From 16a5c7affc451cfc44f7381022e40ed799eb0187 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Tue, 5 Jun 2012 16:24:15 -0400
Subject: [PATCH] back out the recent labeling change, per dwalsh

- back out this labeling change (dwalsh):
  - when building the new label for a file we're about to create, also mix
    in the current range, in addition to the current user
---
 krb5-1.10.2-selinux-label.patch | 18 ++++++------------
 krb5.spec                       |  7 ++++++-
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/krb5-1.10.2-selinux-label.patch b/krb5-1.10.2-selinux-label.patch
index fd26b3e..448aaec 100644
--- a/krb5-1.10.2-selinux-label.patch
+++ b/krb5-1.10.2-selinux-label.patch
@@ -465,7 +465,7 @@ which we used earlier, is some improvement.
  
 --- krb5/src/util/support/selinux.c
 +++ krb5/src/util/support/selinux.c
-@@ -0,0 +1,379 @@
+@@ -0,0 +1,373 @@
 +/*
 + * Copyright 2007,2008,2009,2011,2012 Red Hat, Inc.  All Rights Reserved.
 + *
@@ -540,7 +540,7 @@ which we used earlier, is some improvement.
 +{
 +	security_context_t previous, configuredsc, currentsc, derivedsc;
 +	context_t current, derived;
-+	const char *fullpath, *currentuser, *currentrange;
++	const char *fullpath, *currentuser;
 +#ifdef HAVE_SELINUX_LABEL_H
 +	struct selabel_handle *ctx;
 +#endif
@@ -624,16 +624,10 @@ which we used earlier, is some improvement.
 +						if (currentuser != NULL) {
 +							if (context_user_set(derived,
 +									     currentuser) == 0) {
-+								currentrange = context_range_get(current);
-+								if (currentrange != NULL) {
-+									if (context_range_set(derived,
-+											      currentrange) == 0) {
-+										derivedsc = context_str(derived);
-+										if (derivedsc != NULL) {
-+											freecon(configuredsc);
-+											configuredsc = strdup(derivedsc);
-+										}
-+									}
++								derivedsc = context_str(derived);
++								if (derivedsc != NULL) {
++									freecon(configuredsc);
++									configuredsc = strdup(derivedsc);
 +								}
 +							}
 +						}
diff --git a/krb5.spec b/krb5.spec
index 8b22c8e..3da0936 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -20,7 +20,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.10.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -753,6 +753,11 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Tue Jun  5 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-2
+- back out this labeling change (dwalsh):
+  - when building the new label for a file we're about to create, also mix
+    in the current range, in addition to the current user
+
 * Fri Jun  1 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-1
 - update to 1.10.2
   - when building the new label for a file we're about to create, also mix