File 2a1f725e83d3ffc11d229543c4c2980dffd637b9.patch of Package google-authenticator-libpam

commit 2a1f725e83d3ffc11d229543c4c2980dffd637b9
Author: Johannes Segitz <jsegitz@suse.de>
Date:   Mon Nov 10 17:09:42 2025 +0100

    Log filure to set SELinux type on secret file at LOG_DEBUG

diff --git a/src/pam_google_authenticator.c b/src/pam_google_authenticator.c
index ee65e66..c9fa68a 100644
--- a/src/pam_google_authenticator.c
+++ b/src/pam_google_authenticator.c
@@ -698,10 +698,9 @@ static int write_file_contents(pam_handle_t *pamh,
     log_message(LOG_ERR, pamh, "write(): %s", strerror(err));
     goto cleanup;
   }
-  // adjust SELinux context. No error handling here as this can fail if SELinux
-  // is not enable, which is fine in this case. If it fails when SELinux is
-  // available this will result in AVCs that can be debugged
-  set_selinux_context(fd);
+  if (set_selinux_context(fd)) {
+    log_message(LOG_DEBUG, pamh, "setting SELinux type \"%s\" on file \"%s\" failed. Okay if SELinux is disabled", SECRET_SELINUX_TYPE, secret_filename);
+  }
 
   if (fsync(fd)) {
     err = errno;