Add selinux_getenforce() calls to work when not in enforcing mode
- use security_getenforce() instead of selinux_getenforcemode
From RedHat patches.

---
 logrotate.c |  126 +++++++++++++++++++++++++++++++++---------------------------
 1 file changed, 71 insertions(+), 55 deletions(-)

Index: logrotate-3.7.1/logrotate.c
===================================================================
--- logrotate-3.7.1.orig/logrotate.c
+++ logrotate-3.7.1/logrotate.c
@@ -17,6 +17,7 @@
 #include <selinux/selinux.h>
 static security_context_t prev_context=NULL;
 int selinux_enabled=0;
+int selinux_enforce=0;
 #endif
 
 #include "basenames.h"
@@ -293,38 +294,43 @@ static int copyTruncate(char * currLog, 
 	    return 1;
 	}
 #ifdef WITH_SELINUX
-	if ((selinux_enabled=(is_selinux_enabled()>0)))
-	  {
-	    security_context_t oldContext;
-	    if (fgetfilecon(fdcurr, &oldContext) >=0) {
-	      if (getfscreatecon(&prev_context) < 0) {
-		message(MESS_ERROR, "error getting default context: %s\n", 
-			strerror(errno));
-		freecon(oldContext);
-		return 1;
-	      }
-	      if (setfscreatecon(oldContext) < 0) {
-		message(MESS_ERROR, "error setting file context %s to %s: %s\n", 
-			saveLog, oldContext,strerror(errno));
-		freecon(oldContext);
-		return 1;
-	      }
-	      freecon(oldContext);
-	    } else {
-	      message(MESS_ERROR, "error getting file context %s: %s\n", currLog,
-		      strerror(errno));
-	      return 1;
-	    }
-	  }
+	if (selinux_enabled) {
+		security_context_t oldContext;
+		if (fgetfilecon(fdcurr, &oldContext) >=0) {
+			if (getfscreatecon(&prev_context) < 0) {
+				message(MESS_ERROR, "error getting default context: %s\n", 
+					strerror(errno));
+				if (selinux_enforce) {
+					freecon(oldContext);
+					return 1;
+				}
+			}
+			if (setfscreatecon(oldContext) < 0) {
+				message(MESS_ERROR, "error setting file context %s to %s: %s\n", 
+					saveLog, oldContext,strerror(errno));
+				if (selinux_enforce) {
+					freecon(oldContext);
+					return 1;
+				}
+			}
+			freecon(oldContext);
+		} else {
+			message(MESS_ERROR, "error getting file context %s: %s\n", currLog,
+				strerror(errno));
+			if (selinux_enforce) {
+				return 1;
+			}
+		}
+	}
 #endif
 	fdsave = open(saveLog, O_WRONLY | O_CREAT | O_TRUNC,sb->st_mode);
 #ifdef WITH_SELINUX
 	if (selinux_enabled) {
-	  setfscreatecon(prev_context);
-	  if (prev_context!= NULL) {
-	    freecon(prev_context);
-	    prev_context=NULL;
-	  }
+		setfscreatecon(prev_context);
+		if (prev_context!= NULL) {
+			freecon(prev_context);
+			prev_context=NULL;
+		}
 	}
 #endif
 	if (fdsave < 0) {
@@ -672,28 +678,34 @@ int rotateSingleLog(logInfo * log, int l
 	    (log->flags & LOG_FLAG_DELAYCOMPRESS) ? "" : compext);
     
 #ifdef WITH_SELINUX
-    if ((selinux_enabled=(is_selinux_enabled()>0))) {
-      security_context_t oldContext=NULL;
-      if (getfilecon(log->files[logNum], &oldContext)>0) {
-	if (getfscreatecon(&prev_context) < 0) {
-	  message(MESS_ERROR, "error getting default context: %s\n", 
-		  strerror(errno));
-	  freecon(oldContext);
-	  return 1;
-	}
-	if (setfscreatecon(oldContext) < 0) {
-	  message(MESS_ERROR, "error setting file context %s to %s: %s\n", 
-		  log->files[logNum], oldContext,strerror(errno));
-	  freecon(oldContext);
-	  return 1;
-	}
-	freecon(oldContext);
-      } else {
-	message(MESS_ERROR, "error getting file context %s: %s\n", 
-		log->files[logNum], 
-		strerror(errno));
-	return 1;
-      }
+    if (selinux_enabled) {
+	    security_context_t oldContext=NULL;
+	    if (getfilecon(log->files[logNum], &oldContext)>0) {
+		    if (getfscreatecon(&prev_context) < 0) {
+			    message(MESS_ERROR, "error getting default context: %s\n", 
+				    strerror(errno));
+			    if (selinux_enforce) {
+				    freecon(oldContext);
+				    return 1;
+			    }
+		    }
+		    if (setfscreatecon(oldContext) < 0) {
+			    message(MESS_ERROR, "error setting file context %s to %s: %s\n", 
+				    log->files[logNum], oldContext,strerror(errno));
+			    if (selinux_enforce) {
+				    freecon(oldContext);
+				    return 1;
+			    }
+		    }
+		    freecon(oldContext);
+	    } else {
+		    message(MESS_ERROR, "error getting file context %s: %s\n", 
+			    log->files[logNum], 
+			    strerror(errno));
+		    if (selinux_enforce) {
+			    return 1;
+		    }
+	    }
     }
 #endif
     for (i = rotateCount + logStart - 1; (i >= 0) && !hasErrors; i--) {
@@ -883,11 +895,11 @@ int rotateSingleLog(logInfo * log, int l
     
 #ifdef WITH_SELINUX
 	if (selinux_enabled) {
-	  setfscreatecon(prev_context);
-	  if (prev_context!= NULL) {
-	    freecon(prev_context);
-	    prev_context=NULL;
-	  }
+		setfscreatecon(prev_context);
+		if (prev_context!= NULL) {
+			freecon(prev_context);
+			prev_context=NULL;
+		}
 	}
 #endif
     free(dirName);
@@ -1249,6 +1261,10 @@ int main(int argc, const char ** argv) {
 	exit(1);
     }
 
+#ifdef WITH_SELINUX
+    selinux_enabled=(is_selinux_enabled()>0);
+    selinux_enforce=security_getenforce();
+#endif
     for (file = files; *file; file++) {
 	if (readConfigPath(*file, &defConfig, &logs, &numLogs)) {
 	    exit(1);