- reverted patch for #400461 (not correct)

- fixed wrong %{chroot}/dev/* labelling during fresh system installation
    (#431202)

3 files changed, 17 insertions, 9 deletions

diff --git a/bind-chroot-admin.in b/bind-chroot-admin.in
index 3a431d4..59f50e2 100644
--- a/bind-chroot-admin.in
+++ b/bind-chroot-admin.in
@@ -97,11 +97,6 @@ function check_dirs()
     [ ! -e "${BIND_CHROOT_PREFIX}/etc/localtime" ] &&  [ -e /etc/localtime ] && /bin/cp -fp /etc/localtime "${BIND_CHROOT_PREFIX}/etc/localtime";
     /bin/chown --preserve-root root:named "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero};
     /bin/chmod --preserve-root 660 "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero};
-    if selinux_enabled && [ -x /sbin/restorecon ]; then       
-       for dev in random zero null; do
-	   /sbin/restorecon ${BIND_CHROOT_PREFIX}/dev/$dev;
-       done
-    fi;
 }
 
 check_dirs;
@@ -264,7 +259,8 @@ function sync_files()
     chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.} >/dev/null 2>&1;
     if [ -e $changed ]; then
 	if selinux_enabled && [ -x /sbin/restorecon ]; then
-	   /sbin/restorecon -R ${BIND_CHROOT_PREFIX}/{dev,etc,var} >/dev/null 2>&1;
+# XXX Do not restorecon ${chroot}/dev/*, done in initscript (#431202)
+	   /sbin/restorecon -R ${BIND_CHROOT_PREFIX}/{etc,var} >/dev/null 2>&1;
 	   /sbin/restorecon /etc/named.*    >/dev/null 2>&1;
 	   /sbin/restorecon /etc/rndc.key   >/dev/null 2>&1;
 	   /sbin/restorecon /etc/rndc.conf  >/dev/null 2>&1;
diff --git a/bind.spec b/bind.spec
index ede1998..2fe82cb 100644
--- a/bind.spec
+++ b/bind.spec
@@ -20,7 +20,7 @@ Summary: 	The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name: 		bind
 License: 	ISC
 Version: 	9.5.0
-Release: 	25.%{RELEASEVER}%{?dist}
+Release: 	25.1.%{RELEASEVER}%{?dist}
 Epoch:   	32
 Url: 		http://www.isc.org/products/BIND/
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -253,7 +253,7 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named
 %patch85 -p1 -b .libidn3
 %patch86 -p0 -b .CVE-2008-0122
 %patch87 -p1 -b .parallel
-%patch88 -p1 -b .transfer-segv
+#%patch88 -p1 -b .transfer-segv
 :;
 
 
@@ -410,7 +410,7 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int
   echo '@ in soa localhost. root 1 3H 15M 1W 1D
   ns localhost.' > sample/var/named/$f; 
 done
-/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.244 2008/02/04 13:10:39 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\
+/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.245 2008/02/08 10:23:00 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\
  *\
  * NOTE: you only need to create this file if it is to\
  * differ from the following default contents:
@@ -654,6 +654,11 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_sbindir}/bind-chroot-admin
 
 %changelog
+* Fri Feb 08 2008 Adam Tkac <atkac redhat com> 32:9.5.0-25.1.b1
+- reverted patch for #400461 (not correct)
+- fixed wrong %{chroot}/dev/* labelling during fresh system installation
+  (#431202)
+
 * Mon Feb 04 2008 Adam Tkac <atkac redhat com> 32:9.5.0-25.b1
 - fixed segfault during sending notifies (#400461)
 - rebuild with gcc 4.3 series
diff --git a/named.init b/named.init
index 0629f2e..350a8f7 100755
--- a/named.init
+++ b/named.init
@@ -81,6 +81,13 @@ start()
 
   ckcf_options='-z'; # enable named-checkzone for each zone (9.3.1+) !
   if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
+# XXX There's no way how label devs correctly during installation because
+#     bind-chroot is installed before selinux-policy-targeted (#431202)
+    if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && [ -x /sbin/restorecon ]; then
+       for dev in random zero null; do
+           /sbin/restorecon ${ROOTDIR}/dev/$dev;
+       done
+    fi;
     OPTIONS="${OPTIONS} -t ${ROOTDIR}"
     ckcf_options="$ckcf_options -t ${ROOTDIR}";
     [ -s /etc/localtime ] && cp -fp /etc/localtime ${ROOTDIR}/etc/localtime;