From d27223b4c79bc27a7c00c17d7b0bafb47214f074 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Mon, 14 Jun 2010 15:09:15 -0400
Subject: [PATCH] Call selinux_restore_tty() as part of cleanup() so it gets
 called from error()/errorx()

---
 src/exec_pty.c |  3 +++
 src/selinux.c  | 10 +++++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/exec_pty.c b/src/exec_pty.c
index 9e960f55d..232da0654 100644
--- a/src/exec_pty.c
+++ b/src/exec_pty.c
@@ -121,6 +121,9 @@ cleanup(int gotsignal)
 {
     if (!tq_empty(&io_plugins))
 	term_restore(io_fds[SFD_USERTTY], 0);
+#ifdef HAVE_SELINUX
+    selinux_restore_tty();
+#endif
 }
 
 /*
diff --git a/src/selinux.c b/src/selinux.c
index 0c70710ea..3a40d5a3b 100644
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -66,7 +66,6 @@ static struct selinux_state {
  *
  * Returns zero on success, non-zero otherwise
  */
-/* XXX - should also be called as part of cleanup() */
 int
 selinux_restore_tty(void)
 {
@@ -91,9 +90,14 @@ selinux_restore_tty(void)
 	warning("unable to restore context for %s", se_state.ttyn);
 
 skip_relabel:
-    if (se_state.ttyfd != -1)
+    if (se_state.ttyfd != -1) {
 	close(se_state.ttyfd);
-    freecon(chk_tty_context);
+	se_state.ttyfd = -1;
+    }
+    if (chk_tty_context != NULL) {
+	freecon(chk_tty_context);
+	chk_tty_context = NULL;
+    }
     return retval;
 }
 
-- 
2.50.1