From 9c082fb8689efdaa5a595d3043e67ccec4ed930c Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Fri, 5 Apr 2013 10:49:24 +0300
Subject: Permit scriptlet exec context setting to fail in non-enforcing modes

- This is what rpm_execcon() in libselinux always did, and trying to
  be more strict causes things to blow up on install to an empty
  chroot where /proc and /sys/fs/selinux are not mounted.
---
 plugins/selinux.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'plugins')

diff --git a/plugins/selinux.c b/plugins/selinux.c
index 0a3ef6f13..736514b60 100644
--- a/plugins/selinux.c
+++ b/plugins/selinux.c
@@ -133,6 +133,10 @@ exit:
     freecon(fcon);
     freecon(mycon);
 
+    /* If selinux is not enforcing, we don't care either */
+    if (rc && security_getenforce() < 1)
+	rc = RPMRC_OK;
+
     return rc;
 }
 
-- 
cgit v1.2.1