diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/fgetfilecon.3 libselinux-2.0.71/man/man3/fgetfilecon.3
--- nsalibselinux/man/man3/fgetfilecon.3	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.71/man/man3/fgetfilecon.3	2008-09-09 16:21:46.000000000 -0400
@@ -0,0 +1 @@
+.so man3/getfilecon.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getkeycreatecon.3 libselinux-2.0.71/man/man3/getkeycreatecon.3
--- nsalibselinux/man/man3/getkeycreatecon.3	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.71/man/man3/getkeycreatecon.3	2008-09-09 16:21:49.000000000 -0400
@@ -0,0 +1,38 @@
+.TH "getkeycreatecon" "3" "9 September 2008" "dwalsh@redhat.com from russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+getkeycreatecon, setkeycreatecon \- get or set the SELinux security context used for creating a new kernel keyrings.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getkeycreatecon(security_context_t *" con );
+
+.BI "int setkeycreatecon(security_context_t "context );
+
+.SH "DESCRIPTION"
+.B getkeycreatecon
+retrieves the context used for creating a new kernel keyring.
+This returned context should be freed with freecon if non-NULL.  
+getkeycreatecon sets *con to NULL if no keycreate context has been explicitly 
+set by the program (i.e. using the default policy behavior).
+
+.B setkeycreatecon
+sets the context used for creating a new kernel keyring.
+NULL can be passed to
+setkeycreatecon to reset to the default policy behavior.  
+The keycreate context is automatically reset after the next execve, so a
+program doesn't need to explicitly sanitize it upon startup.  
+
+setkeycreatecon can be applied prior to library
+functions that internally perform an file creation,
+in order to set an file context on the objects.
+
+
+Note: Signal handlers that perform an setkeycreate must take care to
+save, reset, and restore the keycreate context to avoid unexpected behavior.
+.SH "RETURN VALUE"
+On error -1 is returned.
+On success 0 is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/lgetfilecon.3 libselinux-2.0.71/man/man3/lgetfilecon.3
--- nsalibselinux/man/man3/lgetfilecon.3	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.71/man/man3/lgetfilecon.3	2008-09-09 16:21:46.000000000 -0400
@@ -0,0 +1 @@
+.so man3/getfilecon.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setkeycreatecon.3 libselinux-2.0.71/man/man3/setkeycreatecon.3
--- nsalibselinux/man/man3/setkeycreatecon.3	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.71/man/man3/setkeycreatecon.3	2008-09-09 16:22:09.000000000 -0400
@@ -0,0 +1 @@
+.so man3/getkeycreatecon.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.71/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.71/man/man8/selinuxconlist.8	2008-09-09 16:21:46.000000000 -0400
@@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+selinuxconlist \- list all SELinux context reachable for user
+.SH "SYNOPSIS"
+.B selinuxconlist [-l level] user [context]
+
+.SH "DESCRIPTION"
+.B selinuxconlist
+reports the list of context reachable for user from the current context or specified context
+
+.B \-l level
+mcs/mls level
+
+.SH AUTHOR	
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+secon(8), selinuxdefcon(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.71/man/man8/selinuxdefcon.8
--- nsalibselinux/man/man8/selinuxdefcon.8	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.71/man/man8/selinuxdefcon.8	2008-09-09 16:21:46.000000000 -0400
@@ -0,0 +1,19 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+selinuxdefcon \- list default SELinux context for user 
+
+.SH "SYNOPSIS"
+.B selinuxdefcon [-l level] user [fromcon]
+
+.SH "DESCRIPTION"
+.B seconlist
+reports the default context for the specified user from current context or specified context
+
+.B \-l level
+mcs/mls level
+
+.SH AUTHOR	
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+secon(8), selinuxconlist(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.71/src/callbacks.c
--- nsalibselinux/src/callbacks.c	2008-08-28 09:34:24.000000000 -0400
+++ libselinux-2.0.71/src/callbacks.c	2008-09-09 16:21:46.000000000 -0400
@@ -16,6 +16,7 @@
 {
 	int rc;
 	va_list ap;
+	if (is_selinux_enabled() == 0) return 0;
 	va_start(ap, fmt);
 	rc = vfprintf(stderr, fmt, ap);
 	va_end(ap);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.71/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c	2008-08-28 09:34:24.000000000 -0400
+++ libselinux-2.0.71/src/matchpathcon.c	2008-09-09 16:21:46.000000000 -0400
@@ -2,6 +2,7 @@
 #include <string.h>
 #include <errno.h>
 #include <stdio.h>
+#include <syslog.h>
 #include "selinux_internal.h"
 #include "label_internal.h"
 #include "callbacks.h"
@@ -57,7 +58,7 @@
 {
 	va_list ap;
 	va_start(ap, fmt);
-	vfprintf(stderr, fmt, ap);
+	vsyslog(LOG_ERR, fmt, ap);
 	va_end(ap);
 }