- rpmexeccon should not fail in permissive mode.

libselinux-rhat.patch

@@ -10,3 +10,18 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/utils/avcstat.c libselinux-1.
  }
  
  static void set_window_rows(void)
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/rpm.c libselinux-1.21.1/src/rpm.c
+--- nsalibselinux/src/rpm.c	2004-11-09 09:13:54.000000000 -0500
++++ libselinux-1.21.1/src/rpm.c	2005-01-24 15:24:33.000000000 -0500
+@@ -41,8 +41,10 @@
+ 	rc = setexeccon(newcon);
+ 	if (rc < 0) 
+ 		goto out;
+-	rc = execve(filename, argv, envp);
+ out:
++	if ( ( rc == 0 ) || 
++	     (security_getenforce() == 0 ))
++	  rc = execve(filename, argv, envp);
+ 	context_free(con);
+ 	freecon(newcon);
+ 	freecon(fcon);

libselinux.spec

@@ -1,7 +1,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 1.21.1
-Release: 2
+Release: 3
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -86,9 +86,11 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man8/*
 
 %changelog
+* Mon Jan 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-3
+- rpmexeccon should not fail in permissive mode.
+
 * Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-2
 - fix printf in avcstat
-
 * Thu Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-1
 - Update from NSA