diff --git a/Use-common-error-logic-regardless-of-setexecfilecon-.patch b/Use-common-error-logic-regardless-of-setexecfilecon-.patch
new file mode 100644
index 0000000..407dec9
--- /dev/null
+++ b/Use-common-error-logic-regardless-of-setexecfilecon-.patch
@@ -0,0 +1,113 @@
+From 153c5c219844f0f294862c9043b20f4d24f7fa69 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 18 Feb 2020 15:50:40 +0200
+Subject: [PATCH] Use common error logic regardless of setexecfilecon()
+ availability
+
+Refactor the custom exec context setting code to look like setexecfilecon()
+in case the real one is not available to eliminate pesky behavioral
+differences between the two cases.
+
+This fixes a concrete bug of libselinux setexecfilecon() returning with
+an error when security_getenforce() returns with -1 (such as a bare
+chroot with no /sys mounts etc), causing us to spit out useless error
+messages in that case ever since fixing the bogus if-logic in
+commit ab601b882b9d9d8248250111317615db1aa7b7c6.
+
+Fixes: #1077
+---
+ plugins/selinux.c | 44 +++++++++++++++++++++-----------------------
+ 1 file changed, 21 insertions(+), 23 deletions(-)
+
+diff --git a/plugins/selinux.c b/plugins/selinux.c
+index ba37ffabe..12545174d 100644
+--- a/plugins/selinux.c
++++ b/plugins/selinux.c
+@@ -94,65 +94,63 @@ static rpmRC selinux_psm_pre(rpmPlugin plugin, rpmte te)
+     return rc;
+ }
+ 
+-static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin,
+-						 const char *path, int type)
+-{
+-    rpmRC rc = RPMRC_FAIL;
+-    int xx;
+ #ifndef HAVE_SETEXECFILECON
++static int setexecfilecon(const char *path, const char *fallback_type)
++{
++    int rc = -1;
+     security_context_t mycon = NULL, fcon = NULL, newcon = NULL;
+     context_t con = NULL;
+ 
+-    if (sehandle == NULL)
+-	return RPMRC_OK;
+-
+     /* Figure the context to for next exec() */
+     if (getcon(&mycon) < 0)
+ 	goto exit;
+     if (getfilecon(path, &fcon) < 0)
+ 	goto exit;
+-    if (security_compute_create(mycon, fcon, string_to_security_class("process"), &newcon) < 0)
++    if (security_compute_create(mycon, fcon,
++			string_to_security_class("process"), &newcon) < 0)
+ 	goto exit;
+ 
+     if (rstreq(mycon, newcon)) {
+-	/* No default transition, use rpm_script_t for now. */
+-	const char * script_type = "rpm_script_t";
+-
+ 	con = context_new(mycon);
+ 	if (!con)
+ 	    goto exit;
+-	if (context_type_set(con, script_type))
++	if (context_type_set(con, fallback_type))
+ 	    goto exit;
+ 	freecon(newcon);
+ 	newcon = xstrdup(context_str(con));
+     }
+ 
+-    if ((xx = setexeccon(newcon)) == 0)
+-	rc = RPMRC_OK;
+-
+-    rpmlog(loglvl(xx < 0), "setexeccon: (%s, %s) %s\n",
+-	       path, newcon, (xx < 0 ? strerror(errno) : ""));
++    rc = setexeccon(newcon);
+ 
+ exit:
+     context_free(con);
+     freecon(newcon);
+     freecon(fcon);
+     freecon(mycon);
++    return rc;
++}
++#endif
++
++static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin,
++						 const char *path, int type)
++{
++    /* No default transition, use rpm_script_t for now. */
++    const char *script_type  = "rpm_script_t";
++    rpmRC rc = RPMRC_FAIL;
+ 
+-#else
+     if (sehandle == NULL)
+ 	return RPMRC_OK;
+ 
+-    if ((xx = setexecfilecon(path, "rpm_script_t")) == 0)
++    if (setexecfilecon(path, script_type) == 0)
+ 	rc = RPMRC_OK;
+ 
+-    rpmlog(loglvl(xx < 0), "setexecfilecon: (%s) %s\n",
+-	       path, (xx < 0 ? strerror(errno) : ""));
+-#endif
+     /* If selinux is not enforcing, we don't care either */
+     if (rc && security_getenforce() < 1)
+ 	rc = RPMRC_OK;
+ 
++    rpmlog(loglvl(rc), "setexecfilecon: (%s, %s) %s\n",
++	       path, script_type, rc ? strerror(errno) : "");
++
+     return rc;
+ }
+ 
+-- 
diff --git a/rpm.spec b/rpm.spec
index be3e454..d597c69 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.15.1
-Release:       15
+Release:       16
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@@ -18,6 +18,7 @@ Patch8: change-rpmsigdig-test-s-SHA256HEADER-SHA1HEADER-SIGM.patch
 Patch9: bugfix-rpm-4.11.3-add-aarch64_ilp32-arch.patch
 Patch10: bugfix-rpm-4.14.2-fix-tty-failed.patch
 Patch11: bugfix-rpm-4.14.2-wait-once-get-rpmlock-fail.patch
+Patch12: Use-common-error-logic-regardless-of-setexecfilecon-.patch
 
 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel 
 BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
@@ -286,6 +287,12 @@ make check || (cat tests/rpmtests.log; exit 0)
 %{_mandir}/man1/gendiff.1*
 
 %changelog
+* Fri May 22 2020 openEuler Buildteam <buildteam@openeuler.org> - 4.15.1-16
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:solve the error of setexecfilecon
+
 * Wed May 13 2020 openEuler Buildteam <buildteam@openeuler.org> - 4.15.1-15
 - Type:bugfix
 - ID:NA