From 0ef62130922845793b61fff0550228d77e1c681c Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Dec 03 2020 06:09:53 +0000
Subject: import libsemanage-2.9-4.el8


---

diff --git a/SOURCES/0004-libsemanage-genhomedircon-check-usepasswd.patch b/SOURCES/0004-libsemanage-genhomedircon-check-usepasswd.patch
new file mode 100644
index 0000000..19b56da
--- /dev/null
+++ b/SOURCES/0004-libsemanage-genhomedircon-check-usepasswd.patch
@@ -0,0 +1,40 @@
+From f0eb192096e3c06dad10dcb0737ab3434f3ce655 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 30 Oct 2020 17:42:17 +0100
+Subject: [PATCH] libsemanage/genhomedircon: check usepasswd
+
+Only add user homedir contexts when usepasswd = True
+
+Resolves:
+   # grep usepasswd /etc/selinux/semanage.conf
+   usepasswd=False
+   # useradd -Z unconfined_u -d /tmp test
+   # matchpathcon /tmp
+   /tmp	unconfined_u:object_r:user_home_dir_t:s0
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+
+(cherry-picked from SElinuxProject
+commit ce46daab7cc90a6b9cd3bff9f99cf40ff19c3d9a)
+
+Resolves: rhbz#1871786
+---
+ libsemanage/src/genhomedircon.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
+index e5f8d371..1298bc77 100644
+--- a/libsemanage/src/genhomedircon.c
++++ b/libsemanage/src/genhomedircon.c
+@@ -1330,7 +1330,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
+ 			s->fallback->home = NULL;
+ 		}
+ 	}
+-	if (user_context_tpl || username_context_tpl) {
++	if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) {
+ 		if (write_username_context(s, out, username_context_tpl,
+ 					   s->fallback) != STATUS_SUCCESS) {
+ 			retval = STATUS_ERR;
+-- 
+2.28.0
+
diff --git a/SPECS/libsemanage.spec b/SPECS/libsemanage.spec
index d8b4c23..acc9c0c 100644
--- a/SPECS/libsemanage.spec
+++ b/SPECS/libsemanage.spec
@@ -4,13 +4,14 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
 Version: 2.9
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: LGPLv2+
 Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/libsemanage-2.9.tar.gz
 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 Patch0001: 0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
 Patch0002: 0002-libsemanage-Add-support-for-DCCP-and-SCTP-protocols.patch
 Patch0003: 0003-libsemanage-fsync-final-files-before-rename.patch
+Patch0004: 0004-libsemanage-genhomedircon-check-usepasswd.patch
 URL: https://github.com/SELinuxProject/selinux/wiki
 Source1: semanage.conf
 
@@ -156,6 +157,9 @@ rm %{buildroot}%{_libexecdir}/selinux/semanage_migrate_store~
 %{_libexecdir}/selinux/semanage_migrate_store
 
 %changelog
+* Sun Nov 22 2020 Vit Mojzis <vmojzis@redhat.com> - 2.9-4
+- genhomedircon: check usepasswd (rhbz#1871786)
+
 * Mon Jun 29 2020 Vit Mojzis <vmojzis@redhat.com> - 2.9-3
 - Fsync final files before rename (#1838762)