diff -up libselinux-2.0.96/man/man3/security_setenforce.3.rhat libselinux-2.0.96/man/man3/security_setenforce.3

--- libselinux-2.0.96/man/man3/security_setenforce.3.rhat	2010-09-22 17:14:11.000000000 -0400

+++ libselinux-2.0.96/man/man3/security_setenforce.3	2010-09-22 17:11:58.000000000 -0400

@@ -1 +1 @@

-.so security_getenforce.3

+.so man3/security_getenforce.3

diff -up libselinux-2.0.96/man/man8/selinuxconlist.8.rhat libselinux-2.0.96/man/man8/selinuxconlist.8

--- libselinux-2.0.96/man/man8/selinuxconlist.8.rhat	2010-08-04 15:21:39.000000000 -0400

+++ libselinux-2.0.96/man/man8/selinuxconlist.8	2010-08-04 15:21:39.000000000 -0400

@@ -0,0 +1,18 @@

+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"

+.SH "NAME"

+selinuxconlist \- list all SELinux context reachable for user

+.SH "SYNOPSIS"

+.B selinuxconlist [-l level] user [context]

+

+.SH "DESCRIPTION"

+.B selinuxconlist

+reports the list of context reachable for user from the current context or specified context

+

+.B \-l level

+mcs/mls level

+

+.SH AUTHOR	

+This manual page was written by Dan Walsh <dwalsh@redhat.com>.

+

+.SH "SEE ALSO"

+secon(8), selinuxdefcon(8)

diff -up libselinux-2.0.96/man/man8/selinuxdefcon.8.rhat libselinux-2.0.96/man/man8/selinuxdefcon.8

--- libselinux-2.0.96/man/man8/selinuxdefcon.8.rhat	2010-08-04 15:21:39.000000000 -0400

+++ libselinux-2.0.96/man/man8/selinuxdefcon.8	2010-08-04 15:21:39.000000000 -0400

@@ -0,0 +1,24 @@

+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"

+.SH "NAME"

+selinuxdefcon \- report default SELinux context for user 

+

+.SH "SYNOPSIS"

+.B selinuxdefcon [-l level] user fromcon

+

+.SH "DESCRIPTION"

+.B selinuxdefcon

+reports the default context for the specified user from the specified context

+

+.B \-l level

+mcs/mls level

+

+.SH EXAMPLE

+# selinuxdefcon jsmith system_u:system_r:sshd_t:s0

+.br

+unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

+

+.SH AUTHOR	

+This manual page was written by Dan Walsh <dwalsh@redhat.com>.

+

+.SH "SEE ALSO"

+secon(8), selinuxconlist(8)

diff -up libselinux-2.0.96/src/audit2why.c.rhat libselinux-2.0.96/src/audit2why.c

--- libselinux-2.0.96/src/audit2why.c.rhat	2010-06-16 08:03:39.000000000 -0400

+++ libselinux-2.0.96/src/audit2why.c	2010-08-04 15:21:39.000000000 -0400

@@ -1,3 +1,6 @@

+/* Workaround for http://bugs.python.org/issue4835 */

+#define SIZEOF_SOCKET_T SIZEOF_INT

+

 #include <Python.h>

 #include <unistd.h>

 #include <stdlib.h>

@@ -255,6 +258,8 @@ static int __policy_init(const char *ini

 	fclose(fp);

 	sepol_set_policydb(&avc->policydb->p);

 	avc->handle = sepol_handle_create();

+	/* Turn off messages */

+	sepol_msg_set_callback(avc->handle, NULL, NULL);

 	rc = sepol_bool_count(avc->handle,

 			      avc->policydb, &cnt);

@@ -287,8 +292,10 @@ static int __policy_init(const char *ini

 static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {

   int result;

   char *init_path=NULL;

-  if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) 

-	  result = __policy_init(init_path);

+  if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) {

+    return NULL;

+  }

+  result = __policy_init(init_path);

   return Py_BuildValue("i", result);

 }

@@ -353,7 +360,11 @@ static PyObject *analyze(PyObject *self 

 		strObj = PyList_GetItem(listObj, i); /* Can't fail */

 		/* make it a string */

+#if PY_MAJOR_VERSION >= 3

+		permstr = _PyUnicode_AsString( strObj );

+#else

 		permstr = PyString_AsString( strObj );

+#endif

 		perm = string_to_av_perm(tclass, permstr);

 		if (!perm) {

@@ -423,10 +434,39 @@ static PyMethodDef audit2whyMethods[] = 

     {NULL, NULL, 0, NULL}        /* Sentinel */

 };

+#if PY_MAJOR_VERSION >= 3

+/* Module-initialization logic specific to Python 3 */

+struct module_state {

+	/* empty for now */

+};

+static struct PyModuleDef moduledef = {

+	PyModuleDef_HEAD_INIT,

+	"audit2why",

+	NULL,

+	sizeof(struct module_state),

+	audit2whyMethods,

+	NULL,

+	NULL,

+	NULL,

+	NULL

+};

+

+PyMODINIT_FUNC

+PyInit_audit2why(void)

+#else

 PyMODINIT_FUNC

 initaudit2why(void)

+#endif

 {

-	PyObject *m = Py_InitModule("audit2why", audit2whyMethods);

+	PyObject *m;

+#if PY_MAJOR_VERSION >= 3

+	m = PyModule_Create(&moduledef);

+	if (m == NULL) {

+		return NULL;

+	}

+#else

+	m  = Py_InitModule("audit2why", audit2whyMethods);

+#endif

 	PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN);

 	PyModule_AddIntConstant(m,"BADSCON", BADSCON);

 	PyModule_AddIntConstant(m,"BADTCON", BADTCON);

@@ -440,4 +480,8 @@ initaudit2why(void)

 	PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN);

 	PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT);

 	PyModule_AddIntConstant(m,"RBAC", RBAC);

+

+#if PY_MAJOR_VERSION >= 3

+	return m;

+#endif

 }

diff -up libselinux-2.0.96/src/callbacks.c.rhat libselinux-2.0.96/src/callbacks.c

--- libselinux-2.0.96/src/callbacks.c.rhat	2010-06-16 08:03:39.000000000 -0400

+++ libselinux-2.0.96/src/callbacks.c	2010-08-04 15:21:39.000000000 -0400

@@ -16,6 +16,7 @@ default_selinux_log(int type __attribute

 {

 	int rc;

 	va_list ap;

+	if (is_selinux_enabled() == 0) return 0;

 	va_start(ap, fmt);

 	rc = vfprintf(stderr, fmt, ap);

 	va_end(ap);

diff -up libselinux-2.0.96/src/get_context_list.c.rhat libselinux-2.0.96/src/get_context_list.c

--- libselinux-2.0.96/src/get_context_list.c.rhat	2010-06-16 08:03:39.000000000 -0400

+++ libselinux-2.0.96/src/get_context_list.c	2010-08-04 15:21:39.000000000 -0400

@@ -286,7 +286,6 @@ static int get_failsafe_context(const ch

 	if (buf[plen - 1] == '\n')

 		buf[plen - 1] = 0;

-      retry:

 	nlen = strlen(user) + 1 + plen + 1;

 	*newcon = malloc(nlen);

 	if (!(*newcon))

@@ -306,10 +305,6 @@ static int get_failsafe_context(const ch

 	if (security_check_context(*newcon) && errno != ENOENT) {

 		free(*newcon);

 		*newcon = 0;

-		if (strcmp(user, SELINUX_DEFAULTUSER)) {

-			user = SELINUX_DEFAULTUSER;

-			goto retry;

-		}

 		return -1;

 	}

@@ -418,13 +413,8 @@ int get_ordered_context_list(const char 

 	/* Determine the set of reachable contexts for the user. */

 	rc = security_compute_user(fromcon, user, &reachable);

-	if (rc < 0) {

-		/* Retry with the default SELinux user identity. */

-		user = SELINUX_DEFAULTUSER;

-		rc = security_compute_user(fromcon, user, &reachable);

-		if (rc < 0)

-			goto failsafe;

-	}

+	if (rc < 0)

+		goto failsafe;

 	nreach = 0;

 	for (ptr = reachable; *ptr; ptr++)

 		nreach++;

diff -up libselinux-2.0.96/src/Makefile.rhat libselinux-2.0.96/src/Makefile

--- libselinux-2.0.96/src/Makefile.rhat	2010-06-16 08:03:39.000000000 -0400

+++ libselinux-2.0.96/src/Makefile	2010-08-04 15:21:39.000000000 -0400

@@ -1,9 +1,10 @@

 # Installation directories.

+PYTHON ?= python

 PREFIX ?= $(DESTDIR)/usr

 LIBDIR ?= $(PREFIX)/lib

 SHLIBDIR ?= $(DESTDIR)/lib

 INCLUDEDIR ?= $(PREFIX)/include

-PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')

+PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')

 PYINC ?= /usr/include/$(PYLIBVER)

 PYLIB ?= /usr/lib/$(PYLIBVER)

 PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)

@@ -23,13 +24,13 @@ SWIGIF= selinuxswig_python.i selinuxswig

 SWIGRUBYIF= selinuxswig_ruby.i

 SWIGCOUT= selinuxswig_wrap.c

 SWIGRUBYCOUT= selinuxswig_ruby_wrap.c

-SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) 

+SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT)) 

 SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) 

-SWIGSO=_selinux.so

+SWIGSO=$(PYPREFIX)_selinux.so

 SWIGFILES=$(SWIGSO) selinux.py selinuxswig_python_exception.i

 SWIGRUBYSO=_rubyselinux.so

 LIBSO=$(TARGET).$(LIBVERSION)

-AUDIT2WHYSO=audit2why.so

+AUDIT2WHYSO=$(PYPREFIX)audit2why.so

 ifeq ($(DISABLE_AVC),y)

 	UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c

@@ -91,10 +92,10 @@ $(LIBPC): $(LIBPC).in

 selinuxswig_python_exception.i: ../include/selinux/selinux.h

 	bash exception.sh > $@ 

-audit2why.lo: audit2why.c

+$(PYPREFIX)audit2why.lo: audit2why.c

 	$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<

-$(AUDIT2WHYSO): audit2why.lo

+$(AUDIT2WHYSO): $(PYPREFIX)audit2why.lo

 	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@

 %.o:  %.c policy.h

@@ -123,8 +124,8 @@ install: all 

 install-pywrap: pywrap

 	test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux

-	install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux

-	install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux

+	install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux/_selinux.so

+	install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux/audit2why.so

 	install -m 644  selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py

 install-rubywrap: rubywrap

diff -up libselinux-2.0.96/src/matchpathcon.c.rhat libselinux-2.0.96/src/matchpathcon.c

--- libselinux-2.0.96/src/matchpathcon.c.rhat	2010-06-16 08:03:39.000000000 -0400

+++ libselinux-2.0.96/src/matchpathcon.c	2010-08-04 15:21:39.000000000 -0400

@@ -2,6 +2,7 @@

 #include <string.h>

 #include <errno.h>

 #include <stdio.h>

+#include <syslog.h>

 #include "selinux_internal.h"

 #include "label_internal.h"

 #include "callbacks.h"

@@ -57,7 +58,7 @@ static void

 {

 	va_list ap;

 	va_start(ap, fmt);

-	vfprintf(stderr, fmt, ap);

+	vsyslog(LOG_ERR, fmt, ap);

 	va_end(ap);

 }

diff -up libselinux-2.0.96/src/selinuxswig_python.i.rhat libselinux-2.0.96/src/selinuxswig_python.i

--- libselinux-2.0.96/src/selinuxswig_python.i.rhat	2010-06-16 08:03:39.000000000 -0400

+++ libselinux-2.0.96/src/selinuxswig_python.i	2010-08-23 10:27:44.000000000 -0400

@@ -45,7 +45,7 @@ def install(src, dest):

 	PyObject* list = PyList_New(*$2);

 	int i;

 	for (i = 0; i < *$2; i++) {

-		PyList_SetItem(list, i, PyString_FromString((*$1)[i]));

+		PyList_SetItem(list, i, PyBytes_FromString((*$1)[i]));

 	}

 	$result = SWIG_Python_AppendOutput($result, list);

 }

@@ -74,7 +74,9 @@ def install(src, dest):

 			len++;

 		plist = PyList_New(len);

 		for (i = 0; i < len; i++) {

-			PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));

+			PyList_SetItem(plist, i, 

+                                       PyBytes_FromString((*$1)[i])

+                                       );

 		}

 	} else {

 		plist = PyList_New(0);

@@ -91,7 +93,9 @@ def install(src, dest):

 	if (*$1) {

 		plist = PyList_New(result);

 		for (i = 0; i < result; i++) {

-			PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));

+			PyList_SetItem(plist, i, 

+                                       PyBytes_FromString((*$1)[i])

+                                       );

 		}

 	} else {

 		plist = PyList_New(0);

@@ -144,16 +148,20 @@ def install(src, dest):

 	$1 = (char**) malloc(size + 1);

 	for(i = 0; i < size; i++) {

-		if (!PyString_Check(PySequence_GetItem($input, i))) {

-			PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");

+		if (!PyBytes_Check(PySequence_GetItem($input, i))) {

+			PyErr_SetString(PyExc_ValueError, "Sequence must contain only bytes");

+

 			return NULL;

 		}

+

 	}

 	for(i = 0; i < size; i++) {

 		s = PySequence_GetItem($input, i);

-		$1[i] = (char*) malloc(PyString_Size(s) + 1);

-		strcpy($1[i], PyString_AsString(s));

+

+		$1[i] = (char*) malloc(PyBytes_Size(s) + 1);

+		strcpy($1[i], PyBytes_AsString(s));

+

 	}

 	$1[size] = NULL;

 }