Written-by: Tomas Smetana <tsmetana@redhat.com>

diff -up logrotate-3.7.6/logrotate.c.selinux logrotate-3.7.6/logrotate.c
--- logrotate-3.7.6/logrotate.c.selinux	2008-01-09 09:37:16.000000000 +0100
+++ logrotate-3.7.6/logrotate.c	2008-01-09 09:39:05.000000000 +0100
@@ -899,6 +899,9 @@ int rotateSingleLog(logInfo * log, int l
     int hasErrors = 0;
     struct stat sb;
     int fd;
+#ifdef WITH_SELINUX
+	security_context_t savedContext;
+#endif
 
     if (!state->doRotate)
 	return 0;
@@ -906,7 +909,51 @@ int rotateSingleLog(logInfo * log, int l
     if (!hasErrors) {
 
 	if (!(log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))) {
-	    message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
+#ifdef WITH_SELINUX
+		if (selinux_enabled) {
+			security_context_t oldContext;
+			int fdcurr = -1;
+
+			if ((fdcurr = open(log->files[logNum], O_RDWR)) < 0) {
+				message(MESS_ERROR, "error opening %s: %s\n",
+						log->files[logNum],
+					strerror(errno));
+				return 1;
+			}
+			if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
+				if (getfscreatecon_raw(&savedContext) < 0) {
+					message(MESS_ERROR,
+						"getting default context: %s\n",
+						strerror(errno));
+					if (selinux_enforce) {
+						freecon(oldContext);
+						return 1;
+					}
+				}
+				if (setfscreatecon_raw(oldContext) < 0) {
+					message(MESS_ERROR,
+						"setting file context %s to %s: %s\n",
+						log->files[logNum], oldContext, strerror(errno));
+					if (selinux_enforce) {
+					freecon(oldContext);
+					return 1;
+					}
+				}
+				message(MESS_DEBUG, "fscreate context set to %s\n",
+						oldContext);
+				freecon(oldContext);
+			} else {
+				if (errno != ENOTSUP) {
+					message(MESS_ERROR, "getting file context %s: %s\n",
+						log->files[logNum], strerror(errno));
+					if (selinux_enforce) {
+						return 1;
+					}
+				}
+			}
+		}
+#endif
+		message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
 		    rotNames->finalName);
 
 	    if (!debug && !hasErrors &&
@@ -961,6 +1008,15 @@ int rotateSingleLog(logInfo * log, int l
                     close(fd);
 	    }
 	}
+#ifdef WITH_SELINUX
+	if (selinux_enabled) {
+	    setfscreatecon_raw(savedContext);
+	    if (savedContext != NULL) {
+			freecon(savedContext);
+			savedContext = NULL;
+	    }
+	}
+#endif
 
 	if (!hasErrors
 	    && log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))