From 4884aae2d18586d3e0fcd360ed10e1c22669d6b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Kl=C3=AD=C4=8D?= <kklic@fedoraproject.org>
Date: Wed, 19 May 2010 14:50:59 +0000
Subject: [PATCH] Fixed #593278

---
 nis.sh      | 15 ++++++++++++---
 ypbind.spec |  6 +++++-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/nis.sh b/nis.sh
index 5a9f0bf..7e3ecb3 100755
--- a/nis.sh
+++ b/nis.sh
@@ -38,7 +38,11 @@ save_config_file() {
     fi
 
     if [ -e ${origfile} ]; then
-        mv ${origfile} ${savefile}
+        # cp+rm instead of mv: preserve SELinux context
+        # rhbz#509240
+        # Do not rely on restorecon.
+        cp -c ${origfile} ${savefile}
+        rm ${origfile}
     else
         echo > ${savefile}
     fi
@@ -53,6 +57,7 @@ nis_config() {
             save_config_file ${CONF}
             let contents=0
             echo '# generated by /sbin/dhclient-script' > ${CONF}
+            fixContext ${CONF}
 
             if [ -n "${new_nis_servers}" ]; then
                 for i in ${new_nis_servers} ; do
@@ -73,6 +78,7 @@ nis_config() {
         elif [ -n "${new_nis_servers}" ]; then
             save_config_file ${CONF}
             echo '# generated by /sbin/dhclient-script' > ${CONF}
+            fixContext ${CONF}
             let contents=0
 
             for i in ${new_nis_servers} ; do
@@ -94,8 +100,11 @@ nis_restore() {
     if [ ! "${PEERNIS}" = "no" ]; then
         if [ -f ${SAVEDIR}/${CONF}.predhclient.${interface} ]; then
             rm -f ${CONF}
-            mv -f ${SAVEDIR}/${CONF}.predhclient.${interface} ${CONF}
-            fixContext /etc/yp.conf
+            # cp+rm instead of mv: preserve SELinux context
+            # rhbz#509240
+            cp -c ${SAVEDIR}/${CONF}.predhclient.${interface} ${CONF}
+            rm ${SAVEDIR}/${CONF}.predhclient.${interface}
+            fixContext ${CONF}
             if [ -x /etc/rc.d/init.d/ypbind ] && [ -r /var/run/ypbind.pid ]; then
                 service ypbind restart >/dev/null 2>&1
             fi
diff --git a/ypbind.spec b/ypbind.spec
index f2c57ce..985105c 100644
--- a/ypbind.spec
+++ b/ypbind.spec
@@ -1,7 +1,7 @@
 Summary: The NIS daemon which binds NIS clients to an NIS domain
 Name: ypbind
 Version: 1.31
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source0: ftp://ftp.us.kernel.org/pub/linux/utils/net/NIS/ypbind-mt-%{version}.tar.bz2
@@ -85,6 +85,10 @@ fi
 %doc README NEWS
 
 %changelog
+* Wed May 19 2010 Karel Klic <kklic@redhat.com> - 3:1.31-3
+- Update SELinux context of /etc/yp.conf in nis.sh (rhbz#593278)
+- Use cp+rm instead of mv in nis.sh (#509240)
+
 * Thu Jan 21 2010 Karel Klic <kklic@redhat.com> - 3:1.31-2
 - Rewrote initscript to become closer to Packaging:SysVInitScript
   Fedora guildeline. Also fixes rhbz#523913