dd new restorecond service

policycoreutils-rhat.patch

@@ -2177,7 +2177,7 @@ index 0000000..eeb2218
 +and
 +.I Thomas Liu <tliu@fedoraproject.org>
 diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index ec692e7..ff61262 100644
+index ec692e7..e3fa6bd 100644
 --- a/policycoreutils/sandbox/seunshare.c
 +++ b/policycoreutils/sandbox/seunshare.c
 @@ -1,28 +1,35 @@
@@ -2683,7 +2683,7 @@ index ec692e7..ff61262 100644
 +
 +	rc = 0;
 +err:
-+	fclose(fp)
++	fclose(fp);
 +	free(str);
 +	free(mem);
 +	free(cgroupname);

policycoreutils.spec

@@ -23,6 +23,7 @@ Source7: selinux-polgengui.console
 Source8: policycoreutils_man_ru2.tar.bz2
 Source9: semanage-bash-completion.sh
 Patch:	 policycoreutils-rhat.patch
+Source10: restorecond.service
 Patch1:	 policycoreutils-po.patch
 Patch3:	 policycoreutils-gui.patch
 Patch4:	 policycoreutils-sepolgen.patch
@@ -36,9 +37,11 @@ BuildRequires: pam-devel libcgroup-devel libsepol-static >= %{libsepolver} libse
 BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
 BuildRequires: python-devel
 Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
+BuildRequires:  systemd-units
 Requires: libsepol >= %{libsepolver} coreutils checkpolicy  libselinux-utils >=  %{libselinuxver}
-Requires(post): /sbin/chkconfig
-Requires(preun): /sbin/service  /sbin/chkconfig
+Requires(post): systemd-units systemd-sysv chkconfig 
+Requires(preun): systemd-units /sbin/service
+Requires(postun): systemd-units
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %description
@@ -71,7 +74,7 @@ make -C sepolgen-%{sepolgenver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optfla
 
 %install
 rm -rf %{buildroot}
-mkdir -p %{buildroot}/etc/rc.d/init.d
+mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
 mkdir -p %{buildroot}/var/lib/selinux
 mkdir -p %{buildroot}%{_bindir}
 mkdir -p %{buildroot}%{_sbindir}
@@ -87,6 +90,11 @@ mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
 cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
 
 make LSPP_PRIV=y  DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
+# Systemd 
+mkdir -p %{buildroot}%{_unitdir}
+install -m644 %{SOURCE10} %{buildroot}%{_unitdir}
+rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
+
 make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
 
 install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps
@@ -302,7 +310,6 @@ rm -rf %{buildroot}
 %package restorecond
 Summary: SELinux restorecond utilities
 Group:	 System Environment/Base
-Requires(post): /sbin/chkconfig
 
 %description restorecond
 The policycoreutils-restorecond package contains the restorecond service.
@@ -310,38 +317,47 @@ The policycoreutils-restorecond package contains the restorecond service.
 %files restorecond
 %defattr(-,root,root,-)
 %{_sbindir}/restorecond
-%attr(755,root,root) /etc/rc.d/init.d/restorecond
-%config(noreplace) /etc/selinux/restorecond.conf
-%config(noreplace) /etc/selinux/restorecond_user.conf
+%{_unitdir}/restorecond.service
+%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
+%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
 %{_sysconfdir}/xdg/autostart/restorecond.desktop
 %{_datadir}/dbus-1/services/org.selinux.Restorecond.service
 %{_mandir}/man8/restorecond.8*
 %{_mandir}/ru/man8/restorecond.8*
 
-%preun restorecond
-if [ $1 -eq 0 ]; then
-   /sbin/service restorecond stop > /dev/null 2>&1
-   /sbin/chkconfig --del restorecond
-fi
-exit 0
-
 %post restorecond
-/sbin/chkconfig --add restorecond
-exit 0
+if [ $1 -eq 1 ] ; then
+    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+fi
+
+%preun restorecond
+if [ $1 = 0 ]; then
+  /bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || :
+  /bin/systemctl stop restorecond.service > /dev/null 2>&1 || :
+fi
 
 %postun restorecond
-if [ "$1" -ge "1" ]; then 
-   [ -x /sbin/service ] && /sbin/service restorecond condrestart  > /dev/null
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+    /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 fi
-exit 0
+
+%triggerun -- restorecond < 2.0.86-13
+%{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||:
+/bin/systemctl enable restorecond.service >/dev/null 2>&1
+/sbin/chkconfig --del restorecond >/dev/null 2>&1 || :
+/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
-* Mon Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-15
+* Mon Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-16
 - Add -C option to sandbox and seunshare to maintain capabilities, otherwise 
 the bounding set will be dropped.
 - Change --cgroups short name -c rather then -C for consistancy
 - Fix memory and fd leaks in seunshare
 
+* Wed Jun 29 2011 Jóhann B. Guðmundsson <johannbg@gmail.com> - 2.0.86-15
+- Introduce systemd unit file for restorecond drop SysV support
+
 * Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-14
 - Do not drop capability bounding set in seunshare, this allows sandbox to 
 - run setuid apps.

restorecond.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Restorecon maintaining path file context
+After=syslog.target 
+ConditionPathExists=/etc/selinux/restorecond.conf
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/restorecond
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target