From fb3a8b3c1671f3b601563828dea2a45853daeb5b Mon Sep 17 00:00:00 2001
From: Paweł Poławski <ppolawsk@redhat.com>
Date: Nov 04 2019 10:40:16 +0000
Subject: selinux: Keep explicite umask() calls


libsemanage < 2.6 use to not set right file mask in our usecase.
It has been fixed by manual umask() call but is no longer needed.
Fix will be keept as a precaution for future libsemanage versions.

Resolves:
https://pagure.io/SSSD/sssd/issue/3583

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

---

diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index 925591e..1bf4de2 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -147,9 +147,10 @@ static int sc_set_seuser(const char *login_name, const char *seuser_name,
     int ret;
     mode_t old_mask;
 
-    /* This is a workaround for
-     * https://bugzilla.redhat.com/show_bug.cgi?id=1186422 to make sure
-     * the directories are created with the expected permissions
+    /* Bug origin: https://bugzilla.redhat.com/show_bug.cgi?id=1186422
+     * This workaround is required for libsemanage < 2.5-13.el7
+     * It will remain here as a precaution in case of unexpected
+     * libsemanage behaviour.
      */
     old_mask = umask(0);
     if (strcmp(seuser_name, "") == 0) {