From 1f0fa73a04a68146cbe3527d5748b82bdb4e5b1e Mon Sep 17 00:00:00 2001
From: Jonathan Billings <jsbillin@umich.edu>
Date: Wed, 21 Aug 2013 14:36:23 -0400
Subject: SELinux: Update the matchpathcon function to use the file's mode

If you don't supply a mode to the selinux.matchpathcon() function, it
fails to properly look up the context in some circumstances related to
context patterns in the SELinux policy.  This change looks up the mode
and supplies it to the function.
(cherry picked from commit 20a2c9a8fb6c6ecbed259b5deccb01c01bf3304f)
---
 src/lib/Bcfg2/Client/Tools/POSIX/base.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/Bcfg2/Client')

diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/base.py b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
index fb5d06e54..1e73d4f11 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/base.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
@@ -525,7 +525,8 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
             if entry.get("secontext") == "__default__":
                 try:
                     wanted_secontext = \
-                        selinux.matchpathcon(path, 0)[1].split(":")[2]
+                        selinux.matchpathcon(
+                            path, ondisk[stat.ST_MODE])[1].split(":")[2]
                 except OSError:
                     errors.append("%s has no default SELinux context" %
                                   entry.get("name"))
-- 
cgit v1.2.3-1-g7c22