libsemanage 2.4-2 update

* Backport upstream patchs with fix bugs reported by Gentoo developers * Add missing makedepends
author: Nicolas Iooss 2015-09-05 10:44:22 +0200
committer: Nicolas Iooss 2015-09-05 10:44:22 +0200
commit: 80aa37c5548018c8d907a1c5e855090cca44bc1a (patch)
tree: 7e83150738a0fb759194676cbf0726a5d571c959
parent: c08d363859bb1d7f2c7de6f08ac5c5e17030dc45 (diff)
download: aur-80aa37c5548018c8d907a1c5e855090cca44bc1a.tar.gz
7 files changed, 949 insertions, 6 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 9c3e876f54d1..98eaecd85b9d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = libsemanage
 	pkgdesc = SELinux binary policy manipulation library
 	pkgver = 2.4
-	pkgrel = 1
+	pkgrel = 2
 	url = http://userspace.selinuxproject.org
 	install = libsemanage.install
 	arch = i686
@@ -9,18 +9,31 @@ pkgbase = libsemanage
 	groups = selinux
 	license = GPL
 	makedepends = flex
+	makedepends = python2
+	makedepends = python
+	makedepends = swig
 	depends = ustr
 	depends = libselinux>=2.4
 	depends = audit
 	optdepends = python2: python2 bindings
 	optdepends = python: python bindings
-	provides = selinux-usr-libsemanage=2.4-1
+	provides = selinux-usr-libsemanage=2.4-2
 	conflicts = selinux-usr-libsemanage
 	options = !emptydirs
 	source = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/libsemanage-2.4.tar.gz
 	source = semanage.conf
+	source = 0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch
+	source = 0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
+	source = 0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
+	source = 0004-libsemanage-save-homedir_template-in-the-policy-stor.patch
+	source = 0005-libsemanage-store-users_extra-in-the-policy-store.patch
 	sha256sums = 1a4cace4ef16786531ec075c0e7b2f961e2fee5dc86c5f983a689058899a6484
 	sha256sums = 5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0
+	sha256sums = 61a768144b740104fb2c17b6c15f10a207c0fa42d5faa611237f1df6b0a9c835
+	sha256sums = 3ac9a961efde8cbc091688ca3e42058baf37919b572abd96d0a8f8167f4f283c
+	sha256sums = 0324cfc186b09b748c74a64c74f9990dc7ee5497b8d450d4146f8fc73d6a710c
+	sha256sums = bb83007a0cee3e2f3193c4935b2956e9c1894d08146c36a72505248e22c158cf
+	sha256sums = 3497602b0b5095c08711fd922160b9bdefdb74dff39910b2cddf8480795580bb
 
 pkgname = libsemanage
 
diff --git a/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch b/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch
new file mode 100644
index 000000000000..35924370cdf9
--- /dev/null
+++ b/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch
@@ -0,0 +1,213 @@
+From c79e3964b33fdb170bba900ba1f3c040f5f70312 Mon Sep 17 00:00:00 2001
+From: Jason Zaman <jason@perfinion.com>
+Date: Wed, 22 Apr 2015 23:05:48 +0400
+Subject: [PATCH 1/5] libsemanage: do not copy contexts in
+ semanage_migrate_store
+
+The modules from the old store were previously copied to the new one
+using setfscreatecon and shutil.copy2(). Now that refpolicy has rules
+about the new policy location[1], copying the contexts is redundant.
+
+More importantly, the setcreatefscon caused a constraint violation[2]
+which made the migration fail. In python3, shutil.copy2() copies xattrs
+as well which again causes problems. shutil.copy() is enough for our
+needs here as it will copy the file and permissions in both py2 and 3.
+We do not need the extra things that copy2() does (mtime, xattr, etc).
+
+[1] http://oss.tresys.com/pipermail/refpolicy/2014-December/007511.html
+
+[2]
+type=AVC msg=audit(1429438272.872:1869): avc:  denied  { create } for  pid=28739 comm="semanage_migrat" name="strict" scontext=staff_u:sysadm_r:semanage_t tcontext=system_u:object_r:semanage_store_t tclass=dir permissive=0
+	constrain dir { create relabelfrom relabelto } ((u1 == u2 -Fail-)  or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED
+allow semanage_t semanage_store_t:dir create;
+
+Signed-off-by: Jason Zaman <jason@perfinion.com>
+Acked-by: Steve Lawrence <slawrence@tresys.com>
+
+Changes from v1:
+ - Changed some methods to not take a src param anymore.
+---
+ libsemanage/utils/semanage_migrate_store | 77 ++++++++------------------------
+ 1 file changed, 18 insertions(+), 59 deletions(-)
+
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index 03b492e05cbb..2f85e9c561ae 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -8,7 +8,6 @@ import shutil
+ import sys
+ from optparse import OptionParser
+ 
+-import bz2
+ import ctypes
+ 
+ sepol = ctypes.cdll.LoadLibrary('libsepol.so')
+@@ -21,41 +20,20 @@ except:
+ 	exit(1)
+ 
+ 
+-
+-
+-# For some reason this function doesn't exist in libselinux :\
+-def copy_with_context(src, dst):
++def copy_file(src, dst):
+ 	if DEBUG:
+ 		print("copying %s to %s" % (src, dst))
+ 	try:
+-		con = selinux.lgetfilecon_raw(src)[1]
+-	except:
+-		print("Could not get file context of %s" % src, file=sys.stderr)
+-		exit(1)
+-
+-	try:
+-		selinux.setfscreatecon_raw(con)
+-	except:
+-		print("Could not set fs create context: %s" %con, file=sys.stderr)
+-		exit(1)
+-
+-	try:
+-		shutil.copy2(src, dst)
++		shutil.copy(src, dst)
+ 	except OSError as the_err:
+ 		(err, strerr) = the_err.args
+ 		print("Could not copy %s to %s, %s" %(src, dst, strerr), file=sys.stderr)
+ 		exit(1)
+ 
+-	try:
+-		selinux.setfscreatecon_raw(None)
+-	except:
+-		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+-def create_dir_from(src, dst, mode):
++def create_dir(dst, mode):
+ 	if DEBUG: print("Making directory %s" % dst)
+ 	try:
+-		con = selinux.lgetfilecon_raw(src)[1]
+-		selinux.setfscreatecon_raw(con)
+ 		os.makedirs(dst, mode)
+ 	except OSError as the_err:
+ 		(err, stderr) = the_err.args
+@@ -65,28 +43,18 @@ def create_dir_from(src, dst, mode):
+ 			print("Error creating %s" % dst, file=sys.stderr)
+ 			exit(1)
+ 
+-	try:
+-		selinux.setfscreatecon_raw(None)
+-	except:
+-		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+-def create_file_from(src, dst):
++def create_file(dst):
+ 	if DEBUG: print("Making file %s" % dst)
+ 	try:
+-		con = selinux.lgetfilecon_raw(src)[1]
+-		selinux.setfscreatecon_raw(con)
+ 		open(dst, 'a').close()
+ 	except OSError as the_err:
+ 		(err, stderr) = the_err.args
+ 		print("Error creating %s" % dst, file=sys.stderr)
+ 		exit(1)
+ 
+-	try:
+-		selinux.setfscreatecon_raw(None)
+-	except:
+-		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+-def copy_module(store, name, con, base):
++def copy_module(store, name, base):
+ 	if DEBUG: print("Install module %s" % name)
+ 	(file, ext) = os.path.splitext(name)
+ 	if ext != ".pp":
+@@ -94,8 +62,6 @@ def copy_module(store, name, con, base):
+ 		print("warning: %s has invalid extension, skipping" % name, file=sys.stderr)
+ 		return
+ 	try:
+-		selinux.setfscreatecon_raw(con)
+-
+ 		if base:
+ 			root = oldstore_path(store)
+ 		else:
+@@ -105,7 +71,7 @@ def copy_module(store, name, con, base):
+ 
+ 		os.mkdir("%s/%s" % (bottomdir, file))
+ 
+-		copy_with_context(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))
++		copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))
+ 
+ 		# This is the ext file that will eventually be used to choose a compiler
+ 		efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600)
+@@ -116,15 +82,11 @@ def copy_module(store, name, con, base):
+ 		print("Error installing module %s" % name, file=sys.stderr)
+ 		exit(1)
+ 
+-	try:
+-		selinux.setfscreatecon_raw(None)
+-	except:
+-		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+-def disable_module(file, root, name, disabledmodules):
++def disable_module(file, name, disabledmodules):
+ 	if DEBUG: print("Disabling %s" % name)
+ 	(disabledname, disabledext) = os.path.splitext(file)
+-	create_file_from(os.path.join(root, name), "%s/%s" % (disabledmodules, disabledname))
++	create_file("%s/%s" % (disabledmodules, disabledname))
+ 
+ def migrate_store(store):
+ 
+@@ -138,17 +100,14 @@ def migrate_store(store):
+ 	print("Migrating from %s to %s" % (oldstore, newstore))
+ 
+ 	# Build up new directory structure
+-	create_dir_from(oldstore, "%s/%s" % (newroot_path(), store), 0o755)
+-	create_dir_from(oldstore, newstore, 0o700)
+-	create_dir_from(oldstore, newmodules, 0o700)
+-	create_dir_from(oldstore, bottomdir, 0o700)
+-	create_dir_from(oldstore, disabledmodules, 0o700)
+-
+-	# use whatever the file context of bottomdir is for the module directories
+-	con = selinux.lgetfilecon_raw(bottomdir)[1]
++	create_dir("%s/%s" % (newroot_path(), store), 0o755)
++	create_dir(newstore, 0o700)
++	create_dir(newmodules, 0o700)
++	create_dir(bottomdir, 0o700)
++	create_dir(disabledmodules, 0o700)
+ 
+ 	# Special case for base since it was in a different location
+-	copy_module(store, "base.pp", con, 1)
++	copy_module(store, "base.pp", 1)
+ 
+ 	# Dir structure built, start copying files
+ 	for root, dirs, files in os.walk(oldstore):
+@@ -161,7 +120,7 @@ def migrate_store(store):
+ 						newname = "seusers.local"
+ 					else:
+ 						newname = name
+-					copy_with_context(os.path.join(root, name), os.path.join(newstore, newname))
++					copy_file(os.path.join(root, name), os.path.join(newstore, newname))
+ 
+ 		elif root == oldmodules:
+ 			# This should be the modules directory
+@@ -171,9 +130,9 @@ def migrate_store(store):
+ 					print("Error installing module %s, name conflicts with base" % name, file=sys.stderr)
+ 					exit(1)
+ 				elif ext == ".disabled":
+-					disable_module(file, root, name, disabledmodules)
++					disable_module(file, name, disabledmodules)
+ 				else:
+-					copy_module(store, name, con, 0)
++					copy_module(store, name, 0)
+ 
+ def rebuild_policy():
+ 	# Ok, the modules are loaded, lets try to rebuild the policy
+@@ -287,7 +246,7 @@ if __name__ == "__main__":
+ 		"preserve_tunables" ]
+ 
+ 
+-	create_dir_from(oldroot_path(), newroot_path(), 0o755)
++	create_dir(newroot_path(), 0o755)
+ 
+ 	stores = None
+ 	if TYPE is not None:
+-- 
+2.5.1
+
diff --git a/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch b/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
new file mode 100644
index 000000000000..af255c95f26b
--- /dev/null
+++ b/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
@@ -0,0 +1,318 @@
+From 24feb06f1620de854f7ac7ec9b86b004c155f489 Mon Sep 17 00:00:00 2001
+From: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
+Date: Thu, 2 Jul 2015 09:27:36 -0400
+Subject: [PATCH 2/5] libsemanage: Add policy binary and file_contexts.local to
+ the store
+
+This patch writes policy.kern and file_contexts.local to the policy store as
+well as /etc/selinux/. Additionally, policy.kern and file_contexts.local
+are now parsed from the store rather than the final directory which was
+the old behavior. This allows all policy related files to be kept in the
+policy store.
+
+This patch also renames /var/lib/selinux/tmp to 'final' and changes
+policy.kern in the store to longer be a symlink.
+
+Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
+---
+ libsemanage/src/booleans_policydb.c      |  6 ++--
+ libsemanage/src/direct_api.c             | 33 +++++++++++++++----
+ libsemanage/src/interfaces_policydb.c    |  6 ++--
+ libsemanage/src/nodes_policydb.c         |  6 ++--
+ libsemanage/src/ports_policydb.c         |  6 ++--
+ libsemanage/src/semanage_store.c         | 55 ++++++++++++++++++++++++--------
+ libsemanage/src/semanage_store.h         |  5 +++
+ libsemanage/src/users_base_policydb.c    |  6 ++--
+ libsemanage/utils/semanage_migrate_store |  3 +-
+ 9 files changed, 86 insertions(+), 40 deletions(-)
+
+diff --git a/libsemanage/src/booleans_policydb.c b/libsemanage/src/booleans_policydb.c
+index 74af2a3300e3..6869d6cd0417 100644
+--- a/libsemanage/src/booleans_policydb.c
++++ b/libsemanage/src/booleans_policydb.c
+@@ -55,10 +55,8 @@ int bool_policydb_dbase_init(semanage_handle_t * handle,
+ {
+ 
+ 	if (dbase_policydb_init(handle,
+-				semanage_final_path(SEMANAGE_FINAL_SELINUX,
+-						    SEMANAGE_KERNEL),
+-				semanage_final_path(SEMANAGE_FINAL_TMP,
+-						    SEMANAGE_KERNEL),
++				semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++				semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
+ 				&SEMANAGE_BOOL_RTABLE,
+ 				&SEMANAGE_BOOL_POLICYDB_RTABLE,
+ 				&dconfig->dbase) < 0)
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index b0ed3388e27b..820d351c90ae 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -196,10 +196,8 @@ int semanage_direct_connect(semanage_handle_t * sh)
+ 		goto err;
+ 
+ 	if (fcontext_file_dbase_init(sh,
+-				     semanage_final_path(SEMANAGE_FINAL_SELINUX,
+-							 SEMANAGE_FC_LOCAL),
+-				     semanage_final_path(SEMANAGE_FINAL_TMP,
+-							 SEMANAGE_FC_LOCAL),
++				     semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_LOCAL),
++				     semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
+ 				     semanage_fcontext_dbase_local(sh)) < 0)
+ 		goto err;
+ 
+@@ -959,7 +957,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 	size_t fc_buffer_len = 0;
+ 	const char *ofilename = NULL;
+ 	const char *path;
+-	int retval = -1, num_modinfos = 0, i;
++	int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0;
+ 	sepol_policydb_t *out = NULL;
+ 	struct cil_db *cildb = NULL;
+ 	semanage_module_info_t *modinfos = NULL;
+@@ -1061,8 +1059,20 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 	modified |= dontaudit_modified;
+ 	modified |= preserve_tunables_modified;
+ 
++	/* This is for systems that have already migrated with an older version
++	 * of semanage_migrate_store. The older version did not copy policy.kern so
++	 * the policy binary must be rebuilt here.
++	 */
++	if (!sh->do_rebuild && !modified) {
++		path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
++
++		if (access(path, F_OK) != 0) {
++			missing_policy_kern = 1;
++		}
++	}
++
+ 	/* If there were policy changes, or explicitly requested, rebuild the policy */
+-	if (sh->do_rebuild || modified) {
++	if (sh->do_rebuild || modified || missing_policy_kern) {
+ 		/* =================== Module expansion =============== */
+ 
+ 		retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos);
+@@ -1222,6 +1232,17 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 	if (retval < 0)
+ 		goto cleanup;
+ 
++	retval = semanage_copy_policydb(sh);
++	if (retval < 0)
++		goto cleanup;
++
++	path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
++	if (access(path, F_OK) == 0) {
++		retval = semanage_copy_fc_local(sh);
++		if (retval < 0)
++			goto cleanup;
++	}
++
+ 	/* run genhomedircon if its enabled, this should be the last operation
+ 	 * which requires the out policydb */
+ 	if (!sh->conf->disable_genhomedircon) {
+diff --git a/libsemanage/src/interfaces_policydb.c b/libsemanage/src/interfaces_policydb.c
+index 6a42eedf32bf..552ce7d50c5c 100644
+--- a/libsemanage/src/interfaces_policydb.c
++++ b/libsemanage/src/interfaces_policydb.c
+@@ -51,10 +51,8 @@ int iface_policydb_dbase_init(semanage_handle_t * handle,
+ {
+ 
+ 	if (dbase_policydb_init(handle,
+-				semanage_final_path(SEMANAGE_FINAL_SELINUX,
+-						    SEMANAGE_KERNEL),
+-				semanage_final_path(SEMANAGE_FINAL_TMP,
+-						    SEMANAGE_KERNEL),
++				semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++				semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
+ 				&SEMANAGE_IFACE_RTABLE,
+ 				&SEMANAGE_IFACE_POLICYDB_RTABLE,
+ 				&dconfig->dbase) < 0)
+diff --git a/libsemanage/src/nodes_policydb.c b/libsemanage/src/nodes_policydb.c
+index 56012fbf1c64..7224f0084758 100644
+--- a/libsemanage/src/nodes_policydb.c
++++ b/libsemanage/src/nodes_policydb.c
+@@ -50,10 +50,8 @@ int node_policydb_dbase_init(semanage_handle_t * handle,
+ {
+ 
+ 	if (dbase_policydb_init(handle,
+-				semanage_final_path(SEMANAGE_FINAL_SELINUX,
+-						    SEMANAGE_KERNEL),
+-				semanage_final_path(SEMANAGE_FINAL_TMP,
+-						    SEMANAGE_KERNEL),
++				semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++				semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
+ 				&SEMANAGE_NODE_RTABLE,
+ 				&SEMANAGE_NODE_POLICYDB_RTABLE,
+ 				&dconfig->dbase) < 0)
+diff --git a/libsemanage/src/ports_policydb.c b/libsemanage/src/ports_policydb.c
+index b9600f056aad..37d7deb2735c 100644
+--- a/libsemanage/src/ports_policydb.c
++++ b/libsemanage/src/ports_policydb.c
+@@ -50,10 +50,8 @@ int port_policydb_dbase_init(semanage_handle_t * handle,
+ {
+ 
+ 	if (dbase_policydb_init(handle,
+-				semanage_final_path(SEMANAGE_FINAL_SELINUX,
+-						    SEMANAGE_KERNEL),
+-				semanage_final_path(SEMANAGE_FINAL_TMP,
+-						    SEMANAGE_KERNEL),
++				semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++				semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
+ 				&SEMANAGE_PORT_RTABLE,
+ 				&SEMANAGE_PORT_POLICYDB_RTABLE,
+ 				&dconfig->dbase) < 0)
+diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
+index 6051691bbb2f..2856aaf25685 100644
+--- a/libsemanage/src/semanage_store.c
++++ b/libsemanage/src/semanage_store.c
+@@ -110,10 +110,12 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
+ 	"/disable_dontaudit",
+ 	"/preserve_tunables",
+ 	"/modules/disabled",
++	"/policy.kern",
++	"/file_contexts.local"
+ };
+ 
+ static char const * const semanage_final_prefix[SEMANAGE_FINAL_NUM] = {
+-	"/tmp",
++	"/final",
+ 	"",
+ };
+ 
+@@ -943,9 +945,7 @@ int semanage_make_final(semanage_handle_t *sh)
+ 		goto cleanup;
+ 	}
+ 
+-	/* Copy in exported databases.
+-	 * i = 1 to avoid copying the top level directory.
+-	 */
++	// Build final directory structure
+ 	int i;
+ 	for (i = 1; i < SEMANAGE_FINAL_PATH_NUM; i++) {
+ 		if (strlen(semanage_final_path(SEMANAGE_FINAL_TMP, i)) >= sizeof(fn)) {
+@@ -959,12 +959,6 @@ int semanage_make_final(semanage_handle_t *sh)
+ 			status = -1;
+ 			goto cleanup;
+ 		}
+-
+-		semanage_copy_file(
+-			semanage_final_path(SEMANAGE_FINAL_SELINUX, i),
+-			semanage_final_path(SEMANAGE_FINAL_TMP, i),
+-			sh->conf->file_mode);
+-		/* ignore errors, these files may not exist */
+ 	}
+ 
+ cleanup:
+@@ -2019,8 +2013,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in)
+ 	FILE *infile = NULL;
+ 
+ 	if ((kernel_filename =
+-	     semanage_final_path(SEMANAGE_FINAL_SELINUX,
+-				 SEMANAGE_KERNEL)) == NULL) {
++	     semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL)) == NULL) {
+ 		goto cleanup;
+ 	}
+ 	if ((infile = fopen(kernel_filename, "r")) == NULL) {
+@@ -2061,7 +2054,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out)
+ 	FILE *outfile = NULL;
+ 
+ 	if ((kernel_filename =
+-	     semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL)) == NULL) {
++	     semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL)) == NULL) {
+ 		goto cleanup;
+ 	}
+ 	if ((outfile = fopen(kernel_filename, "wb")) == NULL) {
+@@ -2921,3 +2914,39 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
+ 
+ 	return 0;
+ }
++
++int semanage_copy_policydb(semanage_handle_t *sh)
++{
++	const char *src = NULL;
++	const char *dst = NULL;
++	int rc = -1;
++
++	src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
++	dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
++
++	rc = semanage_copy_file(src, dst, sh->conf->file_mode);
++	if (rc != 0) {
++		goto cleanup;
++	}
++
++cleanup:
++	return rc;
++}
++
++int semanage_copy_fc_local(semanage_handle_t *sh)
++{
++	const char *src = NULL;
++	const char *dst = NULL;
++	int rc = -1;
++
++	src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
++	dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL);
++
++	rc = semanage_copy_file(src, dst, sh->conf->file_mode);
++	if (rc != 0) {
++		goto cleanup;
++	}
++
++cleanup:
++	return rc;
++}
+diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
+index 62c7079be12c..ade43f261ee0 100644
+--- a/libsemanage/src/semanage_store.h
++++ b/libsemanage/src/semanage_store.h
+@@ -55,6 +55,8 @@ enum semanage_sandbox_defs {
+ 	SEMANAGE_DISABLE_DONTAUDIT,
+ 	SEMANAGE_PRESERVE_TUNABLES,
+ 	SEMANAGE_MODULES_DISABLED,
++	SEMANAGE_STORE_KERNEL,
++	SEMANAGE_STORE_FC_LOCAL,
+ 	SEMANAGE_STORE_NUM_PATHS
+ };
+ 
+@@ -148,4 +150,7 @@ int semanage_nc_sort(semanage_handle_t * sh,
+ 		     size_t buf_len,
+ 		     char **sorted_buf, size_t * sorted_buf_len);
+ 
++int semanage_copy_policydb(semanage_handle_t *sh);
++int semanage_copy_fc_local(semanage_handle_t *sh);
++
+ #endif
+diff --git a/libsemanage/src/users_base_policydb.c b/libsemanage/src/users_base_policydb.c
+index 0a6ab9cde09e..b42279c86fcd 100644
+--- a/libsemanage/src/users_base_policydb.c
++++ b/libsemanage/src/users_base_policydb.c
+@@ -50,10 +50,8 @@ int user_base_policydb_dbase_init(semanage_handle_t * handle,
+ {
+ 
+ 	if (dbase_policydb_init(handle,
+-				semanage_final_path(SEMANAGE_FINAL_SELINUX,
+-						    SEMANAGE_KERNEL),
+-				semanage_final_path(SEMANAGE_FINAL_TMP,
+-						    SEMANAGE_KERNEL),
++				semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++				semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
+ 				&SEMANAGE_USER_BASE_RTABLE,
+ 				&SEMANAGE_USER_BASE_POLICYDB_RTABLE,
+ 				&dconfig->dbase) < 0)
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index 2f85e9c561ae..b170edad3927 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -243,7 +243,8 @@ if __name__ == "__main__":
+ 		"users.local",
+ 		"users_extra.local",
+ 		"disable_dontaudit",
+-		"preserve_tunables" ]
++		"preserve_tunables",
++		"policy.kern" ]
+ 
+ 
+ 	create_dir(newroot_path(), 0o755)
+-- 
+2.5.1
+
diff --git a/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch b/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
new file mode 100644
index 000000000000..fdcfd87e6fc0
--- /dev/null
+++ b/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
@@ -0,0 +1,265 @@
+From b404a9391485a9642561ff48f1af4310c9054b50 Mon Sep 17 00:00:00 2001
+From: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
+Date: Tue, 21 Jul 2015 15:08:15 -0400
+Subject: [PATCH 3/5] libsemanage: Add file_contexts and seusers to the store
+
+This patch writes file_contexts and seusers to the policy store as well as
+/etc/selinux/. Additionally, file_contexts and seusers are now parsed from the
+store rather than the final directory which was the old behavior. This allows
+all policy related files to be kept in the policy store.
+
+Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
+---
+ libsemanage/src/direct_api.c             | 69 +++++++++++++++++++++++++-------
+ libsemanage/src/semanage_store.c         | 49 ++++-------------------
+ libsemanage/src/semanage_store.h         |  5 ++-
+ libsemanage/utils/semanage_migrate_store |  3 +-
+ 4 files changed, 66 insertions(+), 60 deletions(-)
+
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index 820d351c90ae..fa4e0eed0603 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -248,18 +248,14 @@ int semanage_direct_connect(semanage_handle_t * sh)
+ 		goto err;
+ 
+ 	if (fcontext_file_dbase_init(sh,
+-				     semanage_final_path(SEMANAGE_FINAL_SELINUX,
+-							 SEMANAGE_FC),
+-				     semanage_final_path(SEMANAGE_FINAL_TMP,
+-							 SEMANAGE_FC),
++				     semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC),
++				     semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
+ 				     semanage_fcontext_dbase_policy(sh)) < 0)
+ 		goto err;
+ 
+ 	if (seuser_file_dbase_init(sh,
+-				   semanage_final_path(SEMANAGE_FINAL_SELINUX,
+-						       SEMANAGE_SEUSERS),
+-				   semanage_final_path(SEMANAGE_FINAL_TMP,
+-						       SEMANAGE_SEUSERS),
++				   semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_SEUSERS),
++				   semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
+ 				   semanage_seuser_dbase_policy(sh)) < 0)
+ 		goto err;
+ 
+@@ -578,7 +574,7 @@ static int semanage_direct_update_seuser(semanage_handle_t * sh, cil_db_t *cildb
+ 	}
+ 
+ 	if (size > 0) {
+-		ofilename = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS);
++		ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
+ 		if (ofilename == NULL) {
+ 			return -1;
+ 		}
+@@ -957,7 +953,8 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 	size_t fc_buffer_len = 0;
+ 	const char *ofilename = NULL;
+ 	const char *path;
+-	int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0;
++	int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0,
++		missing_seusers = 0, missing_fc = 0, missing = 0;
+ 	sepol_policydb_t *out = NULL;
+ 	struct cil_db *cildb = NULL;
+ 	semanage_module_info_t *modinfos = NULL;
+@@ -1069,10 +1066,26 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 		if (access(path, F_OK) != 0) {
+ 			missing_policy_kern = 1;
+ 		}
++
++		path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
++
++		if (access(path, F_OK) != 0) {
++			missing_fc = 1;
++		}
++
++		path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
++
++		if (access(path, F_OK) != 0) {
++			missing_seusers = 1;
++		}
+ 	}
+ 
++	missing |= missing_policy_kern;
++	missing |= missing_fc;
++	missing |= missing_seusers;
++
+ 	/* If there were policy changes, or explicitly requested, rebuild the policy */
+-	if (sh->do_rebuild || modified || missing_policy_kern) {
++	if (sh->do_rebuild || modified || missing) {
+ 		/* =================== Module expansion =============== */
+ 
+ 		retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos);
+@@ -1232,15 +1245,41 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 	if (retval < 0)
+ 		goto cleanup;
+ 
+-	retval = semanage_copy_policydb(sh);
+-	if (retval < 0)
++	retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
++			semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL),
++			sh->conf->file_mode);
++	if (retval < 0) {
+ 		goto cleanup;
++	}
+ 
+ 	path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
+ 	if (access(path, F_OK) == 0) {
+-		retval = semanage_copy_fc_local(sh);
+-		if (retval < 0)
++		retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
++							semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
++							sh->conf->file_mode);
++		if (retval < 0) {
+ 			goto cleanup;
++		}
++	}
++
++	path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
++	if (access(path, F_OK) == 0) {
++		retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
++							semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
++							sh->conf->file_mode);
++		if (retval < 0) {
++			goto cleanup;
++		}
++	}
++
++	path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
++	if (access(path, F_OK) == 0) {
++		retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
++							semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
++							sh->conf->file_mode);
++		if (retval < 0) {
++			goto cleanup;
++		}
+ 	}
+ 
+ 	/* run genhomedircon if its enabled, this should be the last operation
+diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
+index 2856aaf25685..fa0876fa840d 100644
+--- a/libsemanage/src/semanage_store.c
++++ b/libsemanage/src/semanage_store.c
+@@ -111,7 +111,9 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
+ 	"/preserve_tunables",
+ 	"/modules/disabled",
+ 	"/policy.kern",
+-	"/file_contexts.local"
++	"/file_contexts.local",
++	"/file_contexts",
++	"/seusers"
+ };
+ 
+ static char const * const semanage_final_prefix[SEMANAGE_FINAL_NUM] = {
+@@ -666,7 +668,7 @@ static int semanage_filename_select(const struct dirent *d)
+ 
+ /* Copies a file from src to dst.  If dst already exists then
+  * overwrite it.  Returns 0 on success, -1 on error. */
+-static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
++int semanage_copy_file(const char *src, const char *dst, mode_t mode)
+ {
+ 	int in, out, retval = 0, amount_read, n, errsv = errno;
+ 	char tmp[PATH_MAX];
+@@ -1425,11 +1427,11 @@ int semanage_split_fc(semanage_handle_t * sh)
+ 		goto cleanup;
+ 	}
+ 
+-	fc = open(semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
++	fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
+ 		  O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+ 	if (fc < 0) {
+ 		ERR(sh, "Could not open %s for writing.",
+-		    semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC));
++		    semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC));
+ 		goto cleanup;
+ 	}
+ 	hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL),
+@@ -1454,8 +1456,7 @@ int semanage_split_fc(semanage_handle_t * sh)
+ 		} else {
+ 			if (write(fc, buf, strlen(buf)) < 0) {
+ 				ERR(sh, "Write to %s failed.",
+-				    semanage_final_path(SEMANAGE_FINAL_TMP,
+-							SEMANAGE_FC));
++				    semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC));
+ 				goto cleanup;
+ 			}
+ 		}
+@@ -2914,39 +2915,3 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
+ 
+ 	return 0;
+ }
+-
+-int semanage_copy_policydb(semanage_handle_t *sh)
+-{
+-	const char *src = NULL;
+-	const char *dst = NULL;
+-	int rc = -1;
+-
+-	src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
+-	dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
+-
+-	rc = semanage_copy_file(src, dst, sh->conf->file_mode);
+-	if (rc != 0) {
+-		goto cleanup;
+-	}
+-
+-cleanup:
+-	return rc;
+-}
+-
+-int semanage_copy_fc_local(semanage_handle_t *sh)
+-{
+-	const char *src = NULL;
+-	const char *dst = NULL;
+-	int rc = -1;
+-
+-	src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
+-	dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL);
+-
+-	rc = semanage_copy_file(src, dst, sh->conf->file_mode);
+-	if (rc != 0) {
+-		goto cleanup;
+-	}
+-
+-cleanup:
+-	return rc;
+-}
+diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
+index ade43f261ee0..acb6e3fd26f8 100644
+--- a/libsemanage/src/semanage_store.h
++++ b/libsemanage/src/semanage_store.h
+@@ -57,6 +57,8 @@ enum semanage_sandbox_defs {
+ 	SEMANAGE_MODULES_DISABLED,
+ 	SEMANAGE_STORE_KERNEL,
+ 	SEMANAGE_STORE_FC_LOCAL,
++	SEMANAGE_STORE_FC,
++	SEMANAGE_STORE_SEUSERS,
+ 	SEMANAGE_STORE_NUM_PATHS
+ };
+ 
+@@ -150,7 +152,6 @@ int semanage_nc_sort(semanage_handle_t * sh,
+ 		     size_t buf_len,
+ 		     char **sorted_buf, size_t * sorted_buf_len);
+ 
+-int semanage_copy_policydb(semanage_handle_t *sh);
+-int semanage_copy_fc_local(semanage_handle_t *sh);
++int semanage_copy_file(const char *src, const char *dst, mode_t mode);
+ 
+ #endif
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index b170edad3927..644300277b62 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -244,7 +244,8 @@ if __name__ == "__main__":
+ 		"users_extra.local",
+ 		"disable_dontaudit",
+ 		"preserve_tunables",
+-		"policy.kern" ]
++		"policy.kern",
++		"file_contexts"]
+ 
+ 
+ 	create_dir(newroot_path(), 0o755)
+-- 
+2.5.1
+
diff --git a/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch b/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch
new file mode 100644
index 000000000000..490630642ab9
--- /dev/null
+++ b/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch
@@ -0,0 +1,54 @@
+From 95ea431f76b07b3e6c804b16cae8be38d2047d5a Mon Sep 17 00:00:00 2001
+From: Steve Lawrence <slawrence@tresys.com>
+Date: Thu, 3 Sep 2015 09:28:08 -0400
+Subject: [PATCH 4/5] libsemanage: save homedir_template in the policy store
+ for genhomedircon
+
+We don't currently store homedir_template in the policy store, which
+means genhomedircon only has a template file to use if the
+homedir_template was generated from the file contexts in the same
+transaction.  But homedir_template isn't always generated, as in the
+case with setsebool -P. In this and other cases, genhomedircon will not
+have a template file resulting in an empty file_contexts.homedir file.
+
+This commit changes this so that homedir_template is always stored in
+the policy store so it can be used by genhomedircon regardless of how
+policy was built. Also add the homedir_template file to the migration
+script.
+
+Signed-off by: Steve Lawrence <slawrence@tresys.com>
+Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libsemanage/src/direct_api.c             | 1 -
+ libsemanage/utils/semanage_migrate_store | 3 ++-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index fa4e0eed0603..d77a3e2dff12 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -1303,7 +1303,6 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 
+ 	/* remove files that are automatically generated and no longer needed */
+ 	unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
+-	unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL));
+ 	unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA));
+ 
+ 	if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) {
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index 644300277b62..915471501174 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -245,7 +245,8 @@ if __name__ == "__main__":
+ 		"disable_dontaudit",
+ 		"preserve_tunables",
+ 		"policy.kern",
+-		"file_contexts"]
++		"file_contexts",
++		"homedir_template"]
+ 
+ 
+ 	create_dir(newroot_path(), 0o755)
+-- 
+2.5.1
+
diff --git a/0005-libsemanage-store-users_extra-in-the-policy-store.patch b/0005-libsemanage-store-users_extra-in-the-policy-store.patch
new file mode 100644
index 000000000000..e67c33943896
--- /dev/null
+++ b/0005-libsemanage-store-users_extra-in-the-policy-store.patch
@@ -0,0 +1,57 @@
+From cee54248903f4560529eef7ca7051527dab51fd1 Mon Sep 17 00:00:00 2001
+From: Steve Lawrence <slawrence@tresys.com>
+Date: Thu, 3 Sep 2015 13:07:36 -0400
+Subject: [PATCH 5/5] libsemanage: store users_extra in the policy store
+
+users_extra is needed by genhomedircon and when listing seusers, so it
+must be kept in the policy store. Also move the FC_TMPL unlink() closer
+to where the FC_TMPL is created; not a functional change, but eaiser to
+follow.
+
+Signed-off-by: Steve Lawrence <slawrence@tresys.com>
+Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libsemanage/src/direct_api.c             | 7 +++----
+ libsemanage/utils/semanage_migrate_store | 1 +
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index d77a3e2dff12..0c6ed1f5703d 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -1160,6 +1160,9 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 		if (retval < 0)
+ 			goto cleanup;
+ 
++		/* remove FC_TMPL now that it is now longer needed */
++		unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
++
+ 		pfcontexts->dtable->drop_cache(pfcontexts->dbase);
+ 
+ 		/* SEUsers */
+@@ -1301,10 +1304,6 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 	sepol_policydb_free(out);
+ 	out = NULL;
+ 
+-	/* remove files that are automatically generated and no longer needed */
+-	unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
+-	unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA));
+-
+ 	if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) {
+ 		retval = semanage_install_sandbox(sh);
+ 	}
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index 915471501174..dc02c27389f6 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -241,6 +241,7 @@ if __name__ == "__main__":
+ 		"file_contexts.local",
+ 		"seusers",
+ 		"users.local",
++		"users_extra",
+ 		"users_extra.local",
+ 		"disable_dontaudit",
+ 		"preserve_tunables",
+-- 
+2.5.1
+
diff --git a/PKGBUILD b/PKGBUILD
index 72fa0a4e6554..a81d5de50608 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,13 +5,13 @@
 
 pkgname=libsemanage
 pkgver=2.4
-pkgrel=1
+pkgrel=2
 pkgdesc="SELinux binary policy manipulation library"
 arch=('i686' 'x86_64')
 url='http://userspace.selinuxproject.org'
 license=('GPL')
 groups=('selinux')
-makedepends=('flex')
+makedepends=('flex' 'python2' 'python' 'swig')
 depends=('ustr' 'libselinux>=2.4' 'audit')
 optdepends=('python2: python2 bindings'
             'python: python bindings')
@@ -20,9 +20,32 @@ install=libsemanage.install
 conflicts=("selinux-usr-${pkgname}")
 provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}")
 source=("https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${pkgname}-${pkgver}.tar.gz"
-        "semanage.conf")
+        "semanage.conf"
+        '0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch'
+        '0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch'
+        '0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch'
+        '0004-libsemanage-save-homedir_template-in-the-policy-stor.patch'
+        '0005-libsemanage-store-users_extra-in-the-policy-store.patch'
+        )
 sha256sums=('1a4cace4ef16786531ec075c0e7b2f961e2fee5dc86c5f983a689058899a6484'
-            '5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0')
+            '5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0'
+            '61a768144b740104fb2c17b6c15f10a207c0fa42d5faa611237f1df6b0a9c835'
+            '3ac9a961efde8cbc091688ca3e42058baf37919b572abd96d0a8f8167f4f283c'
+            '0324cfc186b09b748c74a64c74f9990dc7ee5497b8d450d4146f8fc73d6a710c'
+            'bb83007a0cee3e2f3193c4935b2956e9c1894d08146c36a72505248e22c158cf'
+            '3497602b0b5095c08711fd922160b9bdefdb74dff39910b2cddf8480795580bb')
+
+prepare() {
+  cd "${pkgname}-${pkgver}"
+
+  # Apply upstream patches backported by Gentoo developers
+  # Gentoo package: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libsemanage/
+  patch -Np2 -i ../0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch
+  patch -Np2 -i ../0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
+  patch -Np2 -i ../0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
+  patch -Np2 -i ../0004-libsemanage-save-homedir_template-in-the-policy-stor.patch
+  patch -Np2 -i ../0005-libsemanage-store-users_extra-in-the-policy-store.patch
+}
 
 build() {
   cd "${pkgname}-${pkgver}"
author	Nicolas Iooss	2015-09-05 10:44:22 +0200
committer	Nicolas Iooss	2015-09-05 10:44:22 +0200
commit	80aa37c5548018c8d907a1c5e855090cca44bc1a (patch)
tree	7e83150738a0fb759194676cbf0726a5d571c959
parent	c08d363859bb1d7f2c7de6f08ac5c5e17030dc45 (diff)
download	aur-80aa37c5548018c8d907a1c5e855090cca44bc1a.tar.gz