[sabayon] Added selinux support (if available) closes bug #486218

[Scott Balneaves <sbalneav src gnome org>]

commit 6230e06b178f89b7ead5ad9f925ea04360cfc24c
Author: Scott Balneaves <sbalneav ltsp org>
Date:   Thu Dec 31 10:58:43 2009 -0600

    Added selinux support (if available) closes bug #486218

 admin-tool/profilesdialog.py |   17 +++++++++++++++++
 configure.ac                 |   16 +++++++++++++++-
 lib/systemdb.py              |   17 +++++++++++++++++
 3 files changed, 49 insertions(+), 1 deletions(-)
---
diff --git a/admin-tool/profilesdialog.py b/admin-tool/profilesdialog.py
index db56231..517e972 100755
--- a/admin-tool/profilesdialog.py
+++ b/admin-tool/profilesdialog.py
@@ -35,6 +35,16 @@ import debuglog
 import errors
 from config import *
 
+#
+# Try to import selinux
+#
+
+try:
+    import selinux
+    has_selinux = True;
+except ImportError:
+    has_selinux = False;
+
 def dprint (fmt, *args):
     debuglog.debug_log (False, debuglog.DEBUG_LOG_DOMAIN_ADMIN_TOOL, fmt % args)
 
@@ -108,8 +118,15 @@ class Session (gobject.GObject):
         return user_path
 
     def __copy_from_user (self, user_path, profile_path):
+        global has_selinux
         os.chown (user_path, os.geteuid (), os.getegid ())
         shutil.move (user_path, profile_path)
+        if has_selinux:
+            if selinux.is_selinux_enabled() > 0:
+                rc, con = selinux.matchpathcon(profile_path, 0)
+                if rc == 0:
+                    selinux.setfilecon(profile_path, con)
+
         dprint ("Moved %s back from %s", user_path, profile_path)
 
     @errors.checked_callback (debuglog.DEBUG_LOG_DOMAIN_ADMIN_TOOL)
diff --git a/configure.ac b/configure.ac
index 93c7779..31daa6c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([sabayon], [2.29.5-rc1],
+AC_INIT([sabayon], [2.29.5-rc2],
         [http://bugzilla.gnome.org/enter_bug.cgi?product=sabayon])
 AC_CONFIG_SRCDIR(lib/userprofile.py)
 
@@ -64,6 +64,20 @@ else
     AC_MSG_RESULT(yes)
 fi
 
+#
+# Do a soft check for Python bindings for selinux.  They're not strictly
+# necessary, but are used by Fedora, and some other distros, so we'll
+# issue a status message.
+#
+
+AC_MSG_CHECKING(whether the selinux module for Python is available)
+if [ ! python -c "import selinux" 2> /dev/null ]
+then
+    AC_MSG_RESULT(no)
+else
+    AC_MSG_RESULT(yes)
+fi
+
 # Check for GDK/X11, PyGObject, and pygtk
 PKG_CHECK_MODULES(XLIB_MODULE, gdk-x11-2.0 pygobject-2.0 pygtk-2.0)
 
diff --git a/lib/systemdb.py b/lib/systemdb.py
index 2149aa3..545f003 100644
--- a/lib/systemdb.py
+++ b/lib/systemdb.py
@@ -40,6 +40,16 @@ except ImportError:
     has_ldap = False;
 
 #
+# selinux should be a soft dependency.
+#
+
+try:
+    import selinux
+    has_selinux = True;
+except ImportError:
+    has_selinux = False;
+
+#
 # Default empty config.
 #
 defaultConf="""<profiles>
@@ -333,6 +343,7 @@ class SystemDatabase(object):
         return self.__profile_name_to_location (profile, user)
 
     def __save_as(self, filename = None):
+        global has_selinux
         """Save the current version to the given filename"""
         if filename == None:
             filename = self.file
@@ -371,6 +382,12 @@ class SystemDatabase(object):
             raise SystemDatabaseException(
                 _("Failed to save UserDatabase to %s") % filename)
 
+        if has_selinux:
+            if selinux.is_selinux_enabled() > 0:
+                rc, con = selinux.matchpathcon(filename, 0)
+                if rc == 0:
+                    selinux.setfilecon(filename, con)
+
         self.modified = 0
 
     def set_default_profile (self, profile):