From d0c63cc60490f6a1b4354e7c9e777c63b23fba31 Mon Sep 17 00:00:00 2001
From: mmaslano <mmaslano@redhat.com>
Date: Fri, 17 Aug 2007 15:10:36 +0200
Subject: [PATCH] Selinux: Instead of getting context and then the username is

used function getuserbyname.
---
 user.c | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/user.c b/user.c
index 923cca8..d8d41c0 100644
--- a/user.c
+++ b/user.c
@@ -44,15 +44,26 @@ static	int get_security_context(const char *name,
 	security_context_t  file_context=NULL;
 	struct av_decision avd;
 	int retval=0;
+	char *seuser=NULL;
+	char *level=NULL;
 	*rcontext = NULL;
-	if (get_default_context(name, NULL, &scontext)) {
-		if (security_getenforce() > 0) {
-			log_it(name, getpid(), "No SELinux security context",tabname);
-			return -1;
-		} else {
-			log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
-			return 0;
+
+	if (getseuserbyname(name, &seuser, &level) == 0) {
+		retval=get_default_context_with_level(seuser, level, NULL, &scontext);
+		free(seuser);
+		free(level);
+		if (retval) {
+			if (security_getenforce() > 0) {
+				log_it(name, getpid(), "No SELinux security context",tabname);
+				return -1;
+			} else {
+				log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
+				return 0;
+			}
 		}
+	} else {
+		log_it(name, getpid(), "getseusername FAILED", name);
+		return (security_getenforce() > 0);
 	}
 	
 	if (fgetfilecon(crontab_fd, &file_context) < OK) {
-- 
2.40.0