>>> Installing (7 of 10) sec-policy/selinux-unconfined-2.20120725-r5
* Removing /usr/share/info
* Removing /usr/share/doc
* checking 2 files for package collisions
* This package will overwrite one or more files that may belong to other
* packages (see list below). You can use a command such as `portageq
* owners / <filename>` to identify the installed package that owns a
* file. If portageq reports that only one package owns a file then do
* NOT file a bug report. A bug report is only useful if it identifies at
* least two or more packages that are known to install the same file(s).
* If a collision occurs and you can not explain where the file came from
* then you should simply ignore the collision since there is not enough
* information to determine if a real problem exists. Please do NOT file
* a bug report at http://bugs.gentoo.org unless you report exactly which
* two packages install the same file(s). Once again, please do NOT file
* a bug report unless you have completely understood the above message.
* Detected file collision(s):
* Searching all installed packages for file collisions...
* Press Ctrl-C to Stop
* Package 'sec-policy/selinux-unconfined-2.20120725-r5' NOT merged due
* to file collisions. If necessary, refer to your elog messages for the
* whole content of the above message.
>>> Failed to install sec-policy/selinux-unconfined-2.20120725-r5, Log file:
Hmm, it's indeed offered by the selinux-base-policy already. I might just remove the selinux-unconfined package alltogether.
(In reply to comment #1)
> Hmm, it's indeed offered by the selinux-base-policy already. I might just
> remove the selinux-unconfined package alltogether.
may need to add a block ?
Actually, I need to do the inverse: do not have selinux-base-policy provide unconfined. Its needed to support mls/mcs properly as those do not have a "strict/targeted" separation which we have for the normal policies. Also, this is how it is handled "upstream" as well.
Okay, we will be supporting USE=unconfined so that, if a user uses SELinux policy types "mcs" or "mls", then USE=unconfined will update their configuration to use the unconfined domains (for users, i.e. in the seusers file, as well as by depending on selinux-unconfined).
For the "targeted" and "strict" the current behavior remains (i.e. targeted = strict with unconfined in).
If you use the live ebuilds, they should support this already. Otherwise, this change will propagate with the r9 (and later) releases.
r9 in hardened-dev overlay
r9 in main repo, ~arch'ed
Forgot to mention... stabilized a while ago ;)