This is part 8 of an 8 part post covering the process used to trace down and correct a problem with semanage login record group matching. If you have not already read the previous parts, you may want to start at the beginning

Deploying the fix

Due to the combination of the sensitive nature of this library, my rusty C, and that I had never worked inside libselinux before, I was not in a particular rush to override the Red Hat provided (and supported) package without at least one other person reviewing it, preferably someone who had written C in the past decade.

After considering the options, I pushed the locally patched libselinux package to the two hosts that Alice had to use as soon as possible, and updated the issue with Red Hat. Fortunately, a few hours after RHBZ#748471 was filed, I spotted Dan Walsh's commit to upstream with the exact patch I had proposed. That eased concerns significantly.

About a month later Red Hat released the fix in RHBA-2011-1559 which is part of RHEL6.2.

I did not notice it at the time, but Dan Walsh also blogged about the issue.

It was too late to respond on Dan's blog (comments are now stuck in /dev/null'ed moderation), but in the unlikely event "abbra" is reading this: I really did not care what was in the errata, I just needed a fix ASAP and was trying to help along the process, providing all of the relevant information I had located. Had Dan, or anyone else, had a better (or even just different) fix, that would have been perfectly fine.