Today I tried to update to latest stable packages, including the updates to the policies. I think the errormessages says it all Reproducible: Always Steps to Reproduce: 1. emerge --sync 2. emerge =sec-policy/selinux-base-policy-20070928 Actual Results: >>> Original instance of package unmerged safely. * localepurge: processing locale files in /usr/share/locale ... * localepurge: processing locale files in /usr/lib/locale ... * localepurge: processing man pages in /usr/share/man ... * localepurge: processing man pages in /usr/local/share/man ... * Inserting base module into strict module store. libsepol.scope_copy_callback: snmp: Duplicate declaration in module: type/attribute snmpd_etc_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! * Inserting base module into targeted module store. libsepol.scope_copy_callback: snmp: Duplicate declaration in module: type/attribute snmpd_etc_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! >>> sec-policy/selinux-base-policy-20070928 merged. Expected Results: semodule should be able to link the modules and use the policies. SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive Policy version: 21 Policy from config file: targeted Portage 2.1.3.19 (selinux/2007.0/x86/hardened, gcc-4.2.2, glibc-2.6.1-r0, 2.6.23-hardened-r4 i686) ================================================================= System uname: 2.6.23-hardened-r4 i686 Intel(R) Pentium(R) 4 CPU 2.66GHz Timestamp of tree: Sun, 03 Feb 2008 10:16:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] app-shells/bash: 3.2_p17-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium4 -pipe -fforce-addr -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=pentium4 -pipe -fforce-addr -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS=" --nospinner" FEATURES="ccache distlocks loadpolicy metadata-transfer parallel-fetch sandbox selinux sesandbox sfperms strict test unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="ftp://ftp.sunet.se/pub/os/Linux/distributions/gentoo" LANG="sv" LC_ALL="sv_SE.UTF-8" LINGUAS="sv" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/overlays/portage /usr/local/overlays/pieworld /usr/portage/local/layman/webapps-experimental" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="apache2 bash-completion berkdb bitmap-fonts bzip2 cli cracklib crypt cups curl dri fam fbcon ffmpeg fortran gdbm gmp gpm hardened hpn iconv ipv6 isdnlog jpeg keyutils logrotate lzo midi mmx mudflap mysql ncurses network-cron nls nonfsv4 nptl nptlonly offensive openmp pam parport pcre perl pic png pppd python readline reflection selinux sensord serial session slang spl srvdir sse sse2 ssl syslog tcpd test tiff truetype-fonts type1-fonts unicode unzip x86 xattr xinetd xorg zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="sv" USERLAND="GNU" VIDEO_CARDS="none" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
After playing around a bit with my policies it seems like I can't reproduce the problem any longer.