From 3ec2b5773ea1553a70c362c25574978b7bbc932a Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jlebon@redhat.com>
Date: Fri, 2 Jun 2017 10:06:50 -0400
Subject: [PATCH] checkout: don't apply SELinux labeling in user mode

If the user requested a user checkout, we don't want to set the SELinux
label xattr.

Closes: #903
Approved by: cgwalters
---
 src/libostree/ostree-repo-checkout.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/libostree/ostree-repo-checkout.c b/src/libostree/ostree-repo-checkout.c
index 360c939f..8dbe49e3 100644
--- a/src/libostree/ostree-repo-checkout.c
+++ b/src/libostree/ostree-repo-checkout.c
@@ -261,14 +261,14 @@ create_file_copy_from_input_at (OstreeRepo     *repo,
                                         &tmpf, error))
         return FALSE;
 
-      if (sepolicy_enabled)
+      if (sepolicy_enabled && options->mode != OSTREE_REPO_CHECKOUT_MODE_USER)
         {
           g_autofree char *label = NULL;
-          if (!ostree_sepolicy_get_label (options->sepolicy,
-                                          state->selabel_path_buf->str,
+          if (!ostree_sepolicy_get_label (options->sepolicy, state->selabel_path_buf->str,
                                           g_file_info_get_attribute_uint32 (file_info, "unix::mode"),
                                           &label, cancellable, error))
             return FALSE;
+
           if (fsetxattr (tmpf.fd, "security.selinux", label, strlen (label), 0) < 0)
             return glnx_throw_errno_prefix (error, "Setting security.selinux");
         }