>>
>> Converting setsebool to using libsemanage is the highest priority,
>> followed by a policy package that is based on refpolicy and that has the
>> necessary migration steps in its %post scriptlet.  Everything else is
>> less critical to initial deployment in test1 IMHO.
>
> I'm not sure why it's so critical, given that we already have working 
> boolean support in libselinux. However, if no one else is working on 
> this, I can try to convert the permanent update (-P) to use 
> libsemanage...
Patch attached.
Changes:

- move manpage and setsebools into policycoreutils package
- change manpage not to mention /etc/selinux/?/booleans
- link against libsemanage
- cleanup warnings exposed by -Werror in new Makefile
- implement preservebools=1 via a function similar to the selinux one
- always pass preservebools = 0 to the libselinux fn
- separate code paths for error and success (don't like fallthrough - 
error-prone)
- always return -1 on failure. I highly dislike any creativity with the 
return value. If I could change the retval of all the libselinux and 
libsepol code to be -1 on failure everywhere (or better...using the 
internal status codes), I would be very happy.

Note1:  this does not yet work, because now load_policy tries to 
sabotage my boolean load (by setting preservebools to 1 by default, and 
not loading anything). What should I do about that? Should anything be 
done at all, or should we respect the user load_policy flags in 
/etc/selinux.conf? (which right now I see are undocumented...)

Note2: if I go and force libsemanage to pass -b flag, it works just 
fine, but takes forever (10sec) to complete. It's not my fault, the 
module expand function is just really really slow.