From 2bbacbb31d18d9856ca13b6e49a2bfeb34b22b1b Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Wed, 22 Jan 2025 10:58:27 -0500
Subject: [PATCH] libselinux: Close old selabel handle when setting a new one
Content-type: text/plain

In selinux_restorecon_set_sehandle(), close the old selabel handle
(if it exists) before setting the new one.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libselinux/src/selinux_restorecon.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index a57932c0602b..db56cc7e587b 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c
@@ -1061,7 +1061,11 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl)
 	char **specfiles;
 	size_t num_specfiles;
 
-	fc_sehandle = (struct selabel_handle *) hndl;
+	if (fc_sehandle) {
+		selabel_close(fc_sehandle);
+	}
+
+        fc_sehandle = (struct selabel_handle *) hndl;
 	if (!fc_sehandle)
 		return;
 
-- 
2.48.1