From 24a913f47cc883903fbc71e180250da2530eba4a Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Feb 26 2013 14:59:40 +0000
Subject: if selinux is disabled, ignore that selogin dir is missing


https://fedorahosted.org/sssd/ticket/1817

---

diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index d7850ef..9d38c03 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -387,6 +387,7 @@ static errno_t write_selinux_login_file(const char *username, char *string)
     mode_t oldmask;
     TALLOC_CTX *tmp_ctx;
     char *full_string = NULL;
+    int enforce;
     errno_t ret = EOK;
 
     len = strlen(string);
@@ -414,11 +415,22 @@ static errno_t write_selinux_login_file(const char *username, char *string)
 
     oldmask = umask(022);
     fd = mkstemp(tmp_path);
+    ret = errno;
     umask(oldmask);
     if (fd < 0) {
-        DEBUG(SSSDBG_OP_FAILURE, ("creating the temp file for SELinux "
-                                  "data failed. %s", tmp_path));
-        ret = EIO;
+        if (ret == ENOENT) {
+            /* if selinux is disabled and selogin dir does not exist,
+             * just ignore the error */
+            if (selinux_getenforcemode(&enforce) == 0 && enforce == -1) {
+                ret = EOK;
+                goto done;
+            }
+
+            /* continue if we can't get enforce mode or selinux is enabled */
+        }
+
+        DEBUG(SSSDBG_OP_FAILURE, ("unable to create temp file [%s] "
+              "for SELinux data [%d]: %s\n", tmp_path, ret, strerror(ret)));
         goto done;
     }