From 7fe4e0e892dad84aaf383bc130f4909f9b4b380d Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Tue, 6 Nov 2007 18:26:44 +0000
Subject: * nscd/selinux.c (nscd_request_avc_has_perm): When compiled with

	old headers, don't call avc_has_perm if we don't have the
	permission information.
---
 nscd/selinux.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'nscd/selinux.c')

diff --git a/nscd/selinux.c b/nscd/selinux.c
index 6cbcbea..9a167ec 100644
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@@ -368,6 +368,14 @@ nscd_request_avc_has_perm (int fd, request_type req)
       goto out;
     }
 
+#ifndef NSCD__GETSERV
+  if (perms[req] == 0)
+    {
+      dbg_log (_("compile-time support for database policy missing"));
+      goto out;
+    }
+#endif
+
   rc = avc_has_perm (ssid, tsid, SECCLASS_NSCD, perms[req], &aeref, NULL) < 0;
 
 out:
-- 
cgit v1.1