Add Eric Paris patch to fix procattr calls after a fork.

libselinux-rhat.patch

@@ -695,14 +695,86 @@ index 2d7369e..2a00807 100644
  }
  
 diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
-index 6c5b45a..0a0dd3e 100644
+index 6c5b45a..f6b896e 100644
 --- a/libselinux/src/procattr.c
 +++ b/libselinux/src/procattr.c
-@@ -257,6 +257,7 @@ out:
+@@ -9,13 +9,15 @@
+ #include "selinux_internal.h"
+ #include "policy.h"
+ 
++#define UNSET (const security_context_t) -1
++
+ static __thread pid_t cpid;
+ static __thread pid_t tid;
+-static __thread security_context_t prev_current;
+-static __thread security_context_t prev_exec;
+-static __thread security_context_t prev_fscreate;
+-static __thread security_context_t prev_keycreate;
+-static __thread security_context_t prev_sockcreate;
++static __thread security_context_t prev_current = UNSET;
++static __thread security_context_t prev_exec = UNSET;
++static __thread security_context_t prev_fscreate = UNSET;
++static __thread security_context_t prev_keycreate = UNSET;
++static __thread security_context_t prev_sockcreate = UNSET;
+ 
+ static pthread_once_t once = PTHREAD_ONCE_INIT;
+ static pthread_key_t destructor_key;
+@@ -29,11 +31,16 @@ static pid_t gettid(void)
+ 
+ static void procattr_thread_destructor(void __attribute__((unused)) *unused)
+ {
+-	free(prev_current);
+-	free(prev_exec);
+-	free(prev_fscreate);
+-	free(prev_keycreate);
+-	free(prev_sockcreate);
++	if (prev_current != UNSET)
++		free(prev_current);
++	if (prev_exec != UNSET)
++		free(prev_exec);
++	if (prev_fscreate != UNSET)
++		free(prev_fscreate);
++	if (prev_keycreate != UNSET)
++		free(prev_keycreate);
++	if (prev_sockcreate != UNSET)
++		free(prev_sockcreate);
+ }
+ 
+ static void free_procattr(void)
+@@ -41,7 +48,7 @@ static void free_procattr(void)
+ 	procattr_thread_destructor(NULL);
+ 	tid = 0;
+ 	cpid = getpid();
+-	prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = NULL;
++	prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = UNSET;
+ }
+ 
+ void __attribute__((destructor)) procattr_destructor(void);
+@@ -131,7 +138,7 @@ static int getprocattrcon_raw(security_context_t * context,
+ 			return -1;
+ 	};
+ 
+-	if (prev_context) {
++	if (prev_context && prev_context != UNSET) {
+ 		*context = strdup(prev_context);
+ 		if (!(*context)) {
+ 			return -1;
+@@ -230,7 +237,8 @@ static int setprocattrcon_raw(security_context_t context,
+ 
+ 	if (!context && !*prev_context)
+ 		return 0;
+-	if (context && *prev_context && !strcmp(context, *prev_context))
++	if (context && *prev_context && *prev_context != UNSET 
++	    && !strcmp(context, *prev_context))
+ 		return 0;
+ 
+ 	fd = openattr(pid, attr, O_RDWR);
+@@ -257,6 +265,8 @@ out:
  		free(context);
  		return -1;
  	} else {
-+		free(*prev_context);
++		if (*prev_context != UNSET)
++			free(*prev_context);
  		*prev_context = context;
  		return 0;
  	}

libselinux.spec

@@ -10,7 +10,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.13
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -241,6 +241,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Tue Apr 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-13
+- Add Eric Paris patch to fix procattr calls after a fork.
+
 * Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-12
 - Move secolor.conf.5 into mcstrans package and out of libselinux