From b6a1a954f52fe685bf82200b731d022d7c2d6924 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 10 Apr 2009 19:17:47 -0400
Subject: [PATCH] Author: Daniel J Walsh Email: dwalsh@redhat.com Subject:
 patch to policycoreutils Date: Wed, 01 Apr 2009 10:10:43 -0400

Multiple patches to policycoreutils.

First added /root/.ssh and /root/.ssh/*  to allow people to place keys
in /root directory and have them labeled by restorcond

<snipdue to previously ack'd patch>

Clean up permissive domains creation in semanage so it does not leave
crap in /var/lib/selinux

---
Also have fixfiles operate recursively when in RPM mode, per:

Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Re: patch to policycoreutils
Date: Wed, 22 Apr 2009 21:50:48 -0400

If a package owned a directory like /var/lib/libvirt/images, when it is
relabeling we would want it to relabel not only the directory but the
contents of the directory

Signed-off-by: Chad Sellers <csellers@tresys.com>
---
 policycoreutils/restorecond/restorecond.conf |  4 ++++
 policycoreutils/scripts/fixfiles             |  2 +-
 policycoreutils/semanage/seobject.py         | 12 ++++++++----
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/policycoreutils/restorecond/restorecond.conf b/policycoreutils/restorecond/restorecond.conf
index 6dff5a1d..3fc9376a 100644
--- a/policycoreutils/restorecond/restorecond.conf
+++ b/policycoreutils/restorecond/restorecond.conf
@@ -5,3 +5,7 @@
 /var/run/utmp
 /var/log/wtmp
 ~/*
+/root/.ssh
+/root/.ssh/*
+
+
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index ccd63655..31f96d1c 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -122,7 +122,7 @@ if [ ! -z "$PREFC" ]; then
 fi
 if [ ! -z "$RPMFILES" ]; then
     for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
-	rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -i -f - 2>&1 >> $LOGFILE
+	rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
     done
     exit $?
 fi
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 07c119ce..20bd2059 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -339,6 +339,7 @@ class permissiveRecords(semanageRecords):
 
 
 	def add(self, type):
+               import glob
                name = "permissive_%s" % type
                dirname = "/var/lib/selinux"
                os.chdir(dirname)
@@ -362,16 +363,19 @@ permissive %s;
                fd.close()
 
                rc = semanage_module_install(self.sh, data, len(data));
-               if rc < 0:
-			raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
-
-               self.commit()
+               if rc >= 0:
+                      self.commit()
 
                for root, dirs, files in os.walk("tmp", topdown=False):
                       for name in files:
                              os.remove(os.path.join(root, name))
                       for name in dirs:
                              os.rmdir(os.path.join(root, name))
+               os.removedirs("tmp")
+               for i in glob.glob("permissive_%s.*" % type):
+                      os.remove(i)
+               if rc < 0:
+			raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
 
 	def delete(self, name):
                for n in name.split():