cut out an extraneous label configuration reload

- cut down the number of times we load SELinux labeling configuration from
  a minimum of two times to actually one (more of #845125)

krb5-1.10.2-selinux-label.patch

@@ -465,7 +465,7 @@ which we used earlier, is some improvement.
  
 --- krb5/src/util/support/selinux.c
 +++ krb5/src/util/support/selinux.c
-@@ -0,0 +1,402 @@
+@@ -0,0 +1,405 @@
 +/*
 + * Copyright 2007,2008,2009,2011,2012 Red Hat, Inc.  All Rights Reserved.
 + *
@@ -597,7 +597,8 @@ which we used earlier, is some improvement.
 +#endif
 +			configuredsc = NULL;
 +#ifdef HAVE_SELINUX_LABEL_H
-+			if (selabel_ctx != NULL) {
++			if ((selabel_ctx != NULL) ||
++			    (selabel_last_changed == 0)) {
 +				const char *cpath;
 +				struct stat st;
 +				int i = -1;
@@ -605,8 +606,10 @@ which we used earlier, is some improvement.
 +				if ((cpath == NULL) ||
 +				    ((i = stat(cpath, &st)) != 0) ||
 +				    (st.st_mtime != selabel_last_changed)) {
-+					selabel_close(selabel_ctx);
-+					selabel_ctx = NULL;
++					if (selabel_ctx != NULL) {
++						selabel_close(selabel_ctx);
++						selabel_ctx = NULL;
++					}
 +					selabel_last_changed = i ?
 +							       time(NULL) :
 +							       st.st_mtime;

krb5.spec

@@ -29,7 +29,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.10.3
-Release: 3%{?dist}
+Release: 4%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.3-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -839,6 +839,10 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Thu Sep  6 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.3-4
+- cut down the number of times we load SELinux labeling configuration from
+  a minimum of two times to actually one (more of #845125)
+
 * Thu Aug 30 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.3-3
 - backport patch to disable replay detection in krb5_verify_init_creds()
   while reading the AP-REQ that's generated in the same function (RT#7229)