Additional fixes for disabled SELinux Box

- system-config-selinux no longer relies on lokkit for /etc/selinux/config

policycoreutils-rhat.patch

@@ -7647,6 +7647,35 @@ index 0000000..2f0c1cc
 @@ -0,0 +1,2 @@
 +#!/bin/sh
 +sepolicy generate $*
+diff --git a/policycoreutils/gui/statusPage.py b/policycoreutils/gui/statusPage.py
+index e561de1..2069635 100644
+--- a/policycoreutils/gui/statusPage.py
++++ b/policycoreutils/gui/statusPage.py
+@@ -158,8 +158,22 @@ class statusPage:
+         self.enabled = enabled
+ 
+     def write_selinux_config(self, enforcing, type):
+-        import commands
+-        commands.getstatusoutput("/usr/sbin/lokkit --selinuxtype=%s --selinux=%s" % (type, enforcing))
++        path = selinux.selinux_path() + "config" 
++        backup_path = path + ".bck"
++        fd = open(path)
++        lines = fd.readlines()
++        fd.close()
++        fd = open(backup_path, "w")
++        for l in lines:
++            if l.startswith("SELINUX="):
++                fd.write("SELINUX=%s\n" % enforcing)
++                continue
++            if l.startswith("SELINUXTYPE="):
++                fd.write("SELINUXTYPE=%s\n" % type)
++                continue
++            fd.write(l)
++        fd.close()
++        os.rename(backup_path, path)
+ 
+     def read_selinux_config(self):
+         self.initialtype = selinux.selinux_getpolicytype()[1]
 diff --git a/policycoreutils/gui/system-config-selinux.py b/policycoreutils/gui/system-config-selinux.py
 index 85e8b7f..bc3027e 100644
 --- a/policycoreutils/gui/system-config-selinux.py
@@ -333541,17 +333570,17 @@ index 0000000..57018a6
 +        sys.exit(0)        
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
 new file mode 100644
-index 0000000..212c3aa
+index 0000000..fd0848e
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -0,0 +1,155 @@
+@@ -0,0 +1,154 @@
 +#!/usr/bin/python
 +
 +# Author: Thomas Liu <tliu@redhat.com>
 +# Author: Dan Walsh <dwalsh@redhat.com>
 +
 +import _policy
-+import selinux
++import selinux, glob
 +PROGNAME="policycoreutils"
 +import gettext
 +gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@@ -333585,13 +333614,13 @@ index 0000000..212c3aa
 +ROLE_ALLOW = 'role_allow'
 +
 +def __get_installed_policy():
-+    i = selinux.security_policyvers()
-+    path = selinux.selinux_binary_policy_path()
-+    while i > 0:
-+        newpath = "%s.%s" % (path, i)
-+        if os.path.exists(newpath):
-+            return newpath
-+        i -= 1
++    try:
++        path = selinux.selinux_binary_policy_path()
++        policies = glob.glob ("%s.*" % path )
++        policies.sort()
++        return policies[-1]
++    except:
++        pass
 +    raise ValueError(_("No SELinux Policy installed"))
 +        
 +def policy(policy_file):
@@ -333601,9 +333630,8 @@ index 0000000..212c3aa
 +        raise ValueError(_("Failed to read % policy file") % policy_file)
 +
 +
-+if selinux.is_selinux_enabled():
-+    policy_file = selinux.selinux_current_policy_path()
-+else:
++policy_file = selinux.selinux_current_policy_path()
++if not policy_file:
 +    policy_file = __get_installed_policy()
 +
 +policy(policy_file)

policycoreutils.spec

@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.13
-Release: 43%{?dist}
+Release: 44%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -338,6 +338,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-44
+- Additional fixes for disabled SELinux Box
+- system-config-selinux no longer relies on lokkit for /etc/selinux/config
+
 * Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-43
 - sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.