As part of a larger apache emerge, several packages failed to compile w/ permission denied errors due to /usr/share/build-1/libtool which is owned by dev-libs/apr. Further investigation showed that the file was wrongfully labelled: EXPECTED: system_u:object_r:bin_t GOT : system_u:object_r:usr_t Checking the logs showed that the appropriate policy was defined in apache.pp which belongs to sec-policy/selinux-apache which in turn was emerged _after_ dev-libs/apr and thus the file ended up with the wrong label. Re-emerging or re-labeling the file naturally fixed the problem. IMHO thus dev-libs/apr should already pull in the appropriate policy file since it is affected by it. Reproducible: Always Steps to Reproduce: 1. make sure sec-policy/apache is not yet installed 2. emerge dev-libs/apr (either alone or by emerging apache for example) Actual Results: /usr/share/build-1/libtool is labeled system_u:object_r:usr_t (causing build failure for packages making use of it) Expected Results: /usr/share/build-1/libtool should be labeled system_u:object_r:bin_t
+ 30 May 2015; Lars Wendler <polynomial-c@gentoo.org> apr-1.5.0-r2.ebuild, + apr-1.5.1-r1.ebuild, apr-1.5.2.ebuild: + Added selinux dependency (bug #548264). Removed _elibtoolize kludge now that + bug #527506 is fixed. +
