During the configuration of a system towards SELinux, there might be a situation where SELinux is active but no valid policy is loaded. If that is the case, then any attempt to execute some SELinux changes (like setexeccon to the portage_fetch_t domain) will fail. Sadly, FEATURES="-selinux" does not prevent these operations. Portage currently only checks if SELinux is enabled or not. It would be a good idea if FEATURES="-selinux" would be honored here as well. A reported stacktrace: Traceback (most recent call last): File "/usr/lib64/python2.7/site-packages/portage/util/_async/ForkProcess.py", line 45, in _spawn rval = self._run() File "/usr/lib64/python2.7/site-packages/_emerge/EbuildFetcher.py", line 172, in _run allow_missing_digests=allow_missing): File "/usr/lib64/python2.7/site-packages/portage/package/ebuild/fetch.py", line 520, in fetch if _userpriv_test_write_file(mysettings, write_test_file): File "/usr/lib64/python2.7/site-packages/portage/package/ebuild/fetch.py", line 134, in _userpriv_test_write_file returncode = _spawn_fetch(settings, args) File "/usr/lib64/python2.7/site-packages/portage/package/ebuild/fetch.py", line 87, in _spawn_fetch settings["PORTAGE_FETCH_T"]) File "/usr/lib64/python2.7/site-packages/portage/_selinux.py", line 122, in __init__ self._con = settype(selinux_type) File "/usr/lib64/python2.7/site-packages/portage/_selinux.py", line 76, in settype ret[2] = newtype IndexError: list assignment index out of range [31;01m * [39;49;00mFetch failed for 'sys-libs/libutempter-1.1.6-r1', Log file: [31;01m * [39;49;00m '/var/tmp/portage/sys-libs/libutempter-1.1.6-r1/temp/build.log' Before patching, we need to try to reproduce this situation, as well as validate if expanding the FEATURES="-selinux" to such calls is logically sound or not.
