rpm/rpm-4.13.0-selinux--permissive-scriptlets.patch

41 lines
1009 B
Diff
Raw Normal View History

From 0d214a17e412bffa00cfede2d884f02ac78b8434 Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Mon, 12 Oct 2015 12:47:45 +0200
Subject: [PATCH] Permit scriptlet exec context setting to fail in
non-enforcing modes
for new code path, too.
See also 9c082fb8689efdaa5a595d3043e67ccec4ed930c
---
plugins/selinux.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/plugins/selinux.c b/plugins/selinux.c
index ea6853b..2751815 100644
--- a/plugins/selinux.c
+++ b/plugins/selinux.c
@@ -134,9 +134,6 @@ exit:
freecon(fcon);
freecon(mycon);
- /* If selinux is not enforcing, we don't care either */
- if (rc && security_getenforce() < 1)
- rc = RPMRC_OK;
#else
if (sehandle == NULL)
return RPMRC_OK;
@@ -149,6 +146,9 @@ exit:
path, (xx < 0 ? strerror(errno) : ""));
}
#endif
+ /* If selinux is not enforcing, we don't care either */
+ if (rc && security_getenforce() < 1)
+ rc = RPMRC_OK;
return rc;
}
--
2.1.0