I try SELinux with systemd by starting the SELinux stage3 and rebuilding with USE=systemd set. This worked until virtual/udev-217-r2 was stabilized, which created a dependency loop. I imagine it would be safe to move the selinux-base-policy dependency from RDEPEND to PDEPEND to fix the loop, since switching init to systemd wouldn't need the new policy until after a reboot. Reproducible: Always Steps to Reproduce: 1. Enter the SELinux stage3, sync, and set USE=systemd 2. emerge --changed-use --deep --jobs=4 --update --verbose --with-bdeps=y @world Actual Results: * Error: circular dependencies: (sec-policy/selinux-base-2.20200818-r1:0/0::gentoo, ebuild scheduled for merge) depends on (virtual/udev-217-r2:0/0::gentoo, ebuild scheduled for merge) (buildtime) (sys-apps/systemd-246-r2:0/2::gentoo, ebuild scheduled for merge) (runtime) (sec-policy/selinux-base-policy-2.20200818-r1:0/0::gentoo, ebuild scheduled for merge) (runtime) (sec-policy/selinux-base-2.20200818-r1:0/0::gentoo, ebuild scheduled for merge) (buildtime) It might be possible to break this cycle by applying the following change: - sys-apps/systemd-246-r2 (Change USE: -selinux) Expected Results: It should be able to update the stage3. --- sys-apps/systemd/systemd-246-r2.ebuild +++ sys-apps/systemd/systemd-246-r2.ebuild @@ -105,7 +105,6 @@ acct-user/systemd-resolve acct-user/systemd-timesync >=sys-apps/baselayout-2.2 - selinux? ( sec-policy/selinux-base-policy[systemd] ) sysv-utils? ( !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) @@ -124,6 +123,7 @@ hwdb? ( >=sys-apps/hwids-20150417[udev] ) >=sys-fs/udev-init-scripts-34 policykit? ( sys-auth/polkit ) + selinux? ( sec-policy/selinux-base-policy[systemd] ) !vanilla? ( sys-apps/gentoo-systemd-integration )" BDEPEND="
Why does selinux-base depend on virtual/udev?
It looks like a dependency on >=sys-fs/udev-151 was added in 2012. https://gitweb.gentoo.org/repo/gentoo/historical.git/commit/?id=44188e28a612d493fb7ecefc72782a2765f35625 I would guess that this version of the policy was incompatible with older versions of udev. If that is indeed the reason, I think a blocker like "!<sys-fs/udev-151" would have been more appropriate. This was later updated to virtual/udev: https://gitweb.gentoo.org/repo/gentoo/historical.git/commit/?id=ad4a0bfba46dcf8ef4027029cec29ce65a54dee1 I think dropping this dependency would be fine at this point.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5264e3ef824d7debff99038a4285b0de6c363914 commit 5264e3ef824d7debff99038a4285b0de6c363914 Author: Jason Zaman <perfinion@gentoo.org> AuthorDate: 2020-11-03 05:27:33 +0000 Commit: Jason Zaman <perfinion@gentoo.org> CommitDate: 2020-11-03 05:27:33 +0000 sec-policy/selinux-base: Drop unnecessary virtual/udev dep Closes: https://bugs.gentoo.org/752186 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Jason Zaman <perfinion@gentoo.org> sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild | 3 +-- sec-policy/selinux-base/selinux-base-2.20190609-r1.ebuild | 3 +-- sec-policy/selinux-base/selinux-base-2.20200818-r1.ebuild | 3 +-- sec-policy/selinux-base/selinux-base-9999.ebuild | 5 ++--- 4 files changed, 5 insertions(+), 9 deletions(-)
