Add SELinux permissive domains to fedora kernels

I know its way late but I'd like to add a new SELinux concept to the F9 kernels. Its going to be a backport of a couple of my changesets headed upstream http://git.kernel.org/?p=linux/kernel/git/jmorris/selinux-2.6.git;a=commi... http://git.kernel.org/?p=linux/kernel/git/jmorris/selinux-2.6.git;a=commi... http://git.kernel.org/?p=linux/kernel/git/jmorris/selinux-2.6.git;a=commi... Only the third patch is truly interesting. A permissive domain is a new concept in which a sysadmin can say that a given domain is free to do anything it wants. Lets say a user seriously customized httpd and they want httpd to just be allowed to run wild while still keeping enforcing for everything else in the system. With the kernel patch I want to commit and the userspace changes dan has already pushed this week they just need a simple policy which says "permissive httpd_t" and all their httpd_t denials become allows! One of the upstream patches adds a BUG_ON() but I'm still a teensy bit scared of it so in the F9 patch I'll probably make it a WARN_ON since it isn't really deadly to the kernel... anyway. Chances of regression here are very very low. I would just jam this in myself but we are getting really late and I wanted people to be able to tell me no before I did it. If noone strongly objects quickly expect to see a commit message early this week.... -Eric