From afbe0c7d6d6bfe7b59a2b38f941616c911ca607d Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Jan 21 2019 19:47:07 +0000
Subject: libselinux-2.8-6


- selinux_restorecon: Skip customized files also without -v
- Do not dereference symlink with statfs in selinux_restorecon

---

diff --git a/libselinux-fedora.patch b/libselinux-fedora.patch
index 072e5c9..3930377 100644
--- a/libselinux-fedora.patch
+++ b/libselinux-fedora.patch
@@ -373,7 +373,7 @@ index 292728f..b06cb63 100644
  
  	for (i = 0; i < NEL; i++)
 diff --git libselinux-2.8/src/selinux_restorecon.c libselinux-2.8/src/selinux_restorecon.c
-index ced4115..8714a70 100644
+index ced4115..1e9a978 100644
 --- libselinux-2.8/src/selinux_restorecon.c
 +++ libselinux-2.8/src/selinux_restorecon.c
 @@ -350,12 +350,19 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
@@ -398,6 +398,16 @@ index ced4115..8714a70 100644
  
  	new_entry->result = digest_result;
  
+@@ -671,8 +678,8 @@ static int restorecon_sb(const char *pathname, const struct stat *sb,
+ 				selinux_log(SELINUX_INFO,
+ 				 "%s not reset as customized by admin to %s\n",
+ 							    pathname, curcon);
+-				goto out;
+ 			}
++			goto out;
+ 		}
+ 
+ 		if (!flags->set_specctx && curcon) {
 @@ -849,6 +856,7 @@ int selinux_restorecon(const char *pathname_orig,
  
  	if (lstat(pathname, &sb) < 0) {
@@ -406,6 +416,15 @@ index ced4115..8714a70 100644
  			free(pathdnamer);
  			free(pathname);
  			return 0;
+@@ -880,7 +888,7 @@ int selinux_restorecon(const char *pathname_orig,
+ 		setrestoreconlast = false;
+ 
+ 	/* Ignore restoreconlast on in-memory filesystems */
+-	if (statfs(pathname, &sfsb) == 0) {
++	if (setrestoreconlast && statfs(pathname, &sfsb) == 0) {
+ 		if (sfsb.f_type == RAMFS_MAGIC || sfsb.f_type == TMPFS_MAGIC)
+ 			setrestoreconlast = false;
+ 	}
 diff --git libselinux-2.8/src/setfilecon.c libselinux-2.8/src/setfilecon.c
 index d05969c..3f0200e 100644
 --- libselinux-2.8/src/setfilecon.c
diff --git a/libselinux.spec b/libselinux.spec
index a7980c8..156a041 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -4,7 +4,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.8
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: Public Domain
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libselinux-2.8.tar.gz
@@ -14,7 +14,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.8 ./make-fedora-selinux-patch.sh libselinux
-# HEAD https://github.com/fedora-selinux/selinux/commit/decd49caec76a87817686f84716503151cf2be5d
+# HEAD https://github.com/fedora-selinux/selinux/commit/10767636b5d9b8f3fa3cf3815e860f4ca4fcb247
 Patch1: libselinux-fedora.patch
 BuildRequires: gcc
 BuildRequires: python2 python2-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
@@ -229,6 +229,10 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{ruby_vendorarchdir}/selinux.so
 
 %changelog
+* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-6
+- selinux_restorecon: Skip customized files also without -v
+- Do not dereference symlink with statfs in selinux_restorecon
+
 * Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
 - Fix RESOURCE_LEAK coverity scan defects