From da867f68b2f7c94cbc6a455ba7033871e2e536f9 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 19 Nov 2012 16:10:27 -0500
Subject: [PATCH] policycoreutils: semanage: good error message is sepolgen
 python module missing

We only need the sepolgen python module if we are setting up permissive
types.  As this has been removed from the core code in Fedora/RHEL we
include a better user error message pointing them how to find the
required module.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
---
 policycoreutils/semanage/semanage    | 4 ++--
 policycoreutils/semanage/seobject.py | 8 ++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index f4602a9c..6e33c855 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -375,8 +375,8 @@ Object-specific Options (see above):
 			OBJECT = seobject.moduleRecords(store)
 
 		if object == "permissive":
-			OBJECT = seobject.permissiveRecords(store)
-		
+                       OBJECT = seobject.permissiveRecords(store)
+
 		if object == "dontaudit":
                         OBJECT = seobject.dontauditClass(store)
 
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 3a7bb8bf..85bc37f4 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -27,7 +27,6 @@ PROGNAME = "policycoreutils"
 import sepolicy
 from sepolicy import boolean_desc, boolean_category, gen_bool_dict
 gen_bool_dict()
-import sepolgen.module as module
 from IPy import IP
 
 import gettext
@@ -258,7 +257,7 @@ class semanageRecords:
 
 class moduleRecords(semanageRecords):
 	def __init__(self, store):
-               semanageRecords.__init__(self, store)
+	       semanageRecords.__init__(self, store)
 
 	def get_all(self):
                l = []
@@ -375,6 +374,11 @@ class permissiveRecords(semanageRecords):
 
 	def add(self, type):
                import glob
+	       try:
+		       import sepolgen.module as module
+	       except ImportError:
+		       raise ValueError(_("The sepolgen python module is required to setup permissive domains.\nIn some distributions it is included in the policycoreutils-devel patckage.\n# yum install policycoreutils-devel\nOr similar for your distro."))
+		
                name = "permissive_%s" % type
                dirname = "/var/lib/selinux"
                os.chdir(dirname)