch1: libsemanage-fedora.patch
+# HEAD https://github.com/fedora-selinux/selinux/commit/23336180581f2ea967f7b3999969013e5917718c
+Patch1: libsemanage-fedora.patch
 URL: https://github.com/SELinuxProject/selinux/wiki
 Source1: semanage.conf
 
@@ -179,6 +179,9 @@ sed -i '1s%\(#! */usr/bin/python\)\([^3].*\|\)$%\13\2%' %{buildroot}%{_libexecdi
 %{_libexecdir}/selinux/semanage_migrate_store
 
 %changelog
+* Mon Sep 17 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
+- Include user name in ROLE_REMOVE audit events
+
 * Tue Sep  4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4
 - Reset umask before creating directories (#1186422)