libselinux: do not check fcontext duplicates on use Tools like restorecon or systemd, which load the fcontext database to make labeling decisions do not need to check for duplicate rules. Only the first rule will be used. Instead we should only check for duplicates when new rules are added to the database. And fail the transaction if we find one. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>

commit: 4f621a168682f96d0c98f7818493397766b13fd2 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Tue Jun 28 21:37:38 2011 -0400
committer: Eric Paris <eparis@redhat.com> Wed Aug 03 18:02:07 2011 -0400
tree: fd9359dadefc5ca25f65766118f0693500e97fb4
parent: 874bac80bbfbf0a5af51bfa02cad2c233aac7273 [diff] [blame]
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index af7fd8f..3b8346d 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c

@@ -485,7 +485,7 @@
 					 pass, ++lineno) != 0)
 				goto finish;
 		}
-		if (pass == 1) {
+		if (pass == 1 && rec->validating) {
 			status = nodups_specs(data, path);
 			if (status)
 				goto finish;
commit	4f621a168682f96d0c98f7818493397766b13fd2	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Tue Jun 28 21:37:38 2011 -0400
committer	Eric Paris <eparis@redhat.com>	Wed Aug 03 18:02:07 2011 -0400
tree	fd9359dadefc5ca25f65766118f0693500e97fb4
parent	874bac80bbfbf0a5af51bfa02cad2c233aac7273 [diff] [blame]