This one takes a bit of arguing to justify. I'm putting this into the profile group rather than selinux because this is more of a profile rather than selinux issue. So, sys-apps/busybox is a part of the default Gentoo system package set as via /usr/portage/profiles/prefix/linux/packages This is not controversial and not something I feel needs changing in of itself. When you build a SELinux system, buxybox comes along for the ride, which is expected behaviour. But then this will happen when you build SELinux: # USE="-static-libs" emerge dev-libs/libpcre sys-apps/busybox sys-libs/libselinux -av These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] dev-libs/libpcre-8.36:3 USE="bzip2 cxx readline recursion-limit (unicode) zlib -jit -libedit -pcre16 -pcre32 -static-libs*" ABI_X86="(64) -32 (-x32)" 1498 KiB [ebuild R ] sys-libs/libselinux-2.3-r1 USE="(python) ruby static-libs" ABI_X86="(64) -32 (-x32)" PYTHON_TARGETS="python2_7 python3_3 (-python3_2) -python3_4" RUBY_TARGETS="ruby19 ruby20" 0 KiB [ebuild U ] sys-apps/busybox-1.22.1-r1 [1.22.1] USE="ipv6 pam (selinux) static -debug% -livecd -make-symlinks -math -mdev -savedconfig -sep-usr -syslog -systemd" 2167 KiB Total: 3 packages (1 upgrade, 2 reinstalls), Size of downloads: 3665 KiB The following USE changes are necessary to proceed: (see "package.use" in the portage(5) man page for more details) # required by sys-apps/busybox-1.22.1-r1[static] # required by @system # required by @world (argument) =sys-libs/libselinux-2.3-r1 static-libs (libselinux depends on libpcre as well, not sure why portage doesn't consistently highlight that for me) I am forcing the visibility of this with the USE="-static-libs", though this happily shows up if I remove package.use entries that fix this issue. This necessitates the following package.use entries: dev-libs/libpcre static-libs sys-libs/libselinux static-libs My proposed solution to that minor annoyance is to push the formerly local (yet mandatory by profile choice) package.use entries into the relevant package.use files in the selinux profiles. After that, that's one less nag with building out a SELinux profile. Reproducible: Always
[13] hardened/linux/amd64/selinux [15] hardened/linux/amd64/no-multilib/selinux There are SELinux profiles already, did you mean for this to go in the base hardened profile, or the selinux profile?
Just the selinux profiles, as this is an issue that only happens when you build out a selinux system. So I don't feel its' necessary to push this into the base hardened profile. Basically I am trying to push configuration settings that are mandatory into the relevant ebuild or profile itself rather than leaving it to the user to fix when working through a build.
There are a few options here: 1) Use package.use.force to enable the static-libs useflag on libpcre and libselinux. 2) Make libpcre and libselinux do IUSE="+static-libs" so it is enabled by default. 3) Make busybox not enable the static useflag by default. 4) Remove busybox from the system set so it is not pulled in on the stage3. A mix of 1&2 is possible. 3 seems unlikely. 4 is probably complicated but might be worth a shot
I would go with (1). Easiest and, if ever needed, can be easily reversed (at which point we can look at (2), but for now I think the USE setting is pretty mandatory anyway).
committed. # Jason Zaman <perfinion@gentoo.org> (03 Dec 2014) # sys-apps/busybox has IUSE="+static", so force static-libs on its deps # so stages can build with no interacton. Bug #527938 sys-libs/libselinux static-libs dev-libs/libpcre static-libs
