From 7a50a54390a976104deaf29d32b426db719bc5b7 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Mon, 3 Sep 2007 12:23:42 +0300
Subject: [PATCH] Sanitize SELinux file context initialization. - do it in a
 single spot inside tsRun() - automatically set RPMTRANS_FLAG_NOCONTEXTS if
 selinux is disabled

---
 lib/rpminstall.c  | 13 -------------
 lib/transaction.c | 18 ++++++++++++++++++
 python/rpmts-py.c | 14 --------------
 3 files changed, 18 insertions(+), 27 deletions(-)

diff --git a/lib/rpminstall.c b/lib/rpminstall.c
index a30feb3..327bb20 100644
--- a/lib/rpminstall.c
+++ b/lib/rpminstall.c
@@ -308,19 +308,6 @@ int rpmInstall(rpmts ts,
     if (rpmExpandNumeric("%{?_repackage_all_erasures}"))
 	ia->transFlags |= RPMTRANS_FLAG_REPACKAGE;
 
-    /* Initialize security context patterns (if not already done). */
-    if (!(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) {
-	rpmsx sx = rpmtsREContext(ts);
-	if (sx == NULL) {
-	    const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
-	    if (fn != NULL && *fn != '\0') {
-		sx = rpmsxNew(fn);
-		(void) rpmtsSetREContext(ts, sx);
-	    }
-	    fn = _free(fn);
-	}
-	sx = rpmsxFree(sx);
-    }
     (void) rpmtsSetFlags(ts, ia->transFlags);
 
     probFilter = ia->probFilter;
diff --git a/lib/transaction.c b/lib/transaction.c
index 41d43e4..6b68ae0 100644
--- a/lib/transaction.c
+++ b/lib/transaction.c
@@ -1449,6 +1449,24 @@ int rpmtsRun(rpmts ts, rpmps okProbs, rpmprobFilterFlags ignoreSet)
     if (rpmtsFlags(ts) & RPMTRANS_FLAG_JUSTDB)
 	(void) rpmtsSetFlags(ts, (rpmtsFlags(ts) | _noTransScripts | _noTransTriggers));
 
+    /* if SELinux isn't enabled or init fails, don't bother... */
+    if (!rpmtsSELinuxEnabled(ts)) {
+        rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
+    }
+
+    if (!rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS) {
+        rpmsx sx = rpmtsREContext(ts);
+        if (sx == NULL) {
+            const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
+            if (fn != NULL && *fn != '\0') {
+                sx = rpmsxNew(fn);
+                (void) rpmtsSetREContext(ts, sx);
+            }
+            fn = _free(fn);
+        }
+        sx = rpmsxFree(sx);
+    }
+
     ts->probs = rpmpsFree(ts->probs);
     ts->probs = rpmpsCreate();
 
diff --git a/python/rpmts-py.c b/python/rpmts-py.c
index 5c73faf..d38573d 100644
--- a/python/rpmts-py.c
+++ b/python/rpmts-py.c
@@ -1186,20 +1186,6 @@ rpmts_Run(rpmtsObject * s, PyObject * args, PyObject * kwds)
 	(void) rpmtsSetNotifyCallback(s->ts, rpmtsCallback, (void *) &cbInfo);
     }
 
-    /* Initialize security context patterns (if not already done). */
-    if (!(s->ts->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) {
-	rpmsx sx = rpmtsREContext(s->ts);
-	if (sx == NULL) {
-	    const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
-	    if (fn != NULL && *fn != '\0') {
-		sx = rpmsxNew(fn);
-		(void) rpmtsSetREContext(s->ts, sx);
-	    }
-	    fn = _free(fn);
-	}
-	sx = rpmsxFree(sx);
-    } 
-
 if (_rpmts_debug)
 fprintf(stderr, "*** rpmts_Run(%p) ts %p ignore %x\n", s, s->ts, s->ignoreSet);
 
-- 
2.7.4