- Fix selinux plugin for permissive mode

rpm-4.13.0-selinux--permissive-scriptlets.patch

@@ -0,0 +1,40 @@
+From 0d214a17e412bffa00cfede2d884f02ac78b8434 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Mon, 12 Oct 2015 12:47:45 +0200
+Subject: [PATCH] Permit scriptlet exec context setting to fail in
+ non-enforcing modes
+
+for new code path, too.
+
+See also 9c082fb8689efdaa5a595d3043e67ccec4ed930c
+---
+ plugins/selinux.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/plugins/selinux.c b/plugins/selinux.c
+index ea6853b..2751815 100644
+--- a/plugins/selinux.c
++++ b/plugins/selinux.c
+@@ -134,9 +134,6 @@ exit:
+     freecon(fcon);
+     freecon(mycon);
+ 
+-    /* If selinux is not enforcing, we don't care either */
+-    if (rc && security_getenforce() < 1)
+-	rc = RPMRC_OK;
+ #else
+     if (sehandle == NULL)
+ 	return RPMRC_OK;
+@@ -149,6 +146,9 @@ exit:
+ 	       path, (xx < 0 ? strerror(errno) : ""));
+     }
+ #endif
++    /* If selinux is not enforcing, we don't care either */
++    if (rc && security_getenforce() < 1)
++	rc = RPMRC_OK;
+ 
+     return rc;
+ }
+-- 
+2.1.0
+

rpm.spec

@@ -29,7 +29,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}3%{?dist}
+Release: %{?snapver:0.%{snapver}.}4%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/rpm-4.12.x/%{name}-%{srcver}.tar.bz2
@@ -53,6 +53,7 @@ Patch5: rpm-4.12.0-rpm2cpio-hack.patch
 
 # Patches already upstream:
 Patch100: rpm-4.13.0-rc1-Fix-new-richdep-syntax.patch
+Patch101: rpm-4.13.0-selinux--permissive-scriptlets.patch
 
 # These are not yet upstream
 Patch302: rpm-4.7.1-geode-i686.patch
@@ -555,6 +556,8 @@ exit 0
 %doc doc/librpm/html/*
 
 %changelog
+* Mon Oct 12 2015 Florian Festi <ffesti@rpm.org> - 4.4.13.0-0.rc1.4
+- Fix selinux plugin for permissive mode
 
 * Mon Sep 07 2015 Florian Festi <ffesti@rpm.org> - 4.4.13.0-0.rc1.3
 - Fix new rich dependency syntax