proj/gentoo: Initial commit

This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
author: Robin H. Johnson <robbat2@gentoo.org> 2015-08-08 13:49:04 -0700
committer: Robin H. Johnson <robbat2@gentoo.org> 2015-08-08 17:38:18 -0700
commit: 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree: 3f91093cdb475e565ae857f1c5a7fd339e2d781e /sys-apps/policycoreutils
download: gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
15 files changed, 1129 insertions, 0 deletions
diff --git a/sys-apps/policycoreutils/Manifest b/sys-apps/policycoreutils/Manifest
new file mode 100644
index 000000000000..b62aabfc9e14
--- /dev/null
+++ b/sys-apps/policycoreutils/Manifest
@@ -0,0 +1,8 @@
+DIST patchbundle-policycoreutils-2.2.5-gentoo-r1.tar.gz 7287 SHA256 cb6915c46a5e6789f95ac254d34b1d890055b31ded61596ffb5bf925aa8c446a SHA512 be6eeaf4927d80f2c198ecc4fbe88a3e960380a0de532155eff3a12157df0615e7b3ffbc09e984df08fb32ce5b62f75147559a093b620a98d9ff836ad07b18b0 WHIRLPOOL de7e0348abc45713ede926d79f26bb8590c41db6f984ff8f29a01b933f6e3c38531682f10a0d7de73f8b26994ac9a476bd9d54fc36fb45689f7ad9eca5206f09
+DIST patchbundle-policycoreutils-3.tar.gz 7294 SHA256 44db261c87f583a7620690fc5041d8a21b1c935e741fe7b594aa2cc958e3deb7 SHA512 24e4c73e97441a1042618f6a4179d71672c81f821ffc2f97a54116bf6b33a93bd7f3e2030dbdb362da5e2a7d8936604e5b0283261c7b2447cc4f7594966c73bc WHIRLPOOL d38416ff9707d7d2bbf04f5d582944a87d27de06f3d70677341d38dacc6501dd78ef01fd8a7bb044d49b1f2a8c95181e2cb1b4b81dae49819409dbcf9d7abcb7
+DIST policycoreutils-2.2.5.tar.gz 4948944 SHA256 bbf850a8c3c2f371f439d6525663eecdd3a737acd594d2f27f8d8f3a07830cc4 SHA512 88a32fbbede56f3e717394f134212ed9df9b06cbb5532168ccc03ef2a465f4320b54a561348ea5c319b5b641f7661565ad29fbdc5aae50190a6d21d076cf2c3f WHIRLPOOL 0eb0e0c7e1fc1514cb28bbda7a10066ad23a9ccfecc92dee606e3f0e71632e07fe1c4ba7ac89993adf15e9520fc9e527e16d623d56b4e96cc882bf82dea4cb14
+DIST policycoreutils-2.3.tar.gz 4984980 SHA256 864cfaee58b5d2f15b140c354e59666e57143293c89f2b2e85bc0d0e4beefcd2 SHA512 3256849d13856ec47ac85470632a57e26952c5dafffb51df4eb8e32467196ff3ef725cc582798727fe45fd6284c1893d12eae2c89088ae1758ad39faec385659 WHIRLPOOL 1dd9bfd67ebb744b8c47144966f09d8361e9018e8d941355080c274b9ac891c18eb95771f3dc8b136683224bc5f12f3fb58fa00666b5815d65e7141c31d9293d
+DIST policycoreutils-2.4.tar.gz 5004280 SHA256 b819f876f12473783ccce9f63b9a79cd77177477cd6d46818441f808cc4c3479 SHA512 0eb0ea569c1699ed78e5e9798d9f182b3a8bfa6dcd387bcc78923755b3a1cad982673db88857745154d3769d44402b87e52d5fe3024874001f61f783aa25cce6 WHIRLPOOL d101080973ef6248617b5bca9d8b76e59008061b3411aec4ed95343af09b941a34acb3bb0001da5468595c4c37684ab6f34204e18ccb3cbbd5b3d31df0cb5e7f
+DIST policycoreutils-extra-1.31.tar.bz2 16080 SHA256 ad0a78d96fd01aa51fe774e1701bd23934cd72182b2bad68112006f0ea17cc7b SHA512 520f93f1a2ce3c60a1d192b09cb9a968d207fbc6ab1f01861be95a50b65264f706335620ccbca48ce38f81581a4cf5128e5db9e5b0564460c9f05f04038abfba WHIRLPOOL 56e713b9bd8f1af1496f383f45f1ef8d373b3f45148237bfd28c016f4becaa87d932b363d165b46c657ea3a08503e7bc60b1c5a5a2a814a659770bedf33d4202
+DIST policycoreutils-extra-1.33.tar.bz2 16191 SHA256 743c3930277102f5545907314b21e98955e88be7972e30264c6cb5dca370b788 SHA512 3f6f19ae33d5b1043f2979fb3e79bc061767f7051cbd0981e5c5663b4391fa29544b2184b384c9fce7b4100623bc776748d77a01865dcee78b0756d73ee10886 WHIRLPOOL e74b9c3a6dff563b81bf3ce85119fbdfc658191ac063763f2916a7dcd90584f98cbccd1d6cd5ef3aecb00366a82c949c62ab9b907cb98800cb53d3e9ab63b492
+DIST policycoreutils-extra-1.34.tar.bz2 12107 SHA256 56ae2aac57bf104d6a8a7837b25de7978b25e0642744ef95e6e6d483201aa4ca SHA512 b1db6d70cf864023f22583e5bd24c85e796f1541f9c1bc878dd55309464b27346e05e414db3ef81bef2dfe8c8d7d7063ee7e0422878f38a3db56c67d9468b89d WHIRLPOOL 8b094818bed0e438ce4258428afa054cb561f53e303d84e171881add5952cfc0fa577bce2765294905dac8ddd5560906904958f35c96afce0f357feb5333646d
diff --git a/sys-apps/policycoreutils/files/0001-policycoreutils-pp-add-roletype-statements-for-both-.patch b/sys-apps/policycoreutils/files/0001-policycoreutils-pp-add-roletype-statements-for-both-.patch
new file mode 100644
index 000000000000..6ed451649e3e
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0001-policycoreutils-pp-add-roletype-statements-for-both-.patch
@@ -0,0 +1,61 @@
+From 7a09af2123bc0d86787ef82fc2ff43810f1712c0 Mon Sep 17 00:00:00 2001
+From: Steve Lawrence <slawrence@tresys.com>
+Date: Wed, 19 Nov 2014 11:21:42 -0500
+Subject: [PATCH 1/2] policycoreutils: pp: add roletype statements for both
+ declared and required type/typeattributes
+
+Currently, roletype statements are only added for types when they are
+declared (not required). This means that in policy like:
+
+  require {
+    type foo_t;
+  }
+  type bar_t;
+  role staff_r types foo_t, bar_t;
+
+only bar_t is associated with staff_r. This patch moves the code that
+generates roletype statements for types to outside the SCOPE_DECL check
+so that roletype statements are generated for all types, regardless of
+the required/declared scope. It further moves the code outside of the
+type/typeattribute flavor check so that roletype statements are also
+generated for typeattributes.
+
+Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
+Signed-off-by: Steve Lawrence <slawrence@tresys.com>
+Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
+Tested-by: Jason Zaman <jason@perfinion.com>
+---
+ policycoreutils/hll/pp/pp.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/policycoreutils/hll/pp/pp.c b/policycoreutils/hll/pp/pp.c
+index b1ef27f..4b9f310 100644
+--- a/policycoreutils/hll/pp/pp.c
++++ b/policycoreutils/hll/pp/pp.c
+@@ -2083,6 +2083,11 @@ static int type_to_cil(int indent, struct policydb *pdb, struct avrule_block *UN
+ 		cil_println(indent, "(typeattributeset " GEN_REQUIRE_ATTR " %s)", key);
+ 	}
+ 
++	rc = roletype_role_in_ancestor_to_cil(pdb, decl_stack, key, indent);
++	if (rc != 0) {
++		goto exit;
++	}
++
+ 	switch(type->flavor) {
+ 	case TYPE_TYPE:
+ 		if (scope == SCOPE_DECL) {
+@@ -2090,11 +2095,6 @@ static int type_to_cil(int indent, struct policydb *pdb, struct avrule_block *UN
+ 			// object_r is implicit in checkmodule, but not with CIL,
+ 			// create it as part of base
+ 			cil_println(indent, "(roletype " DEFAULT_OBJECT " %s)", key);
+-
+-			rc = roletype_role_in_ancestor_to_cil(pdb, decl_stack, key, indent);
+-			if (rc != 0) {
+-				goto exit;
+-			}
+ 		}
+ 
+ 		if (type->flags & TYPE_FLAGS_PERMISSIVE) {
+-- 
+2.0.4
+
diff --git a/sys-apps/policycoreutils/files/0010-remove-sesandbox-support.patch b/sys-apps/policycoreutils/files/0010-remove-sesandbox-support.patch
new file mode 100644
index 000000000000..52a34bd1f47b
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0010-remove-sesandbox-support.patch
@@ -0,0 +1,9 @@
+diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile
+--- policycoreutils-2.4-rc2.orig/Makefile	2014-08-28 20:13:23.212622408 +0200
++++ policycoreutils-2.4-rc2/Makefile	2014-08-28 20:14:24.136624808 +0200
+@@ -1,4 +1,4 @@
+-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
++SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
+ 
+ INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
+ 
diff --git a/sys-apps/policycoreutils/files/0020-disable-autodetection-of-pam-and-audit.patch b/sys-apps/policycoreutils/files/0020-disable-autodetection-of-pam-and-audit.patch
new file mode 100644
index 000000000000..a3eeaed901d5
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0020-disable-autodetection-of-pam-and-audit.patch
@@ -0,0 +1,108 @@
+diff -uNr policycoreutils-2.2.1.orig/newrole/Makefile policycoreutils-2.2.1/newrole/Makefile
+--- policycoreutils-2.2.1.orig/newrole/Makefile	2013-11-04 21:37:27.197018032 +0100
++++ policycoreutils-2.2.1/newrole/Makefile	2013-11-04 21:37:47.602018075 +0100
+@@ -4,8 +4,8 @@
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+ LOCALEDIR = /usr/share/locale
+-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++PAMH ?= no
++AUDITH ?= no
+ # Enable capabilities to permit newrole to generate audit records.
+ # This will make newrole a setuid root program.
+ # The capabilities used are: CAP_AUDIT_WRITE.
+@@ -24,7 +24,7 @@
+ EXTRA_OBJS =
+ override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+ LDLIBS += -lselinux -L$(PREFIX)/lib
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), yes)
+ 	override CFLAGS += -DUSE_PAM
+ 	EXTRA_OBJS += hashtab.o
+ 	LDLIBS += -lpam -lpam_misc
+@@ -32,7 +32,7 @@
+ 	override CFLAGS += -D_XOPEN_SOURCE=500
+ 	LDLIBS += -lcrypt
+ endif
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), yes)
+ 	override CFLAGS += -DUSE_AUDIT
+ 	LDLIBS += -laudit
+ endif
+@@ -49,7 +49,7 @@
+ 	IS_SUID=y
+ endif
+ ifeq ($(IS_SUID),y)
+-	MODE := 4555
++	MODE := 0555
+ 	LDLIBS += -lcap-ng
+ else
+ 	MODE := 0555
+@@ -66,7 +66,7 @@
+ 	test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
+ 	install -m $(MODE) newrole $(BINDIR)
+ 	install -m 644 newrole.1 $(MANDIR)/man1/
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), yes)
+ 	test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ ifeq ($(LSPP_PRIV),y)
+ 	install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+diff -uNr policycoreutils-2.2.1.orig/run_init/Makefile policycoreutils-2.2.1/run_init/Makefile
+--- policycoreutils-2.2.1.orig/run_init/Makefile	2013-11-04 21:37:27.115018032 +0100
++++ policycoreutils-2.2.1/run_init/Makefile	2013-11-04 21:37:47.603018075 +0100
+@@ -5,20 +5,20 @@
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+ LOCALEDIR ?= /usr/share/locale
+-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++PAMH ?= no
++AUDITH ?= no
+ 
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+ LDLIBS += -lselinux -L$(PREFIX)/lib
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), yes)
+ 	override CFLAGS += -DUSE_PAM
+ 	LDLIBS += -lpam -lpam_misc
+ else
+ 	override CFLAGS += -D_XOPEN_SOURCE=500
+ 	LDLIBS += -lcrypt
+ endif
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), yes)
+ 	override CFLAGS += -DUSE_AUDIT
+ 	LDLIBS += -laudit
+ endif
+@@ -38,7 +38,7 @@
+ 	install -m 755 open_init_pty $(SBINDIR)
+ 	install -m 644 run_init.8 $(MANDIR)/man8/
+ 	install -m 644 open_init_pty.8 $(MANDIR)/man8/
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), yes)
+ 	install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ endif
+ 
+diff -uNr policycoreutils-2.2.1.orig/setfiles/Makefile policycoreutils-2.2.1/setfiles/Makefile
+--- policycoreutils-2.2.1.orig/setfiles/Makefile	2013-11-04 21:37:27.198018032 +0100
++++ policycoreutils-2.2.1/setfiles/Makefile	2013-11-04 21:37:47.603018075 +0100
+@@ -3,7 +3,7 @@
+ SBINDIR ?= $(DESTDIR)/sbin
+ MANDIR = $(PREFIX)/share/man
+ LIBDIR ?= $(PREFIX)/lib
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++AUDITH ?= no
+ 
+ PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }')
+ ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
+@@ -12,7 +12,7 @@
+ override CFLAGS += -I$(PREFIX)/include
+ LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+ 
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), yes)
+ 	override CFLAGS += -DUSE_AUDIT
+ 	LDLIBS += -laudit
+ endif
diff --git a/sys-apps/policycoreutils/files/0030-make-inotify-check-use-flag-triggered.patch b/sys-apps/policycoreutils/files/0030-make-inotify-check-use-flag-triggered.patch
new file mode 100644
index 000000000000..6a31e255a952
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0030-make-inotify-check-use-flag-triggered.patch
@@ -0,0 +1,14 @@
+diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile
+--- policycoreutils-2.4-rc2.orig/Makefile	2014-08-28 20:22:45.230644554 +0200
++++ policycoreutils-2.4-rc2/Makefile	2014-08-28 20:27:08.642654934 +0200
+@@ -1,8 +1,8 @@
+ SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
+ 
+-INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
++INOTIFYH ?= no
+ 
+-ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
++ifeq (${INOTIFYH}, yes)
+ 	SUBDIRS += restorecond
+ endif
+ 
diff --git a/sys-apps/policycoreutils/files/0040-reverse-access-check-in-run_init.patch b/sys-apps/policycoreutils/files/0040-reverse-access-check-in-run_init.patch
new file mode 100644
index 000000000000..f53b456720ef
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0040-reverse-access-check-in-run_init.patch
@@ -0,0 +1,12 @@
+diff -uNr policycoreutils-2.2.1.orig/run_init/run_init.c policycoreutils-2.2.1/run_init/run_init.c
+--- policycoreutils-2.2.1.orig/run_init/run_init.c	2013-11-04 21:40:27.490018417 +0100
++++ policycoreutils-2.2.1/run_init/run_init.c	2013-11-04 21:40:57.088018480 +0100
+@@ -406,7 +406,7 @@
+ 			new_context);
+ 		exit(-1);
+ 	}
+-	if (! access("/usr/sbin/open_init_pty", X_OK)) {
++	if (access("/usr/sbin/open_init_pty", X_OK) != 0) {
+ 		if (execvp(argv[1], argv + 1)) {
+ 			perror("execvp");
+ 			exit(-1);
diff --git a/sys-apps/policycoreutils/files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch b/sys-apps/policycoreutils/files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch
new file mode 100644
index 000000000000..7d438983bb7e
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch
@@ -0,0 +1,11 @@
+diff -uNr policycoreutils-2.2.1.orig/load_policy/Makefile policycoreutils-2.2.1/load_policy/Makefile
+--- policycoreutils-2.2.1.orig/load_policy/Makefile	2013-11-04 21:41:28.289018546 +0100
++++ policycoreutils-2.2.1/load_policy/Makefile	2013-11-04 21:43:31.118018808 +0100
+@@ -19,7 +19,6 @@
+ 	test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ 	install -m 644 load_policy.8 $(MANDIR)/man8/
+ 	-mkdir -p $(USRSBINDIR)
+-	-ln -sf $(SBINDIR)/load_policy $(USRSBINDIR)/load_policy 
+ 
+ clean:
+ 	-rm -f $(TARGETS) *.o 
diff --git a/sys-apps/policycoreutils/files/0110-build-mcstrans-bug-472912.patch b/sys-apps/policycoreutils/files/0110-build-mcstrans-bug-472912.patch
new file mode 100644
index 000000000000..68033c705cd5
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0110-build-mcstrans-bug-472912.patch
@@ -0,0 +1,64 @@
+diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile
+--- policycoreutils-2.4-rc2.orig/Makefile	2014-08-28 20:31:19.563664821 +0200
++++ policycoreutils-2.4-rc2/Makefile	2014-08-28 20:32:25.900667435 +0200
+@@ -1,4 +1,4 @@
+-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
++SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll mcstrans
+ 
+ INOTIFYH ?= n
+ 
+diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/src/Makefile policycoreutils-2.4-rc2/mcstrans/src/Makefile
+--- policycoreutils-2.4-rc2.orig/mcstrans/src/Makefile	2014-08-28 20:31:19.562664821 +0200
++++ policycoreutils-2.4-rc2/mcstrans/src/Makefile	2014-08-28 20:33:39.345670329 +0200
+@@ -1,23 +1,10 @@
+ ARCH = $(shell uname -i)
+-ifeq "$(ARCH)" "x86_64"
+-	# In case of 64 bit system, use these lines
+-	LIBDIR=/usr/lib64
+-else 
+-ifeq "$(ARCH)" "i686"
+-	# In case of 32 bit system, use these lines
+-	LIBDIR=/usr/lib
+-else
+-ifeq "$(ARCH)" "i386"
+-	# In case of 32 bit system, use these lines
+-	LIBDIR=/usr/lib
+-endif
+-endif
+-endif
+ # Installation directories.
+ PREFIX  ?= $(DESTDIR)/usr
+ SBINDIR ?= $(DESTDIR)/sbin
+ INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+ SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
++LIBDIR ?= $(PREFIX)/lib
+ 
+ PROG_SRC=mcstrans.c  mcscolor.c  mcstransd.c  mls_level.c
+ PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
+diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/utils/Makefile policycoreutils-2.4-rc2/mcstrans/utils/Makefile
+--- policycoreutils-2.4-rc2.orig/mcstrans/utils/Makefile	2014-08-28 20:31:19.556664821 +0200
++++ policycoreutils-2.4-rc2/mcstrans/utils/Makefile	2014-08-28 20:34:14.145671701 +0200
+@@ -3,22 +3,7 @@
+ BINDIR ?= $(PREFIX)/sbin
+ 
+ ARCH = $(shell uname -i)
+-ifeq "$(ARCH)" "x86_64"
+-        # In case of 64 bit system, use these lines
+-        LIBDIR=/usr/lib64
+-else
+-ifeq "$(ARCH)" "i686"
+-        # In case of 32 bit system, use these lines
+-        LIBDIR=/usr/lib
+-else
+-ifeq "$(ARCH)" "i386"
+-        # In case of 32 bit system, use these lines
+-        LIBDIR=/usr/lib
+-endif
+-endif
+-endif
+-
+-
++LIBDIR ?= $(PREFIX)/lib
+ CFLAGS ?= -Wall
+ override CFLAGS += -I../src -D_GNU_SOURCE
+ LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
diff --git a/sys-apps/policycoreutils/files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch b/sys-apps/policycoreutils/files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch
new file mode 100644
index 000000000000..cf50664264e1
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch
@@ -0,0 +1,11 @@
+diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/src/mcscolor.c policycoreutils-2.4-rc2/mcstrans/src/mcscolor.c
+--- policycoreutils-2.4-rc2.orig/mcstrans/src/mcscolor.c	2014-08-28 21:26:25.125795076 +0200
++++ policycoreutils-2.4-rc2/mcstrans/src/mcscolor.c	2014-08-28 21:27:03.509796589 +0200
+@@ -11,6 +11,7 @@
+ #include <syslog.h>
+ #include <selinux/selinux.h>
+ #include <selinux/context.h>
++#include <selinux/av_permissions.h>
+ #include "mcstrans.h"
+ 
+ /* Define data structures */
diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml
new file mode 100644
index 000000000000..7190ed6251d1
--- /dev/null
+++ b/sys-apps/policycoreutils/metadata.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<herd>selinux</herd>
+	<longdescription>
+		Policycoreutils contains the policy core utilities that are required
+		for basic operation of a SELinux system.  These utilities include
+		load_policy to load policies, setfiles to label filesystems, newrole
+		to switch roles, and run_init to run /etc/init.d scripts in the proper
+		context.
+
+		Gentoo-specific tools include rlpkg for relabeling packages by name,
+		avc_toggle to toggle between enforcing and permissive modes, and
+		avc_enforcing to query the current mode of the system, enforcing or
+		permissive.
+	</longdescription>
+	<use>
+		<flag name="audit">Enable support for <pkg>sys-process/audit</pkg> and use the audit_* functions (like audit_getuid instead of getuid())</flag>
+	</use>
+	<upstream>
+		<remote-id type="cpe">cpe:/a:redhat:policycoreutils</remote-id>
+		<remote-id type="github">SELinuxProject/selinux</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/sys-apps/policycoreutils/policycoreutils-2.2.5-r4.ebuild b/sys-apps/policycoreutils/policycoreutils-2.2.5-r4.ebuild
new file mode 100644
index 000000000000..dedb7573d4c3
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.2.5-r4.ebuild
@@ -0,0 +1,156 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="xml"
+
+inherit multilib python-r1 toolchain-funcs eutils
+
+EXTRAS_VER="1.31"
+SEMNG_VER="2.2"
+SELNX_VER="2.2"
+SEPOL_VER="2.2"
+
+IUSE="audit pam dbus"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="http://userspace.selinuxproject.org"
+SRC_URI="http://userspace.selinuxproject.org/releases/20131030/${P}.tar.gz
+http://dev.gentoo.org/~swift/patches/policycoreutils/patchbundle-${P}-gentoo-r1.tar.gz
+	mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+COMMON_DEPS=">=sys-libs/libselinux-${SELNX_VER}[python]
+	>=sys-libs/glibc-2.4
+	>=sys-libs/libcap-1.10-r10
+	>=sys-libs/libsemanage-${SEMNG_VER}[python]
+	sys-libs/libcap-ng
+	>=sys-libs/libsepol-${SEPOL_VER}
+	sys-devel/gettext
+	dev-python/ipy
+	dbus? (
+		sys-apps/dbus
+		dev-libs/dbus-glib
+	)
+	audit? ( >=sys-process/audit-1.5.1 )
+	pam? ( sys-libs/pam )
+	${PYTHON_DEPS}"
+
+### libcgroup -> seunshare
+### dbus -> restorecond
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${COMMON_DEPS}
+	dev-python/sepolgen
+	app-misc/pax-utils"
+
+DEPEND="${COMMON_DEPS}"
+
+S1="${WORKDIR}/${P}"
+S2="${WORKDIR}/policycoreutils-extra"
+
+src_prepare() {
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+
+	EPATCH_MULTI_MSG="Applying policycoreutils patches ... " \
+	EPATCH_SUFFIX="patch" \
+	EPATCH_SOURCE="${WORKDIR}/gentoo-patches" \
+	EPATCH_FORCE="yes" \
+	epatch
+
+	epatch_user
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
+}
+
+src_compile() {
+	local use_audit="n";
+	local use_pam="n";
+	local use_dbus="n";
+	local use_sesandbox="n";
+
+	use audit && use_audit="y";
+	use pam && use_pam="y";
+	use dbus && use_dbus="y";
+
+	building() {
+		emake -C "${BUILD_DIR}" AUDIT_LOG_PRIVS="y" AUDITH="${use_audit}" PAMH="${use_pam}" INOTIFYH="${use_dbus}" SESANDBOX="${use_sesandbox}" CC="$(tc-getCC)" PYLIBVER="${EPYTHON}" || die
+	}
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
+}
+
+src_install() {
+	local use_audit="n";
+	local use_pam="n";
+	local use_dbus="n";
+	local use_sesandbox="n";
+
+	use audit && use_audit="y";
+	use pam && use_pam="y";
+	use dbus && use_dbus="y";
+
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
+		einfo "Installing policycoreutils"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" AUDITH="${use_audit}" PAMH="${use_pam}" INOTIFYH="${use_dbus}" SESANDBOX="${use_sesandbox}" AUDIT_LOG_PRIV="y" PYLIBVER="${EPYTHON}" install || return 1
+	}
+
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="${use_dbus}" SHLIBDIR="${D}$(get_libdir)/rc" install || return 1
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d"
+
+	# compatibility symlinks
+	dosym /sbin/setfiles /usr/sbin/setfiles
+	dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
+
+	# location for permissive definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
+
+	# Set version-specific scripts
+	for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
+	  python_replicate_script "${ED}/usr/bin/${pyscript}"
+	done
+	for pyscript in semanage rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+
+	dodir /usr/share/doc/${PF}/mcstrans/examples
+	cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples"
+}
+
+pkg_postinst() {
+	elog "Previous versions of policycoreutils optionally installed sesandbox support."
+	elog "However, due to the possible unsafe state of seunshare (CVE-2014-3215) and the"
+	elog "fact that sesandbox (called 'sandbox' upstream but collides with Portage sandbox)"
+	elog "has not been supported in Gentoo for a while (for one, our policies do not provide"
+	elog "sandboxing support) we have discontinued providing the sandbox related files."
+}
diff --git a/sys-apps/policycoreutils/policycoreutils-2.3-r3.ebuild b/sys-apps/policycoreutils/policycoreutils-2.3-r3.ebuild
new file mode 100644
index 000000000000..99accc5b3a70
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.3-r3.ebuild
@@ -0,0 +1,154 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="xml"
+
+inherit multilib python-r1 toolchain-funcs eutils
+
+MY_P="${P//_/-}"
+
+EXTRAS_VER="1.33"
+SEMNG_VER="2.3"
+SELNX_VER="2.3"
+SEPOL_VER="2.3"
+PATCHBUNDLE="3"
+
+IUSE="audit pam dbus"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="http://userspace.selinuxproject.org"
+SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20140506/${MY_P}.tar.gz
+http://dev.gentoo.org/~swift/patches/policycoreutils/patchbundle-${PN}-${PATCHBUNDLE}.tar.gz
+	mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+COMMON_DEPS=">=sys-libs/libselinux-${SELNX_VER}[python]
+	>=sys-libs/glibc-2.4
+	>=sys-libs/libcap-1.10-r10
+	>=sys-libs/libsemanage-${SEMNG_VER}[python]
+	sys-libs/libcap-ng
+	>=sys-libs/libsepol-${SEPOL_VER}
+	sys-devel/gettext
+	dev-python/ipy
+	dbus? (
+		sys-apps/dbus
+		dev-libs/dbus-glib
+	)
+	audit? ( >=sys-process/audit-1.5.1 )
+	pam? ( sys-libs/pam )
+	${PYTHON_DEPS}"
+
+### libcgroup -> seunshare
+### dbus -> restorecond
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${COMMON_DEPS}
+	dev-python/sepolgen
+	app-misc/pax-utils"
+
+DEPEND="${COMMON_DEPS}"
+
+S="${WORKDIR}/${MY_P}"
+S1="${WORKDIR}/${MY_P}"
+S2="${WORKDIR}/policycoreutils-extra"
+
+src_prepare() {
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+
+	EPATCH_MULTI_MSG="Applying policycoreutils patches ... " \
+	EPATCH_SUFFIX="patch" \
+	EPATCH_SOURCE="${WORKDIR}/gentoo-patches" \
+	EPATCH_FORCE="yes" \
+	epatch
+
+	epatch_user
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
+}
+
+src_compile() {
+	local use_audit="n";
+	local use_pam="n";
+	local use_dbus="n";
+	local use_sesandbox="n";
+
+	use audit && use_audit="y";
+	use pam && use_pam="y";
+	use dbus && use_dbus="y";
+
+	building() {
+		emake -C "${BUILD_DIR}" AUDIT_LOG_PRIVS="y" AUDITH="${use_audit}" PAMH="${use_pam}" INOTIFYH="${use_dbus}" SESANDBOX="${use_sesandbox}" CC="$(tc-getCC)" PYLIBVER="${EPYTHON}" || die
+	}
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
+}
+
+src_install() {
+	local use_audit="n";
+	local use_pam="n";
+	local use_dbus="n";
+	local use_sesandbox="n";
+
+	use audit && use_audit="y";
+	use pam && use_pam="y";
+	use dbus && use_dbus="y";
+
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
+		einfo "Installing policycoreutils"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" AUDITH="${use_audit}" PAMH="${use_pam}" INOTIFYH="${use_dbus}" SESANDBOX="${use_sesandbox}" AUDIT_LOG_PRIV="y" PYLIBVER="${EPYTHON}" install || return 1
+		python_optimize
+	}
+
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="${use_dbus}" SHLIBDIR="${D}$(get_libdir)/rc" install || return 1
+		python_optimize
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d"
+
+	# compatibility symlinks
+	dosym /sbin/setfiles /usr/sbin/setfiles
+	dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
+
+	# location for permissive definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
+
+	# Set version-specific scripts
+	for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
+	  python_replicate_script "${ED}/usr/bin/${pyscript}"
+	done
+	for pyscript in semanage rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+
+	dodir /usr/share/doc/${PF}/mcstrans/examples
+	cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples"
+}
diff --git a/sys-apps/policycoreutils/policycoreutils-2.4-r1.ebuild b/sys-apps/policycoreutils/policycoreutils-2.4-r1.ebuild
new file mode 100644
index 000000000000..39515e962535
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.4-r1.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="xml"
+
+inherit multilib python-r1 toolchain-funcs eutils bash-completion-r1
+
+MY_P="${P//_/-}"
+
+MY_RELEASEDATE="20150202"
+EXTRAS_VER="1.34"
+SEMNG_VER="${PV}"
+SELNX_VER="${PV}"
+SEPOL_VER="${PV}"
+
+IUSE="audit pam dbus"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz
+	http://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python]
+	>=sys-libs/glibc-2.4
+	>=sys-libs/libcap-1.10-r10:=
+	>=sys-libs/libsemanage-${SEMNG_VER}:=[python]
+	sys-libs/libcap-ng:=
+	>=sys-libs/libsepol-${SEPOL_VER}:=
+	sys-devel/gettext
+	dev-python/ipy[${PYTHON_USEDEP}]
+	dbus? (
+		sys-apps/dbus
+		dev-libs/dbus-glib:=
+	)
+	audit? ( >=sys-process/audit-1.5.1 )
+	pam? ( sys-libs/pam:= )
+	${PYTHON_DEPS}"
+
+### libcgroup -> seunshare
+### dbus -> restorecond
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${DEPEND}
+	dev-python/sepolgen
+	app-misc/pax-utils
+	!<sys-apps/openrc-0.14"
+
+S1="${WORKDIR}/${MY_P}"
+S2="${WORKDIR}/policycoreutils-extra"
+S="${S1}"
+
+src_prepare() {
+	epatch "${FILESDIR}/0010-remove-sesandbox-support.patch"
+	epatch "${FILESDIR}/0020-disable-autodetection-of-pam-and-audit.patch"
+	epatch "${FILESDIR}/0030-make-inotify-check-use-flag-triggered.patch"
+	epatch "${FILESDIR}/0040-reverse-access-check-in-run_init.patch"
+	epatch "${FILESDIR}/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch"
+	epatch "${FILESDIR}/0110-build-mcstrans-bug-472912.patch"
+	epatch "${FILESDIR}/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch"
+
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+
+	epatch_user
+
+	sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
+}
+
+src_compile() {
+	building() {
+		emake -C "${BUILD_DIR}" \
+			AUDIT_LOG_PRIVS="y" \
+			AUDITH="$(usex audit)" \
+			PAMH="$(usex pam)" \
+			INOTIFYH="$(usex dbus)" \
+			SESANDBOX="n" \
+			CC="$(tc-getCC)" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)"
+	}
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
+}
+
+src_install() {
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
+		einfo "Installing policycoreutils"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" \
+			AUDITH="$(usex audit)" \
+			PAMH="$(usex pam)" \
+			INOTIFYH="$(usex dbus)" \
+			SESANDBOX="n" \
+			AUDIT_LOG_PRIV="y" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			install
+		python_optimize
+	}
+
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="$(usex dbus)" SHLIBDIR="${D}$(get_libdir)/rc" install
+		python_optimize
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d" || die
+
+	# compatibility symlinks
+	dosym /sbin/setfiles /usr/sbin/setfiles
+	bashcomp_alias setsebool getsebool
+
+	# location for policy definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
+
+	# Set version-specific scripts
+	for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
+	  python_replicate_script "${ED}/usr/bin/${pyscript}"
+	done
+	for pyscript in semanage rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+
+	dodir /usr/share/doc/${PF}/mcstrans/examples
+	cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples" || die
+}
+
+pkg_postinst() {
+	# The selinux_gentoo init script is no longer needed with recent OpenRC
+	elog "The selinux_gentoo init script has been removed in this version as it is not required after OpenRC 0.13."
+}
diff --git a/sys-apps/policycoreutils/policycoreutils-2.4.ebuild b/sys-apps/policycoreutils/policycoreutils-2.4.ebuild
new file mode 100644
index 000000000000..642ddd910313
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.4.ebuild
@@ -0,0 +1,147 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="xml"
+
+inherit multilib python-r1 toolchain-funcs eutils
+
+MY_P="${P//_/-}"
+
+EXTRAS_VER="1.33"
+SEMNG_VER="${PV}"
+SELNX_VER="${PV}"
+SEPOL_VER="${PV}"
+
+IUSE="audit pam dbus"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz
+	mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+DEPEND=">=sys-libs/libselinux-${SELNX_VER}[python]
+	>=sys-libs/glibc-2.4
+	>=sys-libs/libcap-1.10-r10
+	>=sys-libs/libsemanage-${SEMNG_VER}[python]
+	sys-libs/libcap-ng
+	>=sys-libs/libsepol-${SEPOL_VER}
+	sys-devel/gettext
+	dev-python/ipy[${PYTHON_USEDEP}]
+	dbus? (
+		sys-apps/dbus
+		dev-libs/dbus-glib
+	)
+	audit? ( >=sys-process/audit-1.5.1 )
+	pam? ( sys-libs/pam )
+	${PYTHON_DEPS}"
+
+### libcgroup -> seunshare
+### dbus -> restorecond
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${DEPEND}
+	dev-python/sepolgen
+	app-misc/pax-utils"
+
+S="${WORKDIR}/${MY_P}"
+S1="${WORKDIR}/${MY_P}"
+S2="${WORKDIR}/policycoreutils-extra"
+
+src_prepare() {
+	epatch "${FILESDIR}/0010-remove-sesandbox-support.patch"
+	epatch "${FILESDIR}/0020-disable-autodetection-of-pam-and-audit.patch"
+	epatch "${FILESDIR}/0030-make-inotify-check-use-flag-triggered.patch"
+	epatch "${FILESDIR}/0040-reverse-access-check-in-run_init.patch"
+	epatch "${FILESDIR}/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch"
+	epatch "${FILESDIR}/0110-build-mcstrans-bug-472912.patch"
+	epatch "${FILESDIR}/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch"
+
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+
+	epatch_user
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
+}
+
+src_compile() {
+	building() {
+		emake -C "${BUILD_DIR}" \
+			AUDIT_LOG_PRIVS="y" \
+			AUDITH="$(usex audit)" \
+			PAMH="$(usex pam)" \
+			INOTIFYH="$(usex dbus)" \
+			SESANDBOX="n" \
+			CC="$(tc-getCC)" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)"
+	}
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
+}
+
+src_install() {
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
+		einfo "Installing policycoreutils"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" AUDITH="$(usex audit)" PAMH="$(usex pam)" INOTIFYH="$(usex dbus)" SESANDBOX="n" AUDIT_LOG_PRIV="y" PYLIBVER="${EPYTHON}" install
+		python_optimize
+	}
+
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="$(usex dbus)" SHLIBDIR="${D}$(get_libdir)/rc" install
+		python_optimize
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d"
+
+	# compatibility symlinks
+	dosym /sbin/setfiles /usr/sbin/setfiles
+	dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
+
+	# location for policy definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
+
+	# Set version-specific scripts
+	for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
+	  python_replicate_script "${ED}/usr/bin/${pyscript}"
+	done
+	for pyscript in semanage rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+
+	dodir /usr/share/doc/${PF}/mcstrans/examples
+	cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples"
+}
+
+pkg_postinst() {
+	# The selinux_gentoo init script is no longer needed with recent OpenRC
+	elog "The selinux_gentoo init script will be removed in future versions since it is not needed with OpenRC 0.13."
+}
diff --git a/sys-apps/policycoreutils/policycoreutils-9999.ebuild b/sys-apps/policycoreutils/policycoreutils-9999.ebuild
new file mode 100644
index 000000000000..6ec0006fc0d0
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-9999.ebuild
@@ -0,0 +1,191 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+PYTHON_REQ_USE="xml"
+
+inherit multilib python-r1 toolchain-funcs eutils bash-completion-r1
+
+MY_P="${P//_/-}"
+
+MY_RELEASEDATE="20150202"
+EXTRAS_VER="1.34"
+SEMNG_VER="${PV}"
+SELNX_VER="${PV}"
+SEPOL_VER="${PV}"
+
+IUSE="audit pam dbus"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	SRC_URI="http://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	S1="${WORKDIR}/${MY_P}/${PN}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+else
+	SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz
+		http://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	KEYWORDS="~amd64 ~x86"
+	S1="${WORKDIR}/${MY_P}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+
+DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python]
+	>=sys-libs/glibc-2.4
+	>=sys-libs/libcap-1.10-r10:=
+	>=sys-libs/libsemanage-${SEMNG_VER}:=[python]
+	sys-libs/libcap-ng:=
+	>=sys-libs/libsepol-${SEPOL_VER}:=
+	sys-devel/gettext
+	dev-python/ipy[${PYTHON_USEDEP}]
+	dbus? (
+		sys-apps/dbus
+		dev-libs/dbus-glib:=
+	)
+	audit? ( >=sys-process/audit-1.5.1 )
+	pam? ( sys-libs/pam:= )
+	${PYTHON_DEPS}"
+
+### libcgroup -> seunshare
+### dbus -> restorecond
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${DEPEND}
+	dev-python/sepolgen
+	app-misc/pax-utils
+	!<sys-apps/openrc-0.14"
+
+src_unpack() {
+	# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	fi
+	if [ -n ${A} ] ; then
+		S="${S2}"
+		unpack ${A};
+	fi
+}
+
+src_prepare() {
+	S="${S1}"
+	cd "${S}" || die "Failed to switch to ${S}"
+	if [[ ${PV} != 9999 ]] ; then
+		# If needed for live ebuilds please use /etc/portage/patches
+		epatch "${FILESDIR}/0010-remove-sesandbox-support.patch"
+		epatch "${FILESDIR}/0020-disable-autodetection-of-pam-and-audit.patch"
+		epatch "${FILESDIR}/0030-make-inotify-check-use-flag-triggered.patch"
+		epatch "${FILESDIR}/0040-reverse-access-check-in-run_init.patch"
+		epatch "${FILESDIR}/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch"
+		epatch "${FILESDIR}/0110-build-mcstrans-bug-472912.patch"
+		epatch "${FILESDIR}/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch"
+	fi
+
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+
+	epatch_user
+
+	sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
+}
+
+src_compile() {
+	building() {
+		emake -C "${BUILD_DIR}" \
+			AUDIT_LOG_PRIVS="y" \
+			AUDITH="$(usex audit)" \
+			PAMH="$(usex pam)" \
+			INOTIFYH="$(usex dbus)" \
+			SESANDBOX="n" \
+			CC="$(tc-getCC)" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)"
+	}
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
+}
+
+src_install() {
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
+		einfo "Installing policycoreutils"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" \
+			AUDITH="$(usex audit)" \
+			PAMH="$(usex pam)" \
+			INOTIFYH="$(usex dbus)" \
+			SESANDBOX="n" \
+			AUDIT_LOG_PRIV="y" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			install
+		python_optimize
+	}
+
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="$(usex dbus)" SHLIBDIR="${D}$(get_libdir)/rc" install
+		python_optimize
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d" || die
+
+	# compatibility symlinks
+	dosym /sbin/setfiles /usr/sbin/setfiles
+	bashcomp_alias setsebool getsebool
+
+	# location for policy definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
+
+	# Set version-specific scripts
+	for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
+	  python_replicate_script "${ED}/usr/bin/${pyscript}"
+	done
+	for pyscript in semanage rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+
+	dodir /usr/share/doc/${PF}/mcstrans/examples
+	cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples" || die
+}
+
+pkg_postinst() {
+	# The selinux_gentoo init script is no longer needed with recent OpenRC
+	elog "The selinux_gentoo init script has been removed in this version as it is not required after OpenRC 0.13."
+
+	for POLICY_TYPE in ${POLICY_TYPES} ; do
+		# There have been some changes to the policy store, rebuilding now.
+		# https://marc.info/?l=selinux&m=143757277819717&w=2
+		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
+		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+	done
+}
author	Robin H. Johnson <robbat2@gentoo.org>	2015-08-08 13:49:04 -0700
committer	Robin H. Johnson <robbat2@gentoo.org>	2015-08-08 17:38:18 -0700
commit	56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree	3f91093cdb475e565ae857f1c5a7fd339e2d781e /sys-apps/policycoreutils
download	gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip