diff -up cronie-1.4.11/src/security.c.selinux-user cronie-1.4.11/src/security.c

--- cronie-1.4.11/src/security.c.selinux-user	2017-03-07 13:52:23.076462218 +0100

+++ cronie-1.4.11/src/security.c	2017-03-07 14:47:32.957371610 +0100

@@ -41,8 +41,6 @@

 #ifdef WITH_SELINUX

 # include <selinux/selinux.h>

 # include <selinux/context.h>

-# include <selinux/flask.h>

-# include <selinux/av_permissions.h>

 # include <selinux/get_context_list.h>

 #endif

@@ -476,7 +474,9 @@ get_security_context(const char *name, i

 	security_context_t scontext = NULL;

 	security_context_t file_context = NULL;

 	security_context_t rawcontext=NULL;

-	int retval = 0;

+	context_t current_context = NULL;

+	int retval;

+	char *current_context_str = NULL;

 	char *seuser = NULL;

 	char *level = NULL;

@@ -490,10 +490,29 @@ get_security_context(const char *name, i

 			log_it(name, getpid(), "getseuserbyname FAILED", name, 0);

 			return (security_getenforce() > 0);

 		}

+

+		retval = get_default_context_with_level(seuser, level, NULL, &scontext);

+	}

+	else {

+		if (getcon(&current_context_str) < 0) {

+			log_it(name, getpid(), "getcon FAILED", "", 0);

+			return (security_getenforce() > 0);

+		}

+

+		current_context = context_new(current_context_str);

+		if (current_context == NULL) {

+			log_it(name, getpid(), "context_new FAILED", current_context_str, 0);

+			freecon(current_context_str);

+			return (security_getenforce() > 0);

+		}

+

+		const char *current_user = context_user_get(current_context);

+		retval = get_default_context_with_level(current_user, level, NULL, &scontext);

+

+		freecon(current_context_str);

+		context_free(current_context);

 	}

-	retval = get_default_context_with_level(name == NULL ? "system_u" : seuser,

-		level, NULL, &scontext);

 	if (selinux_trans_to_raw_context(scontext, &rawcontext) == 0) {

 		freecon(scontext);

 		scontext = rawcontext;