libselinux/0002-libselinux-Ignore-files-removed-during-relabeling.patch

From d12756eb12696962458d9c4dc727da248664286f Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 17 Oct 2025 17:08:34 +0200
Subject: [PATCH] libselinux: Ignore files removed during relabeling

In case ignore_noent is specified, ignore files removed during
relabeling (race condition between folder read, file read and label
set).

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 libselinux/src/selinux_restorecon.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index 702ad8d9..23546cb0 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c
@@ -726,6 +726,9 @@ static int restorecon_sb(const char *pathname, const struct stat *sb,
 			    pathname, newcon);
 
 	if (lgetfilecon_raw(pathname, &curcon) < 0) {
+		/* Ignore files removed during relabeling if ignore_noent is set */
+		if (flags->ignore_noent && errno == ENOENT)
+			goto out;
 		if (errno != ENODATA)
 			goto err;
 
@@ -765,8 +768,14 @@ static int restorecon_sb(const char *pathname, const struct stat *sb,
 		}
 
 		if (!flags->nochange) {
-			if (lsetfilecon(pathname, newcon) < 0)
-				goto err;
+			if (lsetfilecon(pathname, newcon) < 0) {
+				/* Ignore files removed during relabeling if ignore_noent is set */
+				if (flags->ignore_noent && errno == ENOENT)
+					goto out;
+				else
+					goto err;
+			}
+
 			updated = true;
 		}
 
@@ -932,9 +941,10 @@ loop_body:
 		case FTS_NS:
 			error = errno;
 			errno = ftsent->fts_errno;
-			selinux_log(SELINUX_ERROR,
-				    "Could not stat %s: %m.\n",
-				    ftsent->fts_path);
+			if (!state->flags.ignore_noent || errno != ENOENT)
+				selinux_log(SELINUX_ERROR,
+					    "Could not stat %s: %m.\n",
+					    ftsent->fts_path);
 			errno = error;
 			fts_set(fts, ftsent, FTS_SKIP);
 			continue;
-- 
2.51.0