- reverted patch for #400461 (not correct)

- fixed wrong %{chroot}/dev/* labelling during fresh system installation
    (#431202)

bind-chroot-admin.in

@@ -97,11 +97,6 @@ function check_dirs()
     [ ! -e "${BIND_CHROOT_PREFIX}/etc/localtime" ] &&  [ -e /etc/localtime ] && /bin/cp -fp /etc/localtime "${BIND_CHROOT_PREFIX}/etc/localtime";
     /bin/chown --preserve-root root:named "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero};
     /bin/chmod --preserve-root 660 "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero};
-    if selinux_enabled && [ -x /sbin/restorecon ]; then       
-       for dev in random zero null; do
-	   /sbin/restorecon ${BIND_CHROOT_PREFIX}/dev/$dev;
-       done
-    fi;
 }
 
 check_dirs;
@@ -264,7 +259,8 @@ function sync_files()
     chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.} >/dev/null 2>&1;
     if [ -e $changed ]; then
 	if selinux_enabled && [ -x /sbin/restorecon ]; then
-	   /sbin/restorecon -R ${BIND_CHROOT_PREFIX}/{dev,etc,var} >/dev/null 2>&1;
+# XXX Do not restorecon ${chroot}/dev/*, done in initscript (#431202)
+	   /sbin/restorecon -R ${BIND_CHROOT_PREFIX}/{etc,var} >/dev/null 2>&1;
 	   /sbin/restorecon /etc/named.*    >/dev/null 2>&1;
 	   /sbin/restorecon /etc/rndc.key   >/dev/null 2>&1;
 	   /sbin/restorecon /etc/rndc.conf  >/dev/null 2>&1;

bind.spec

@@ -20,7 +20,7 @@ Summary: 	The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name: 		bind
 License: 	ISC
 Version: 	9.5.0
-Release: 	25.%{RELEASEVER}%{?dist}
+Release: 	25.1.%{RELEASEVER}%{?dist}
 Epoch:   	32
 Url: 		http://www.isc.org/products/BIND/
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -253,7 +253,7 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named
 %patch85 -p1 -b .libidn3
 %patch86 -p0 -b .CVE-2008-0122
 %patch87 -p1 -b .parallel
-%patch88 -p1 -b .transfer-segv
+#%patch88 -p1 -b .transfer-segv
 :;
 
 
@@ -654,6 +654,11 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_sbindir}/bind-chroot-admin
 
 %changelog
+* Fri Feb 08 2008 Adam Tkac <atkac redhat com> 32:9.5.0-25.1.b1
+- reverted patch for #400461 (not correct)
+- fixed wrong %{chroot}/dev/* labelling during fresh system installation
+  (#431202)
+
 * Mon Feb 04 2008 Adam Tkac <atkac redhat com> 32:9.5.0-25.b1
 - fixed segfault during sending notifies (#400461)
 - rebuild with gcc 4.3 series

named.init

@@ -81,6 +81,13 @@ start()
 
   ckcf_options='-z'; # enable named-checkzone for each zone (9.3.1+) !
   if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
+# XXX There's no way how label devs correctly during installation because
+#     bind-chroot is installed before selinux-policy-targeted (#431202)
+    if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && [ -x /sbin/restorecon ]; then
+       for dev in random zero null; do
+           /sbin/restorecon ${ROOTDIR}/dev/$dev;
+       done
+    fi;
     OPTIONS="${OPTIONS} -t ${ROOTDIR}"
     ckcf_options="$ckcf_options -t ${ROOTDIR}";
     [ -s /etc/localtime ] && cp -fp /etc/localtime ${ROOTDIR}/etc/localtime;