>>> Installing (7 of 10) sec-policy/selinux-unconfined-2.20120725-r5 * Removing /usr/share/info * Removing /usr/share/doc * checking 2 files for package collisions * This package will overwrite one or more files that may belong to other * packages (see list below). You can use a command such as `portageq * owners / <filename>` to identify the installed package that owns a * file. If portageq reports that only one package owns a file then do * NOT file a bug report. A bug report is only useful if it identifies at * least two or more packages that are known to install the same file(s). * If a collision occurs and you can not explain where the file came from * then you should simply ignore the collision since there is not enough * information to determine if a real problem exists. Please do NOT file * a bug report at http://bugs.gentoo.org unless you report exactly which * two packages install the same file(s). Once again, please do NOT file * a bug report unless you have completely understood the above message. * * Detected file collision(s): * * /usr/share/selinux/strict/unconfined.pp * /usr/share/selinux/targeted/unconfined.pp * * Searching all installed packages for file collisions... * * Press Ctrl-C to Stop * * sec-policy/selinux-base-policy-2.20120725-r5:0::gentoo * /usr/share/selinux/strict/unconfined.pp * /usr/share/selinux/targeted/unconfined.pp * * Package 'sec-policy/selinux-unconfined-2.20120725-r5' NOT merged due * to file collisions. If necessary, refer to your elog messages for the * whole content of the above message. >>> Failed to install sec-policy/selinux-unconfined-2.20120725-r5, Log file:
Hmm, it's indeed offered by the selinux-base-policy already. I might just remove the selinux-unconfined package alltogether.
(In reply to comment #1) > Hmm, it's indeed offered by the selinux-base-policy already. I might just > remove the selinux-unconfined package alltogether. may need to add a block ?
Actually, I need to do the inverse: do not have selinux-base-policy provide unconfined. Its needed to support mls/mcs properly as those do not have a "strict/targeted" separation which we have for the normal policies. Also, this is how it is handled "upstream" as well.
Okay, we will be supporting USE=unconfined so that, if a user uses SELinux policy types "mcs" or "mls", then USE=unconfined will update their configuration to use the unconfined domains (for users, i.e. in the seusers file, as well as by depending on selinux-unconfined). For the "targeted" and "strict" the current behavior remains (i.e. targeted = strict with unconfined in). If you use the live ebuilds, they should support this already. Otherwise, this change will propagate with the r9 (and later) releases.
r9 in hardened-dev overlay
r9 in main repo, ~arch'ed
Forgot to mention... stabilized a while ago ;)