Make setfcontext_compile atomic

libselinux-rhat.patch

@@ -489,3 +489,50 @@ index a801ee8..b3bdca2 100644
  
  #define RAW_TO_TRANS_CONTEXT		2
  #define TRANS_TO_RAW_CONTEXT		3
+diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c
+index 6f79dd6..eb88ea8 100644
+--- a/libselinux/utils/sefcontext_compile.c
++++ b/libselinux/utils/sefcontext_compile.c
+@@ -6,6 +6,7 @@
+ #include <string.h>
+ 
+ #include <linux/limits.h>
++#include <libgen.h>
+ 
+ #include "../src/label_file.h"
+ 
+@@ -321,7 +322,8 @@ int main(int argc, char *argv[])
+ 	const char *path;
+ 	char stack_path[PATH_MAX + 1];
+ 	int rc;
+-
++	char *tmp, *tmppath;
++	
+ 	if (argc != 2) {
+ 		fprintf(stderr, "usage: %s input_file\n", argv[0]);
+ 		exit(EXIT_FAILURE);
+@@ -342,10 +344,21 @@ int main(int argc, char *argv[])
+ 	rc = snprintf(stack_path, sizeof(stack_path), "%s.bin", path);
+ 	if (rc < 0 || rc >= sizeof(stack_path))
+ 		return rc;
+-	rc = write_binary_file(&data, stack_path);
+-	if (rc < 0)
+-		return rc;
+ 
++	tmppath = strdup(stack_path);
++	if (!tmppath) 
++		return -1;
++	tmp = tempnam(dirname(tmppath), ".bin");
++	free(tmppath);
++	if (!tmp) 
++		return -1;
++	rc = write_binary_file(&data, tmp);
++	if (rc < 0) {
++		free(tmp);
++		return rc;
++	}
++	rename(tmp, stack_path);
++	free(tmp);
+ 	rc = free_specs(&data);
+ 	if (rc < 0)
+ 		return rc;

libselinux.spec

@@ -10,7 +10,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.13
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -241,6 +241,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Wed Mar 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-8
+- Make setfcontext_compile atomic
+
 * Wed Mar 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-7
 - Fix memory leak in set*con calls.