diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.23/Makefile

--- nsapolicycoreutils/Makefile	2007-07-16 14:20:43.000000000 -0400

+++ policycoreutils-2.0.23/Makefile	2007-08-22 16:29:22.000000000 -0400

@@ -1,4 +1,4 @@

-SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po

+SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui

 all install relabel clean indent:

 	@for subdir in $(SUBDIRS); do \

diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.23/restorecond/restorecond.c

--- nsapolicycoreutils/restorecond/restorecond.c	2007-07-16 14:20:41.000000000 -0400

+++ policycoreutils-2.0.23/restorecond/restorecond.c	2007-08-22 16:29:22.000000000 -0400

@@ -210,9 +210,10 @@

 			}

 			if (fsetfilecon(fd, scontext) < 0) {

-				syslog(LOG_ERR,

-				       "set context %s->%s failed:'%s'\n",

-				       filename, scontext, strerror(errno));

+				if (errno != EOPNOTSUPP) 

+					syslog(LOG_ERR,

+					       "set context %s->%s failed:'%s'\n",

+					       filename, scontext, strerror(errno));

 				if (retcontext >= 0)

 					free(prev_context);

 				free(scontext);

@@ -225,8 +226,9 @@

 		if (retcontext >= 0)

 			free(prev_context);

 	} else {

-		syslog(LOG_ERR, "get context on %s failed: '%s'\n",

-		       filename, strerror(errno));

+		if (errno != EOPNOTSUPP) 

+			syslog(LOG_ERR, "get context on %s failed: '%s'\n",

+			       filename, strerror(errno));

 	}

 	free(scontext);

 	close(fd);

diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.23/scripts/genhomedircon

--- nsapolicycoreutils/scripts/genhomedircon	1969-12-31 19:00:00.000000000 -0500

+++ policycoreutils-2.0.23/scripts/genhomedircon	2007-08-23 10:08:04.000000000 -0400

@@ -0,0 +1,404 @@

+#! /usr/bin/python -E

+# Copyright (C) 2004 Tresys Technology, LLC

+# see file 'COPYING' for use and warranty information

+#

+# genhomedircon - this script is used to generate file context

+# configuration entries for user home directories based on their

+# default prefixes and is run when building the policy. Specifically, we

+# replace HOME_ROOT, HOME_DIR, and ROLE macros in .fc files with

+# generic and user-specific values.

+#

+# Based off original script by Dan Walsh, <dwalsh@redhat.com>

+#

+# ASSUMPTIONS:

+#

+# The file CONTEXTDIR/files/homedir_template exists.  This file is used to

+# set up the home directory context for each real user.

+# 

+# If a user is not listed in CONTEXTDIR/seusers, he will default to user_u, prefix user

+#

+# "Real" users (as opposed to system users) are those whose UID is greater than

+#  or equal STARTING_UID (usually 500) and whose login is not a member of

+#  EXCLUDE_LOGINS.  Users who are explicitly defined in CONTEXTDIR/seusers

+#  are always "real" (including root, in the default configuration).

+#

+#  

+

+import sys, os, pwd, string, getopt, re

+from semanage import *;

+import selinux

+import gettext

+gettext.install('policycoreutils')

+

+def grep(file, var):

+	ret = ""

+	fd = open(file, 'r')

+

+	for i in  fd.readlines():

+	    if re.search(var, i, 0) != None:

+	        ret = i

+                break

+	fd.close()

+	return ret

+

+def findval(file, var, delim = ""):

+	val = ""

+	try:

+		fd = open(file, 'r')

+		for i in  fd.readlines():

+			if i.startswith(var) == 1:

+				if delim == "":

+					val = i.split()[1]

+				else:

+					val = i.split(delim)[1]

+				val = val.split("#")[0]

+				val = val.strip()

+		fd.close()

+	except:

+		val = ""

+	return val

+

+def getStartingUID():

+	starting_uid = sys.maxint

+	uid_min =  findval("/etc/login.defs", "UID_MIN")

+	if uid_min != "":

+		uid_min = uid_min.split("#")[0]

+		uid_min = uid_min.strip()

+		if int(uid_min) < starting_uid:

+			starting_uid = int(uid_min)

+

+	uid_min =  findval("/etc/libuser.conf", "LU_UIDNUMBER", "=")

+	if uid_min != "":

+		uid_min = uid_min.split("#")[0]

+		uid_min = uid_min.strip()

+		if int(uid_min) < starting_uid:

+			starting_uid = int(uid_min)

+

+	if starting_uid == sys.maxint:

+		starting_uid = 500

+	return starting_uid

+

+def getDefaultHomeDir():

+	ret = []

+	homedir = findval("/etc/default/useradd", "HOME", "=")

+	if homedir != "" and not homedir in ret:

+		ret.append(homedir)

+	

+	homedir = findval("/etc/libuser.conf", "LU_HOMEDIRECTORY", "=")

+	if homedir != "" and not homedir in ret:

+		ret.append(homedir)

+	

+	if ret == []:

+		ret.append("/home")

+

+	# Add /export/home if it exists

+	# Some customers use this for automounted homedirs

+	if os.path.exists("/export/home"):

+		ret.append("/export/home")

+

+	return ret

+

+def getSELinuxType(directory):

+	val = findval(directory+"/config", "SELINUXTYPE", "=")

+	if val != "":

+		return val

+	return "targeted"

+

+def usage(rc=0, error = ""):

+	if error != "":

+		sys.stderr.write("%s\n" % error)

+		rc = 1

+	sys.stderr.write("Usage: %s [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ]\n" % sys.argv[0])

+	sys.stderr.flush()

+	sys.exit(rc)

+

+def warning(warning = ""):

+	sys.stderr.write("%s\n" % warning)

+	sys.stderr.flush()

+	

+def errorExit(error):

+	sys.stderr.write("%s exiting for: " % sys.argv[0])

+	sys.stderr.write("%s\n" % error)

+	sys.stderr.flush()

+	sys.exit(1)

+

+class selinuxConfig:

+	def __init__(self, selinuxdir = "/etc/selinux", type = "targeted", usepwd = 1):

+		self.semanageHandle = semanage_handle_create()

+		self.semanaged = semanage_is_managed(self.semanageHandle)

+		if self.semanaged:

+			rc = semanage_connect(self.semanageHandle)

+			if rc:

+				errorExit("Unable to connect to semanage")

+			(status, self.ulist) = semanage_user_list(self.semanageHandle)

+		self.type = type

+		self.selinuxdir = selinuxdir +"/"

+		self.contextdir = "/contexts"

+		self.filecontextdir = self.contextdir+"/files"

+		self.usepwd = usepwd

+		self.default_user = "user_u"

+		self.default_prefix = "user"

+		self.users = self.getUsers()

+		fd = open(self.getFileContextFile())

+		self.fclines=[]

+		for i in fd.readlines():

+		    try:

+			    regex = i.split()[0]

+			    #match a trailing .+

+			    regex = re.sub("\.+$", "", regex)

+			    regex = re.sub("\.\*$", "", regex)

+			    regex = re.sub("\(\/\.\*\)\?", "", regex)

+			    regex = regex + "/*$"

+			    self.fclines.append(re.compile(regex))

+		    except:

+			    continue

+

+		fd.close()

+		

+	def getFileContextDir(self):

+		return self.selinuxdir+self.type+self.filecontextdir

+

+	def getFileContextFile(self):

+		return self.getFileContextDir()+"/file_contexts"

+	

+	def getContextDir(self):

+		return self.selinuxdir+self.type+self.contextdir

+

+	def getHomeDirTemplate(self):

+		return self.getFileContextDir()+"/homedir_template"

+

+	def getHomeRootContext(self, homedir):

+		ret = ""

+		fd = open(self.getHomeDirTemplate(), 'r')

+

+		for i in  fd.readlines():

+			if i.find("HOME_ROOT") == 0:

+				i = i.replace("HOME_ROOT", homedir)

+				ret += i

+		fd.close()

+		if ret == "":

+			errorExit("No Home Root Context Found")

+		return ret

+

+	def heading(self):

+		ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]

+		if self.semanaged:

+			ret += "# use semanage command to manage system users in order to change the file_context\n#\n#\n"

+		else:

+			ret += "# edit %s to change file_context\n#\n#\n" % (self.selinuxdir+self.type+"/seusers")

+		return ret

+

+	def get_default_prefix(self, name):

+		for user in self.ulist:

+			if semanage_user_get_name(user) == name:

+				return semanage_user_get_prefix(user)

+		return name

+

+	def get_old_prefix(self, user):

+		rc = grep(self.selinuxdir+self.type+"/users/system.users", "^user %s" % user)

+		if rc == "":					    

+			rc = grep(self.selinuxdir+self.type+"/users/local.users", "^user %s" % user)

+		if rc != "":

+			user = rc.split()

+			prefix  =  user[3]

+			if prefix == "{":

+				prefix = user[4]

+		if len(prefix) > 2 and (prefix[-2:] == "_r" or prefix[-2:] == "_u"):

+			prefix = prefix[:-2]

+		return prefix

+		

+	def adduser(self, udict, user, seuser, prefix):

+		if seuser == self.default_user or user == "__default__" or user == "system_u":

+			return

+		# !!! chooses first prefix in the list to use in the file context !!!

+		try:

+			home = pwd.getpwnam(user)[5]

+			if home == "/":

+				# Probably install so hard code to /root

+				if user == "root":

+					home = "/root"

+				else:

+					return

+		except KeyError:

+			if user == "root":

+				home = "/root"

+			else:

+				sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)

+				return

+		prefs = {}

+		prefs["seuser"] = seuser

+		prefs["prefix"] = prefix

+		prefs["home"] = home

+		udict[user] = prefs

+			

+	def setDefaultUser(self, user, prefix):

+		self.default_user = user

+		self.default_prefix = prefix

+		

+	def getUsers(self):

+		udict = {}

+		if self.semanaged:

+			(status, list) = semanage_seuser_list(self.semanageHandle)

+			for seuser in list:

+				user = []

+				seusername = semanage_seuser_get_sename(seuser)

+				prefix = self.get_default_prefix(seusername)

+				if semanage_seuser_get_name(seuser) == "__default__":

+					self.setDefaultUser(seusername, prefix)

+

+				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, prefix)

+				

+		else:

+			try:

+				fd = open(self.selinuxdir+self.type+"/seusers")

+				for u in  fd.readlines():

+					u = u.strip()

+					if len(u) == 0 or u[0] == "#":

+						continue

+					user = u.split(":")

+					if len(user) < 2:

+						continue

+					

+					prefix = self.get_old_prefix(user[1])

+					self.adduser(udict, user[0], user[1], prefix)

+				fd.close()

+			except IOError, error:

+				# Must be install so force add of root

+				self.adduser(udict, "root", "root", "root")

+

+		return udict

+

+	def getHomeDirContext(self, user, seuser, home, prefix):

+		ret = "\n\n#\n# Home Context for user %s\n#\n\n" % user

+		fd = open(self.getHomeDirTemplate(), 'r')

+		for i in  fd.readlines():

+			if i.startswith("HOME_DIR") == 1:

+				i = i.replace("HOME_DIR", home)

+				i = i.replace("ROLE", prefix)

+				i = i.replace("system_u", seuser)

+				# Validate if the generated context exists.  Some user types may not exist

+				scon = i.split()[-1]

+				if selinux.is_selinux_enabled() < 1 or selinux.security_check_context(scon) == 0:

+					ret = ret+i

+		fd.close()

+		return ret

+

+	def getUserContext(self, user, sel_user, prefix):

+		ret = ""

+		fd = open(self.getHomeDirTemplate(), 'r')

+		for i in  fd.readlines():

+			if i.find("USER") > 0:

+				i = i.replace("USER", user)

+				i = i.replace("ROLE", prefix)

+				i = i.replace("system_u", sel_user)

+				ret = ret+i

+		fd.close()

+		return ret

+

+	def genHomeDirContext(self):

+		ret = ""

+		# Fill in HOME and prefix for users that are defined

+		for u in self.users.keys():

+			ret += self.getHomeDirContext (u, self.users[u]["seuser"], self.users[u]["home"], self.users[u]["prefix"])

+			ret += self.getUserContext (u, self.users[u]["seuser"], self.users[u]["prefix"])

+		return ret+"\n"

+

+	def checkExists(self, home):

+		for i in self.fclines:

+		    try:

+			    if i.match(home):

+				    return 1

+		    except:

+			    continue

+		return 0

+

+	def getHomeDirs(self):

+		homedirs = getDefaultHomeDir()

+		starting_uid = getStartingUID()

+		if self.usepwd == 0:

+			return homedirs

+		ulist = pwd.getpwall()

+		for u in ulist:

+			if u[2] >= starting_uid and \

+					u[6] in VALID_SHELLS and \

+					u[5] != "/" and \

+					string.count(u[5], "/") > 1:

+				homedir = u[5][:string.rfind(u[5], "/")]

+				if not homedir in homedirs:

+					if self.checkExists(homedir) == 1:

+						warning("%s homedir %s or its parent directory conflicts with a\ndefined context in %s,\n%s will not create a new context. This usually indicates an incorrectly defined system account.  If it is a system account please make sure its login shell is /sbin/nologin." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))

+					else:

+						homedirs.append(homedir)

+

+		homedirs.sort()

+		return homedirs

+ 

+	def genoutput(self):

+		ret = self.heading()

+		for h in self.getHomeDirs():

+			ret += self.getHomeDirContext (self.default_user, self.default_user, h+'/[^/]*', self.default_prefix)

+			ret += self.getHomeRootContext(h)

+		ret += self.getUserContext(".*", self.default_user, self.default_prefix) + "\n"

+		ret += self.genHomeDirContext()

+		return ret

+

+	def printout(self):

+		print self.genoutput()

+

+	def write(self):

+		fd = open(self.getFileContextDir()+"/file_contexts.homedirs", "w")

+		fd.write(self.genoutput())

+		fd.close()

+

+if os.getuid() > 0 or os.geteuid() > 0:

+	print _("You must be root to run %s.") % sys.argv[0]

+	sys.exit(1)

+

+try:

+	fd = open("/etc/shells", 'r')

+	VALID_SHELLS = fd.read().split("\n")

+	fd.close()

+	if "/sbin/nologin" in VALID_SHELLS:

+		VALID_SHELLS.remove("/sbin/nologin")

+	if "" in VALID_SHELLS:

+		VALID_SHELLS.remove("")

+except:

+	VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']

+

+#

+# This script will generate home dir file context

+# based off the homedir_template file, entries in the password file, and

+#

+try:

+	usepwd = 1

+	directory = "/etc/selinux"

+	type = None

+	gopts, cmds = getopt.getopt(sys.argv[1:], 'hnd:t:', ['help',

+						'type=',

+						'nopasswd',

+						'dir='])

+	for o,a in gopts:

+		if o == '--type' or o == "-t":

+			type = a

+		if o == '--nopasswd'  or o == "-n":

+			usepwd = 0

+		if o == '--dir'  or o == "-d":

+			directory = a

+		if o == '--help'  or o == "-h":

+			usage()

+except getopt.error, error:

+	errorExit(_("Options Error %s ") % error)

+

+if type == None:

+	type = getSELinuxType(directory)

+

+if len(cmds) != 0:

+	usage(1)

+

+selconf = selinuxConfig(directory, type, usepwd)

+try:

+	selconf.write()

+except IOError, error:

+	sys.stderr.write("%s: %s\n" % ( sys.argv[0], error ))

+	sys.exit(1)

+

diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-2.0.23/scripts/genhomedircon.8

--- nsapolicycoreutils/scripts/genhomedircon.8	1969-12-31 19:00:00.000000000 -0500

+++ policycoreutils-2.0.23/scripts/genhomedircon.8	2007-08-20 19:16:35.000000000 -0400

@@ -0,0 +1,82 @@

+.\" Hey, Emacs! This is an -*- nroff -*- source file.

+.\" Copyright (c) 2005 Manoj Srivastava <srivasta@debian.org>

+.\"

+.\" This is free documentation; you can redistribute it and/or

+.\" modify it under the terms of the GNU General Public License as

+.\" published by the Free Software Foundation; either version 2 of

+.\" the License, or (at your option) any later version.

+.\"

+.\" The GNU General Public License's references to "object code"

+.\" and "executables" are to be interpreted as the output of any

+.\" document formatting or typesetting system, including

+.\" intermediate and printed output.

+.\"

+.\" This manual is distributed in the hope that it will be useful,

+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of

+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+.\" GNU General Public License for more details.

+.\"

+.\" You should have received a copy of the GNU General Public

+.\" License along with this manual; if not, write to the Free

+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,

+.\" USA.

+.\"

+.\"

+.TH GENHOMEDIRCON "8" "January 2005" "Security Enhanced Linux" ""

+.SH NAME

+genhomedircon \- generate SELinux file context configuration entries for user home directories 

+.SH SYNOPSIS

+.B genhomedircon [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ] [-h]

+

+.SH OPTIONS

+.TP

+.B "\-h"

+Print a short usage message

+.TP

+.B "\-d selinuxdir (\-\-directory)"

+Directory where selinux files are installed defaults to /etc/selinux

+.TP

+.B 

+\-n \-\-nopasswd

+Indicates to the utility not to read homedirectories out of the password database.  

+.TP

+\-t selinuxtype (\-\-type)

+Indicates the selinux type of this install.  Defaults to "targeted".

+.SH DESCRIPTION

+.PP

+This utility is used to generate file context configuration entries for 

+user home directories based on their 

+.B prefix 

+entry in the the 

+.B semanage user record.  

+genhomedircon is run when building 

+the policy. It is also run automaticaly when ever the 

+.B semanage 

+utility modifies 

+.B user

+or

+.B login

+records.

+Specifically, we replace HOME_ROOT, HOME_DIR, and ROLE macros in the 

+.I /etc/selinux/<<SELINUXTYPE>>/contexts/files/homedir_template 

+file with generic and user-specific values.  HOME_ROOT and HOME_DIR is replaced with each distinct location where login users homedirectories are located.  Defaults to /home. ROLE is replaced based on the prefix entry in the 

+.B user

+record.

+.PP 

+genhomedircon searches through all password entires for all "login" user home directories, (as opposed

+to system users).  Login users are those whose UID is greater than or equal 

+.I STARTING_UID

+(default 500) and whose login shell is not "/sbin/nologin", or

+"/bin/false". 

+.PP 

+.SH AUTHOR

+This manual page was originally written by 

+.I Manoj Srivastava <srivasta@debian.org>,

+for the Debian GNU/Linux system, based on the comments and the code

+in the utility, and then updated by Dan Walsh of Red Hat. The 

+.B genhomedircon

+utility was originally written by 

+.I Dan Walsh of Red Hat 

+with some modifications by 

+.I Tresys Technology, LLC.

+

diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.23/scripts/Makefile

--- nsapolicycoreutils/scripts/Makefile	2007-08-23 16:52:26.000000000 -0400

+++ policycoreutils-2.0.23/scripts/Makefile	2007-08-20 19:16:35.000000000 -0400

@@ -5,14 +5,18 @@

 MANDIR ?= $(PREFIX)/share/man

 LOCALEDIR ?= /usr/share/locale

-all: fixfiles

+TARGETS=genhomedircon 

+

+all: $(TARGETS) fixfiles

 install: all

 	-mkdir -p $(BINDIR)

+	install -m 755 $(TARGETS) $(SBINDIR)

 	install -m 755 chcat $(BINDIR)

 	install -m 755 fixfiles $(DESTDIR)/sbin

 	-mkdir -p $(MANDIR)/man8

 	install -m 644 fixfiles.8 $(MANDIR)/man8/

+	install -m 644 genhomedircon.8 $(MANDIR)/man8/

 	install -m 644 chcat.8 $(MANDIR)/man8/

 clean:

diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.23/semanage/seobject.py

--- nsapolicycoreutils/semanage/seobject.py	2007-07-16 14:20:41.000000000 -0400

+++ policycoreutils-2.0.23/semanage/seobject.py	2007-08-22 16:29:22.000000000 -0400

@@ -210,6 +210,7 @@

 		os.write(fd, self.out())

 		os.close(fd)

 		os.rename(newfilename, self.filename)

+                os.system("/sbin/service mcstrans reload > /dev/null")

 class semanageRecords:

 	def __init__(self):

@@ -1024,14 +1025,31 @@

 	def __init__(self):

 		semanageRecords.__init__(self)

-	def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):

+        def createcon(self, target, seuser = "system_u"):

+                (rc, con) = semanage_context_create(self.sh)

+                if rc < 0:

+                       raise ValueError(_("Could not create context for %s") % target)

 		if seuser == "":

 			seuser = "system_u"

+

+                rc = semanage_context_set_user(self.sh, con, seuser)

+                if rc < 0:

+                       raise ValueError(_("Could not set user in file context for %s") % target)

+		

+                rc = semanage_context_set_role(self.sh, con, "object_r")

+                if rc < 0:

+                       raise ValueError(_("Could not set role in file context for %s") % target)

+

 		if is_mls_enabled == 1:

-			if serange == "":

-				serange = "s0"

-			else:

-				serange = untranslate(serange)

+                       rc = semanage_context_set_mls(self.sh, con, "s0")

+                       if rc < 0:

+                              raise ValueError(_("Could not set mls fields in file context for %s") % target)

+

+                return con

+               

+	def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):

+		if is_mls_enabled == 1:

+                       serange = untranslate(serange)

 		if type == "":

 			raise ValueError(_("SELinux Type is required"))

@@ -1051,33 +1069,23 @@

 			raise ValueError(_("Could not create file context for %s") % target)

 		rc = semanage_fcontext_set_expr(self.sh, fcontext, target)

-		(rc, con) = semanage_context_create(self.sh)

-		if rc < 0:

-			raise ValueError(_("Could not create context for %s") % target)

-

-		rc = semanage_context_set_user(self.sh, con, seuser)

-		if rc < 0:

-			raise ValueError(_("Could not set user in file context for %s") % target)

-		

-		rc = semanage_context_set_role(self.sh, con, "object_r")

-		if rc < 0:

-			raise ValueError(_("Could not set role in file context for %s") % target)

-

-		rc = semanage_context_set_type(self.sh, con, type)

-		if rc < 0:

-			raise ValueError(_("Could not set type in file context for %s") % target)

+                if type != "<<none>>":

+                       con = self.createcon(target, seuser)

-		if serange != "":

-			rc = semanage_context_set_mls(self.sh, con, serange)

-			if rc < 0:

-				raise ValueError(_("Could not set mls fields in file context for %s") % target)

+                       rc = semanage_context_set_type(self.sh, con, type)

+                       if rc < 0:

+                              raise ValueError(_("Could not set type in file context for %s") % target)

+

+                       if serange != "":

+                              rc = semanage_context_set_mls(self.sh, con, serange)

+                              if rc < 0:

+                                     raise ValueError(_("Could not set mls fields in file context for %s") % target)

+                       rc = semanage_fcontext_set_con(self.sh, fcontext, con)

+                       if rc < 0:

+                              raise ValueError(_("Could not set file context for %s") % target)

 		semanage_fcontext_set_type(fcontext, file_types[ftype])

-		rc = semanage_fcontext_set_con(self.sh, fcontext, con)

-		if rc < 0:

-			raise ValueError(_("Could not set file context for %s") % target)

-

 		rc = semanage_begin_transaction(self.sh)

 		if rc < 0:

 			raise ValueError(_("Could not start semanage transaction"))

@@ -1090,7 +1098,8 @@

 		if rc < 0:

 			raise ValueError(_("Could not add file context for %s") % target)

-		semanage_context_free(con)

+                if type != "<<none>>":

+                       semanage_context_free(con)

 		semanage_fcontext_key_free(k)

 		semanage_fcontext_free(fcontext)

@@ -1112,16 +1121,29 @@

 		if rc < 0:

 			raise ValueError(_("Could not query file context for %s") % target)

-		con = semanage_fcontext_get_con(fcontext)

+                if setype != "<<none>>":

+                       con = semanage_fcontext_get_con(fcontext)

-		if serange != "":

-			semanage_context_set_mls(self.sh, con, untranslate(serange))

-		if seuser != "":

-			semanage_context_set_user(self.sh, con, seuser)	

-		if setype != "":

-			semanage_context_set_type(self.sh, con, setype)

-

-		rc = semanage_begin_transaction(self.sh)

+                       if con == None:

+                              con = self.createcon(target)

+                              

+                       if serange != "":

+                              semanage_context_set_mls(self.sh, con, untranslate(serange))

+                       if seuser != "":

+                              semanage_context_set_user(self.sh, con, seuser)

+                              

+                       if setype != "":

+                              semanage_context_set_type(self.sh, con, setype)

+

+                       rc = semanage_fcontext_set_con(self.sh, fcontext, con)

+                       if rc < 0:

+                              raise ValueError(_("Could not set file context for %s") % target)

+                else:

+                       rc = semanage_fcontext_set_con(self.sh, fcontext, None)

+                       if rc < 0:

+                              raise ValueError(_("Could not set file context for %s") % target)

+                       

+                rc = semanage_begin_transaction(self.sh)

 		if rc < 0:

 			raise ValueError(_("Could not start semanage transaction"))

@@ -1283,9 +1305,12 @@

 			raise ValueError(_("Could not list booleans"))

 		for boolean in self.blist:

-			name = semanage_bool_get_name(boolean)

-			value = semanage_bool_get_value(boolean)

-			ddict[name] = value

+                       value = []

+                       name = semanage_bool_get_name(boolean)

+                       value[0] = semanage_bool_get_value(boolean)

+                       value[1] = selinux.security_get_boolean_pending(boolean)

+                       value[2] = selinux.security_get_boolean_active(boolean)

+                       ddict[name] = value

 		return ddict

diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.23/semodule/semodule.8

--- nsapolicycoreutils/semodule/semodule.8	2007-07-16 14:20:42.000000000 -0400