diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.17.15/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/include/selinux/selinux.h	2004-10-21 16:28:18.194233008 -0400
@@ -62,6 +62,13 @@
 extern int setfilecon(const char *path, security_context_t con);
 extern int lsetfilecon(const char *path, security_context_t con);
 extern int fsetfilecon(int fd, security_context_t con);
+/* setfileconperm marks a file context as permanent.  IE. a default setfiles 
+   will not relabel it.
+*/
+extern int setfileconperm(const char *path, int perm);
+extern int lsetfileconperm(const char *path, int perm);
+extern int getfileconperm(const char *path, int *perm);
+extern int lgetfileconperm(const char *path, int *perm);
 
 
 /* Wrappers for the socket API */
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.17.15/src/getfilecon.c
--- nsalibselinux/src/getfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/src/getfilecon.c	2004-10-20 16:35:52.000000000 -0400
@@ -4,7 +4,7 @@
 #include <selinux/selinux.h>
 #include <stdlib.h>
 #include <errno.h>
-#include <sys/xattr.h>
+#include <attr/xattr.h>
 #include "policy.h"
 
 int getfilecon(const char *path, security_context_t *context)
@@ -43,3 +43,9 @@
 		*context = buf;
 	return ret;
 }
+
+int getfileconperm(const char *path, int *perm)
+{
+	*perm=0;
+	return getxattr(path, XATTR_NAME_SELINUX_PERM, perm, sizeof(*perm));
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.17.15/src/lgetfilecon.c
--- nsalibselinux/src/lgetfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/src/lgetfilecon.c	2004-10-20 16:29:56.000000000 -0400
@@ -4,7 +4,7 @@
 #include <selinux/selinux.h>
 #include <stdlib.h>
 #include <errno.h>
-#include <sys/xattr.h>
+#include <attr/xattr.h>
 #include "policy.h"
 
 int lgetfilecon(const char *path, security_context_t *context)
@@ -43,3 +43,8 @@
 		*context = buf;
 	return ret;
 }
+int lgetfileconperm(const char *path, int *perm)
+{
+	*perm=0;
+	return lgetxattr(path, XATTR_NAME_SELINUX_PERM, perm, sizeof(*perm));
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lsetfilecon.c libselinux-1.17.15/src/lsetfilecon.c
--- nsalibselinux/src/lsetfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/src/lsetfilecon.c	2004-10-21 16:49:41.127197552 -0400
@@ -11,3 +11,7 @@
 {
 	return lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context)+1, 0);
 }
+int lsetfileconperm(const char *path, int perm)
+{
+	return setxattr(path, XATTR_NAME_SELINUX_PERM, &perm, sizeof(perm), 0);
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/policy.h libselinux-1.17.15/src/policy.h
--- nsalibselinux/src/policy.h	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/src/policy.h	2004-10-20 14:23:35.000000000 -0400
@@ -5,6 +5,7 @@
 
 /* xattr name for SELinux attributes. */
 #define XATTR_NAME_SELINUX "security.selinux"
+#define XATTR_NAME_SELINUX_PERM "security.selinux.perm"
 
 /* Initial length guess for getting contexts. */
 #define INITCONTEXTLEN 255
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfilecon.c libselinux-1.17.15/src/setfilecon.c
--- nsalibselinux/src/setfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/src/setfilecon.c	2004-10-21 16:49:31.985587288 -0400
@@ -11,3 +11,7 @@
 {
 	return setxattr(path, XATTR_NAME_SELINUX, context, strlen(context)+1, 0);
 }
+int setfileconperm(const char *path, int perm)
+{
+	return setxattr(path, XATTR_NAME_SELINUX_PERM, &perm, sizeof(perm), 0);
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getfileconperm.c libselinux-1.17.15/utils/getfileconperm.c
--- nsalibselinux/utils/getfileconperm.c	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.17.15/utils/getfileconperm.c	2004-10-20 16:25:47.000000000 -0400
@@ -0,0 +1,24 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv) 
+{
+	int rc, i;
+	int perm;
+	if (argc < 2) {
+		fprintf(stderr, "usage:  %s path...\n", argv[0]);
+		exit(1);
+	}
+
+	for (i = 1; i < argc; i++) {
+		rc = getfileconperm(argv[i], &perm);
+		if (rc < 0) {
+			fprintf(stderr, "%s:  getfileconperm(%s) failed\n", argv[0], argv[i]);
+			exit(2);
+		}
+		printf("%s\t%d\n", argv[i], perm);
+	}
+	exit(0);
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/setfileconperm.c libselinux-1.17.15/utils/setfileconperm.c
--- nsalibselinux/utils/setfileconperm.c	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.17.15/utils/setfileconperm.c	2004-10-21 16:50:46.098320440 -0400
@@ -0,0 +1,25 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+#include <errno.h>
+#include <string.h>
+
+int main(int argc, char **argv) 
+{
+	int rc, i;
+
+	if (argc < 2) {
+		fprintf(stderr, "usage:  %s path...\n", argv[0]);
+		exit(1);
+	}
+
+	for (i = 1; i < argc; i++) {
+		rc = setfileconperm(argv[i],1);
+		if (rc < 0) {
+			fprintf(stderr, "%s:  setfileconperm(%s) failed: %s\n", argv[0], argv[i],strerror(errno));
+			exit(2);
+		}
+	}
+	exit(0);
+}