diff -up at-3.1.12/atd.c.fix at-3.1.12/atd.c
--- at-3.1.12/atd.c.fix	2010-01-18 14:22:19.364913059 +0100
+++ at-3.1.12/atd.c	2010-01-18 14:20:17.867912485 +0100
@@ -458,11 +458,9 @@ run_file(const char *filename, uid_t uid
     size = buf.st_size;
 
 #ifdef WITH_PAM
-    PRIV_START
-    PAM_HANDLING;
+    PAM_HANDLING;
     closelog(); 
     openlog("atd", LOG_PID, LOG_ATD);
-    PRIV_END
 #endif
 
     close(STDIN_FILENO);
@@ -484,7 +482,6 @@ run_file(const char *filename, uid_t uid
 	if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) )
 		nenvp = pam_envp;
 #endif
-	PRIV_END
 	/* Set up things for the child; we want standard input from the
 	 * input file, and standard output and error sent to our output file.
 	 */
@@ -505,8 +502,6 @@ run_file(const char *filename, uid_t uid
 	if (chdir(ATJOB_DIR) < 0)
 	    perr("Cannot chdir to " ATJOB_DIR);
 
-	PRIV_START
-
 	    nice((tolower((int) queue) - 'a' + 1) * 2);
 
 	    if (initgroups(pentry->pw_name, pentry->pw_gid))
@@ -531,6 +526,17 @@ run_file(const char *filename, uid_t uid
 
 	    if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
 		perr("Exec failed for /bin/sh");
+
+//add for fedora
+#ifdef WITH_SELINUX
+   if (selinux_enabled>0)
+           if (setexeccon(NULL) < 0)
+               if (security_getenforce()==1)
+               perr("Could not resset exec context for user %s\n", pentry->pw_name);
+
+#endif
+//end
+//add for fedora
 #ifdef  WITH_PAM
 	    if ( ( nenvp != &nul ) && (pam_envp != 0L)  && (*pam_envp != 0L))
 	    {
@@ -553,7 +559,7 @@ run_file(const char *filename, uid_t uid
        return with an ECHILD error. 
      */
     waitpid(pid, (int *) NULL, 0);
-
+/*
 #ifdef WITH_PAM
     PRIV_START
 	pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
@@ -561,7 +567,7 @@ run_file(const char *filename, uid_t uid
 	pam_end(pamh, retcode);
     PRIV_END
 #endif
-
+*/
     /* Send mail.  Unlink the output file after opening it, so it
      * doesn't hang around after the run.
      */