diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.17.15/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/include/selinux/selinux.h	2004-10-22 13:23:55.405713888 -0400
@@ -62,6 +62,15 @@
 extern int setfilecon(const char *path, security_context_t con);
 extern int lsetfilecon(const char *path, security_context_t con);
 extern int fsetfilecon(int fd, security_context_t con);
+/* setfileflag marks a file context as customized.  IE. a default setfiles 
+   will not relabel it.
+*/
+/* The following bit constants can be used with flags */
+#define SELINUX_CUSTOMIZE 0 << 1
+extern int setfileflag(const char *path, int flag);
+extern int lsetfileflag(const char *path, int flag);
+extern int getfileflag(const char *path, int *flag);
+extern int lgetfileflag(const char *path, int *flag);
 
 
 /* Wrappers for the socket API */
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.17.15/src/getfilecon.c
--- nsalibselinux/src/getfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/src/getfilecon.c	2004-10-22 13:16:07.041916008 -0400
@@ -5,6 +5,7 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/xattr.h>
+#include <netinet/in.h>
 #include "policy.h"
 
 int getfilecon(const char *path, security_context_t *context)
@@ -43,3 +44,15 @@
 		*context = buf;
 	return ret;
 }
+
+int getfileflag(const char *path, int *retflag)
+{
+	int flag=0;
+	int rc=0;
+	rc=lgetxattr(path, XATTR_NAME_SELINUX_FLAG, &flag, sizeof(flag));
+	if (rc==0) 
+		*retflag=ntohl(flag);
+	else 
+		*retflag=0;
+	return rc;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.17.15/src/lgetfilecon.c
--- nsalibselinux/src/lgetfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/src/lgetfilecon.c	2004-10-22 13:16:31.500197784 -0400
@@ -5,6 +5,7 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/xattr.h>
+#include <netinet/in.h>
 #include "policy.h"
 
 int lgetfilecon(const char *path, security_context_t *context)
@@ -43,3 +44,14 @@
 		*context = buf;
 	return ret;
 }
+int lgetfileflag(const char *path, int *retflag)
+{
+	int flag=0;
+	int rc=0;
+	rc=lgetxattr(path, XATTR_NAME_SELINUX_FLAG, &flag, sizeof(flag));
+	if (rc==0) 
+		*retflag=ntohl(flag);
+	else 
+		*retflag=0;
+	return rc;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lsetfilecon.c libselinux-1.17.15/src/lsetfilecon.c
--- nsalibselinux/src/lsetfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/src/lsetfilecon.c	2004-10-22 13:16:53.540847096 -0400
@@ -5,9 +5,15 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/xattr.h>
+#include <netinet/in.h>
 #include "policy.h"
 
 int lsetfilecon(const char *path, security_context_t context)
 {
 	return lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context)+1, 0);
 }
+int lsetfileflag(const char *path, int flag)
+{
+	int nflag=htonl(flag);
+	return lsetxattr(path, XATTR_NAME_SELINUX_FLAG, &nflag, sizeof(nflag), 0);
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/policy.h libselinux-1.17.15/src/policy.h
--- nsalibselinux/src/policy.h	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/src/policy.h	2004-10-20 14:23:35.000000000 -0400
@@ -5,6 +5,7 @@
 
 /* xattr name for SELinux attributes. */
 #define XATTR_NAME_SELINUX "security.selinux"
+#define XATTR_NAME_SELINUX_FLAG "security.selinux.flag"
 
 /* Initial length guess for getting contexts. */
 #define INITCONTEXTLEN 255
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfilecon.c libselinux-1.17.15/src/setfilecon.c
--- nsalibselinux/src/setfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.17.15/src/setfilecon.c	2004-10-22 13:14:31.629420912 -0400
@@ -11,3 +11,8 @@
 {
 	return setxattr(path, XATTR_NAME_SELINUX, context, strlen(context)+1, 0);
 }
+int setfileflag(const char *path, int flag)
+{
+	int nflag=htonl(flag);
+	return setxattr(path, XATTR_NAME_SELINUX_FLAG, &nflag, sizeof(nflag), 0);
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getfileflag.c libselinux-1.17.15/utils/getfileflag.c
--- nsalibselinux/utils/getfileflag.c	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.17.15/utils/getfileflag.c	2004-10-22 13:20:33.392424576 -0400
@@ -0,0 +1,24 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv) 
+{
+	int rc, i;
+	int flag;
+	if (argc < 2) {
+		fprintf(stderr, "usage:  %s path...\n", argv[0]);
+		exit(1);
+	}
+
+	for (i = 1; i < argc; i++) {
+		rc = getfileflag(argv[i], &flag);
+		if (rc < 0) {
+			fprintf(stderr, "%s:  getfileflag(%s) failed\n", argv[0], argv[i]);
+			exit(2);
+		}
+		printf("%s\t%d\n", argv[i], flag);
+	}
+	exit(0);
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/setfileflag.c libselinux-1.17.15/utils/setfileflag.c
--- nsalibselinux/utils/setfileflag.c	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.17.15/utils/setfileflag.c	2004-10-22 13:22:31.436479152 -0400
@@ -0,0 +1,25 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+#include <errno.h>
+#include <string.h>
+
+int main(int argc, char **argv) 
+{
+	int rc, i;
+	int flag=SELINUX_CUSTOMIZE;
+	if (argc < 2) {
+		fprintf(stderr, "usage:  %s path...\n", argv[0]);
+		exit(1);
+	}
+
+	for (i = 1; i < argc; i++) {
+		rc = setfileflag(argv[i],flag);
+		if (rc < 0) {
+			fprintf(stderr, "%s:  setfileflag(%s) failed: %s\n", argv[0], argv[i],strerror(errno));
+			exit(2);
+		}
+	}
+	exit(0);
+}