pam_rootok: skip context translation

The retrieved context is just passed to the libselinux function
'selinux_check_access()', so a context translation to human readable
MCS/MLS labels is not needed. (see man:setrans.conf(5))

1 files changed, 4 insertions, 4 deletions

diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c
index 97296458..eb9c5eee 100644
--- a/modules/pam_rootok/pam_rootok.c
+++ b/modules/pam_rootok/pam_rootok.c
@@ -87,7 +87,7 @@ static int
 selinux_check_root (void)
 {
     int status = -1;
-    char *user_context;
+    char *user_context_raw;
     union selinux_callback old_callback;
 
     if (is_selinux_enabled() < 1)
@@ -96,15 +96,15 @@ selinux_check_root (void)
     old_callback = selinux_get_callback(SELINUX_CB_LOG);
     /* setup callbacks */
     selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
-    if ((status = getprevcon(&user_context)) < 0) {
+    if ((status = getprevcon_raw(&user_context_raw)) < 0) {
 	selinux_set_callback(SELINUX_CB_LOG, old_callback);
 	return status;
     }
 
-    status = selinux_check_access(user_context, user_context, "passwd", "rootok", NULL);
+    status = selinux_check_access(user_context_raw, user_context_raw, "passwd", "rootok", NULL);
 
     selinux_set_callback(SELINUX_CB_LOG, old_callback);
-    freecon(user_context);
+    freecon(user_context_raw);
     return status;
 }
 #endif