From 5aeef0d7343c9354b66e4501864027fe1e6930f8 Mon Sep 17 00:00:00 2001
From: "Ted X. Toth" <txtoth@gmail.com>
Date: Mon, 21 Nov 2022 12:32:46 -0800
Subject: [PATCH] Support '<<none>>' in SELinux sepgsql context file similar to
 how it can be used in file context files to stop sepgsql_restorecon from relabeling database objects.

---
 contrib/sepgsql/label.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/contrib/sepgsql/label.c b/contrib/sepgsql/label.c
index 440d9f0d50..8906828e76 100644
--- a/contrib/sepgsql/label.c
+++ b/contrib/sepgsql/label.c
@@ -818,9 +818,11 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
 				 * Check SELinux permission to relabel the fetched object,
 				 * then do the actual relabeling.
 				 */
-				sepgsql_object_relabel(&object, context);
+				if (strcmp(context, "<<none>>")) {
+					sepgsql_object_relabel(&object, context);
 
-				SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, context);
+					SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, context);
+				}
 			}
 			PG_FINALLY();
 			{
-- 
2.31.1