I have rewritten genhomedircon to work with the new local.users strategy.
First off I have added a new file homedir_template.
homedir_template is generated in the makefile by grepping for all 
HOME_DIR, HOME_ROOT, ROLEs defined in the file_contexts.

genhomedircon will generate a file_contexts/file_contexts.homedirs file

genhomedircon will generate only one HOME_ROOT based off the location in 
the /etc/default/useradd.

It will then get all unigue homedirs from getpwd calls, and generate 
entries for each homedir by replace the   HOME_DIRS entries  in 
homedir_template.

It will then read the users/local.users file and for each user with a 
role other than  user_r; entries will be generated

I am modifying matchpathcon to read file_context, file_context.homedirs 
and file_context.local in that order.

Once this is in place you can use a combination of genpolusers,  
genhomedircon and useradd to manage your SELinux user roles without
source policy.

Comments?


Dan