diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.49/Makefile
--- nsapolicycoreutils/Makefile	2008-05-22 14:01:49.000000000 -0400
+++ policycoreutils-2.0.49/Makefile	2008-05-16 11:27:02.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
 
 INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
 
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.49/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c	2008-05-22 14:01:42.000000000 -0400
+++ policycoreutils-2.0.49/restorecond/restorecond.c	2008-05-16 11:27:02.000000000 -0400
@@ -210,9 +210,10 @@
 			}
 
 			if (fsetfilecon(fd, scontext) < 0) {
-				syslog(LOG_ERR,
-				       "set context %s->%s failed:'%s'\n",
-				       filename, scontext, strerror(errno));
+				if (errno != EOPNOTSUPP) 
+					syslog(LOG_ERR,
+					       "set context %s->%s failed:'%s'\n",
+					       filename, scontext, strerror(errno));
 				if (retcontext >= 0)
 					free(prev_context);
 				free(scontext);
@@ -225,8 +226,9 @@
 		if (retcontext >= 0)
 			free(prev_context);
 	} else {
-		syslog(LOG_ERR, "get context on %s failed: '%s'\n",
-		       filename, strerror(errno));
+		if (errno != EOPNOTSUPP) 
+			syslog(LOG_ERR, "get context on %s failed: '%s'\n",
+			       filename, strerror(errno));
 	}
 	free(scontext);
 	close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.49/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init	2008-05-22 14:01:42.000000000 -0400
+++ policycoreutils-2.0.49/restorecond/restorecond.init	2008-05-16 11:27:02.000000000 -0400
@@ -2,7 +2,7 @@
 #
 # restorecond:		Daemon used to maintain path file context
 #
-# chkconfig:	2345 12 87
+# chkconfig:	- 12 87
 # description:	restorecond uses inotify to look for creation of new files \
 # listed in the /etc/selinux/restorecond.conf file, and restores the \
 # correct security context.
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.49/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles	2008-05-22 14:01:41.000000000 -0400
+++ policycoreutils-2.0.49/scripts/fixfiles	2008-05-22 13:56:53.000000000 -0400
@@ -138,6 +138,9 @@
 fi
 LogReadOnly
 ${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
 exit $?
 }
 
@@ -180,6 +183,10 @@
     check) restore -n -v;;
     verify) restore -n -o -;;
     relabel) relabel;;
+    onboot)
+	touch /.autorelabel
+	echo "System will relabel on next boot"
+	;;
     *)
     usage
     exit 1
@@ -189,6 +196,7 @@
       	echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
 	echo or
       	echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
+      	echo $"Usage: $0 onboot"
 }
 
 if [ $# = 0 ]; then
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.49/scripts/fixfiles.8
--- nsapolicycoreutils/scripts/fixfiles.8	2008-05-22 14:01:41.000000000 -0400
+++ policycoreutils-2.0.49/scripts/fixfiles.8	2008-05-16 11:27:02.000000000 -0400
@@ -7,6 +7,8 @@
 
 .B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ] 
 
+.B fixfiles onboot
+
 .SH "DESCRIPTION"
 This manual page describes the
 .BR fixfiles
@@ -20,6 +22,9 @@
 as you expect.  By default it will relabel all mounted ext2, ext3, xfs and 
 jfs file systems as long as they do not have a security context mount 
 option.  You can use the -R flag to use rpmpackages as an alternative.
+.P
+.B fixfiles onboot 
+will setup the machine to relabel on the next reboot.
 
 .SH "OPTIONS"
 .TP 
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.49/semanage/semanage
--- nsapolicycoreutils/semanage/semanage	2008-05-22 14:01:41.000000000 -0400
+++ policycoreutils-2.0.49/semanage/semanage	2008-06-11 16:13:26.349017000 -0400
@@ -52,6 +52,7 @@
 semanage fcontext -{a|d|m} [-frst] file_spec\n\
 semanage translation -{a|d|m} [-T] level\n\n\
 semanage boolean -{d|m} boolean\n\n\
+semanage permissive -{d|a} type\n\n\
 \
 Primary Options:\n\
 \
@@ -112,6 +113,8 @@
 		valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] 
 		valid_option["boolean"] = []
 		valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ] 
+		valid_option["permissive"] = []
+		valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', ]
 		return valid_option
 
 	#
@@ -266,6 +269,9 @@
 		if object == "translation":
 			OBJECT = seobject.setransRecords()
 		
+		if object == "permissive":
+			OBJECT = seobject.permissiveRecords(store)
+		
 		if list:
 			OBJECT.list(heading, locallist)
 			sys.exit(0);
@@ -302,6 +308,9 @@
 
 			if object == "fcontext":
 				OBJECT.add(target, setype, ftype, serange, seuser)
+			if object == "permissive":
+				OBJECT.add(target)
+
 			sys.exit(0);
 			
 		if modify:
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.49/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8	2008-05-22 14:01:41.000000000 -0400
+++ policycoreutils-2.0.49/semanage/semanage.8	2008-06-11 16:18:48.296894000 -0400
@@ -17,6 +17,8 @@
 .br
 .B semanage fcontext \-{a|d|m} [\-frst] file_spec
 .br
+.B semanage permissive \-{a|d} type
+.br
 .B semanage translation \-{a|d|m} [\-T] level
 .P
 
@@ -101,10 +103,11 @@
 $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
 # Allow Apache to listen on port 81
 $ semanage port -a -t http_port_t -p tcp 81
+# Change apache to a permissive domain
+$ semanage permissive -a http_t
 .fi
 
 .SH "AUTHOR"
 This man page was written by Daniel Walsh <dwalsh@redhat.com> and
 Russell Coker <rcoker@redhat.com>.
 Examples by Thomas Bleher <ThomasBleher@gmx.de>.
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.49/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py	2008-05-22 14:01:41.000000000 -0400
+++ policycoreutils-2.0.49/semanage/seobject.py	2008-06-11 16:13:41.213393000 -0400
@@ -1,5 +1,5 @@
 #! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007 Red Hat 
+# Copyright (C) 2005, 2006, 2007, 2008 Red Hat 
 # see file 'COPYING' for use and warranty information
 #
 # semanage is a tool for managing SELinux configuration files
@@ -24,7 +24,9 @@
 import pwd, string, selinux, tempfile, os, re, sys
 from semanage import *;
 PROGNAME="policycoreutils"
+import sepolgen.module as module
 
+import commands
 import gettext
 gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
 gettext.textdomain(PROGNAME)
@@ -246,7 +248,61 @@
 		os.close(fd)
 		os.rename(newfilename, self.filename)
                 os.system("/sbin/service mcstrans reload > /dev/null")
-                
+
+class permissiveRecords:
+	def __init__(self, store):
+               self.store = store
+
+	def get_all(self):
+               rc, out = commands.getstatusoutput("semodule -l | grep ^permissive");
+               l = []
+               for i in out.split():
+                      if i.startswith("permissive_"):
+                             l.append(i.split("permissive_")[1])
+               return l
+
+	def list(self,heading = 1, locallist = 0):
+		if heading:
+			print "\n%-25s\n" % (_("Permissive Types"))
+                for t in self.get_all():
+                       print t
+
+
+	def add(self, type):
+               name = "permissive_%s" % type
+               dirname = "/var/run/sepermissive"
+               if not os.path.exists(dirname):
+                      os.mkdir(dirname)
+               os.chdir(dirname)
+               filename = "%s.te" % name
+               modtxt = """
+module %s 1.0;
+
+require {
+          type %s;
+}
+
+permissive %s;
+""" % (name, type, type)
+               fd = open(filename,'w')
+               fd.write(modtxt)
+               fd.close()
+               mc = module.ModuleCompiler()
+               mc.create_module_package(filename, 1)
+               rc, out = commands.getstatusoutput("semodule -i permissive_%s.pp" % type);
+               import glob
+               for i in glob.glob("permissive_%s.*" % type):
+                      os.remove(i)
+
+               if rc != 0:
+                      raise ValueError(out)			
+
+
+	def delete(self, name):
+               rc, out = commands.getstatusoutput("semodule -r permissive_%s" % name );
+               if rc != 0:
+                      raise(out);
+
 class semanageRecords:
 	def __init__(self, store):
 		self.sh = semanage_handle_create()
@@ -464,7 +520,7 @@
 	def __init__(self, store = ""):
 		semanageRecords.__init__(self, store)
 
-	def add(self, name, roles, selevel, serange, prefix):
+	def add(self, name, roles, selevel, serange, prefix = "user"):
 		if is_mls_enabled == 1:
 			if serange == "":
 				serange = "s0"