The selinux profile parent use.mask should not block acl. These are not competing but complimentary systems. Reproducible: Always Steps to Reproduce: 1. 2. 3. While it's more cumbersome to configure a system with both SELinux and posix acls, there is no technical reason not to, and reasons why some systems might want it. For example, selinux has no provisions for a file owner to add or deny access to a single user, while posix acls have no way to enforce based on process. The two complement each other, even though some of the functionality partially overlaps. In addition, users might want to use acl while running an selinux system in permissive mode. Workaround: mkdir -p /etc/portage/profile && \ touch /etc/portage/profile/use.mask && \ echo "-acl" >>/etc/portage/profile/use.mask
I can't remember the exact details, but the acl USEFLAG was masked in the selinux profile about 2 years ago due to a problem in coreutils IIRC that made it's presence known once that package was compied with both selinux and acl.
(In reply to comment #1) > I can't remember the exact details, but the acl USEFLAG was masked in the > selinux profile about 2 years ago due to a problem in coreutils IIRC that made > it's presence known once that package was compied with both selinux and acl. This was fixed in coreutils a long time ago: *coreutils-5.0-r4 (12 Sep 2003) 12 Sep 2003; Seemant Kulleen <seemant@gentoo.org> coreutils-5.0-r4.ebuild: ACL patches _finally_ added into coreutils. A note about this. If "acl" and "selinux" are both in USE, then "selinux" will be preferred and "acl" discarded.
(In reply to comment #2) > (In reply to comment #1) > > I can't remember the exact details, but the acl USEFLAG was masked in the > > selinux profile about 2 years ago due to a problem in coreutils IIRC that made > > it's presence known once that package was compied with both selinux and acl. > > This was fixed in coreutils a long time ago: > > *coreutils-5.0-r4 (12 Sep 2003) > > 12 Sep 2003; Seemant Kulleen <seemant@gentoo.org> coreutils-5.0-r4.ebuild: > ACL patches _finally_ added into coreutils. A note about this. If "acl" > and "selinux" are both in USE, then "selinux" will be preferred and "acl" > discarded. There was a bug after that one, but I don't remember when it was fixed. THe mask has been removed