reinit the tree, so we can have metadata

13 files changed, 837 insertions, 0 deletions

diff --git a/sys-apps/policycoreutils/Manifest b/sys-apps/policycoreutils/Manifest
new file mode 100644
index 000000000000..792c49fdc7ae
--- /dev/null
+++ b/sys-apps/policycoreutils/Manifest
@@ -0,0 +1,18 @@
+AUX 0010-remove-sesandbox-support.patch 747 SHA256 af6969721dede49f4de4e1db8e98e8400a8f0e3ec0b55aee9295aea0d6ba3b9a SHA512 b7b54191d2b8703393dd23a7fcccbdc3e2b7234acd962e994c8549eebae6cae3b6f62055b47a2d5db94510739abfb2fa365090c452422b6fbc02ad625ebe4859 WHIRLPOOL 1ed396c3346123af9fc8a5e911a6c241e2b64d7424b2d5194b0cc7c6b44a960c70afde3d04a508ecf525af038a52c739bc424230db34fcb52096304b2cda2771
+AUX 0020-disable-autodetection-of-pam-and-audit.patch 3924 SHA256 5f322dcc8c24838ec30c1df3aa69876063989fd07389c60ef64802c6fe25e91e SHA512 0efcbe36fdaa369cb1837767e872189f9f18b58d738b38c304ef31c568e60d602cfb5f87328a3b1f209840e2ab102f2d0ee8c4e918b2866c0ca978f33252ad33 WHIRLPOOL 669a451f98f39607e6a5a235e67ab432e480327dfe8204c2fcbb7455f571da4a64e91d76926c34e7fc25cec393ed6fbabb33e46c00e4f7a30848f304ed96b61f
+AUX 0030-make-inotify-check-use-flag-triggered.patch 650 SHA256 1cf0d985c865d9afe134e598c50b40420e4a48f4fde6e5d1916a880b8c393a75 SHA512 9ae10652ae14abd8930690363d41d9cacf0d0003ff21cf75dfc52a4ab7a4ab3d1fa9f1dc6994de9ae874483297478d79ee071dae766dfabf07ba70092bd11ba4 WHIRLPOOL ebf776adb8115db80418313ee8ad80f8d03b71358b1aa790ac690cd81b3646f0818da6bbf5d2f570c4be4150e6a2b475ff848622239f65e1479f29c9eb6a44f1
+AUX 0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch 519 SHA256 63d4952efdf1fa8510485900e17f3bcb356086dda9440e3f4dd9fbcad83ec027 SHA512 c49b440ca07003688e115ea792188f37e5456d8afde0ee3be7a49af8c51ca7089e85e64ad237fbdc3c34685a58022f695f00fe443face1052f8181829678a256 WHIRLPOOL 1a246957e0aebf5129117644eb202a123ae8e43cca19b961796cc3940253e92c479819911a681d2434f794693115843cf351f04f9610e46171bef7048b59a8d1
+AUX 0110-build-mcstrans-bug-472912.patch 2509 SHA256 c89ee8947ba7d04c7df30eef7fee91233188da90718c05a93c07112eb272dd8d SHA512 97a6c17e8232dc62dd5beaf101efa1e0462eedfb9fb4eff93d96171bbd866bd12b19ada1c512eef20ba732813e6f009276debbe5385ece373dd3bad1b7e61765 WHIRLPOOL fdb2509aab5e98ed11a942457711132e5888a25c0426bde59a84fb8bd8dc3f065f0e6daba77730e94a114c1e1431a1cee17a6ccf305946a5abed328f027c0bd1
+AUX 0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch 483 SHA256 572d141797d2a164b50b081fd6167f3acd93f62cc878c8859f731580243deb7d SHA512 a8a81158924aa527038696a98503144e50ed941ba1afbf52d26fc5bb9373c7ac6fd3f864070ff717c5b45ddba0470bc43b142f02da134559af8896c15084234f WHIRLPOOL 17836a74dcd4ce605891f6bd1eeeca61d6ed1534d3f6d3e1c65d1ddd7096460cbf75eac868d2c7ef112c85f745c2b1af7ca2abf02644351c3ebbfbbffc90a99b
+AUX policycoreutils-2.7-0001-newrole-not-suid.patch 351 SHA256 5146c50018858ae42ec1be492db8aa5f9ca837df81871481240709e72bc3aafa SHA512 41c37a0711011ebdaafee01b357438ac3219b34b6c9e6ebe182c863d61c899e4819ae71bd9adf4b52bee37750c99b5b1cd40c6a92f119899bd227251d37ccd99 WHIRLPOOL 9a5496d01b53fc39c45153fc2adc658aee8bfb9074534f2ae31b61491227c606de51d335636b536d15d0f2963772fe3ba6e0c0c21ced38f2b673e217127ddb77
+AUX policycoreutils-2.7_rc1-0001-newrole-not-suid.patch 342 SHA256 a207960b6a3444dd6be69c63dee4b7cae5c9781a27ca2c3181356243a0ad8a58 SHA512 6d7296b8104d3968243d27a46b37c73155c2e37c2f842bdd8ce278a2c67891e00f08102b7baac8e57766e939213c854b9a6d860aa49470b4973880e0c77eb856 WHIRLPOOL d067a4ddd2603748bc010db6f503625fcd09e70a991716b2ae5a3fb0b37baca76b0ebec494e8ad319a5a6d17d9a47ee13878e8ccb4e717e3c109d07fcbe69ca7
+DIST policycoreutils-2.6.tar.gz 4660087 SHA256 68891b376f5048edc53c6ccb2fca44da3dc7f4563f4b6894e201d70c04a05a29 SHA512 ba289060bc348f9315bce84a5e5daf145600274289fdd2206edc10bb0ee03f9b02a9e40e9c118809961ddfe7844dee7d8952d8c9a239af7282f4fc1614c21e9d WHIRLPOOL c04a5f0f6bb044090e0d443f4497d828713fd32de4a0f5b5442e70e836da99e5e6e562a9deeedb566b07da1687c0a6b056c33b0bbe9836a71891fc6a449da60c
+DIST policycoreutils-2.7.tar.gz 2796707 SHA256 0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4 SHA512 ce97d659f72058fd23d8dab8db98fc7c0003806a636c521fa15da465d7358d40ccc8e3eaa9675f00a9b0b8aaa1465d3fb650bc0ebbbf00164e121230673256fb WHIRLPOOL f2360ab5e83f1a9a0f9e63bf700a89c28b61d13f8101c9ea2b68e9f071ede23557a0a5bec9a077b96b42be063421018ab8b85c4443e3bc1021f0d251a62de301
+DIST policycoreutils-extra-1.35.tar.bz2 12124 SHA256 25983df35c0b98fb65423f109d71c02e4d6b86415452b7a7a6e92b5e4fa4a36e SHA512 8cc3c74afee7ec38d7d085744fdd60849d3ae97a75599d2181b12b5b472a6a4445868e8a6aff707e439c10d9c378fb55e329b4db21c0a771f41180bf3b9eabc1 WHIRLPOOL 863ca52e1897cbfb9252f1afe81fef497f27ede10c74e1150c07e9f355390eca0e64c9b0cc0a48e8a7442b310387b1e929b40e2b9c14a9a095850a00983cd5f6
+DIST policycoreutils-extra-1.36.tar.bz2 8830 SHA256 2dfbe799bbbf150e68fab7e168fd71b94505c992623f30c71873213447506e8f SHA512 c6a18e6fb2d65f51dc55b88907f23241f2fbfc033d3d2888b109596d9ed31d509b2c93456727ea4d1f98544831afb15c449ff72d6aedf93b9e474b27817f7fb3 WHIRLPOOL c9772dba472b9b466181204f5bd5fb13d839042c53c84db38999a8b077b0dee1e9e78089b7b5fe4bc4076a1ad1c420528354404b292abd428a73e6f95312d0c4
+EBUILD policycoreutils-2.6-r1.ebuild 5556 SHA256 4351a449551bccb6b379e0719ebd7703da433741490dd8b5f4c9de3d0e10b853 SHA512 657e73bbe5e5540f49ab1b1cceaae293c57a2c5abab67b24624d51549745e674b91ca35619da0ff71c51f31af91500d37784bae280b1d52e715b9eda6d9f9690 WHIRLPOOL 4be6d305b90a2f2754ac9de7c1a1153d293e098d049c179e2c516d9bbd637a2c020e590b4ea0f3a1333319bf64121bd40843553d595e7f6e618b425ed86177a1
+EBUILD policycoreutils-2.7.ebuild 4962 SHA256 894b22ac63ba9f5600a0f4bf18e9ac3fbfdb33d663cd5c3990270c8bbc1b3233 SHA512 e3ec9164a11c29bbd225887784b35bc54f306ee94d9fa80963158f218d2261c8d60a63583cbb96f4186863000294fa552a434bb438d0d1fb2754e8d074bb0c12 WHIRLPOOL a71810832fbc2667bb7fd84ee565ce9835af4369c6fb7a7393e756bdd3fbd180f93fde50d9279af6495b940db7246dcf52a8b7b7283bd4b6198482cd987a61fc
+EBUILD policycoreutils-9999.ebuild 4969 SHA256 9b55417597828165a48bf0e690cb39330f632d76aa795ced6a546611270e6ee6 SHA512 6cc7dd5c825bd0c9cc63f14dc3000bbb9f7692f1fef6f9ce0f0e6fa09094846e9994f5fa8f39dea42bc52e38f0118239698e6971643ea5d539ca3a8436d763ad WHIRLPOOL d451dbfef9c95b432e81da8f294f94d3d9f6bfbf63b0833991e6ce9468e0f17891fd80866cb8f78aaab1ea1c1e41388baacd00730d09b1af28b96ff9247aefc8
+MISC ChangeLog 6931 SHA256 1b8fdfb862fa904b8e3ed6b1682d163d6d1235bc30bd44c960379f6a39703013 SHA512 5231762bf1d5e909111830c6f75d6b6aa4609d22053a746684885e032b8f6639aacc971b3c13f52254fe67ce059668da77e6a39107deff3388e6546abdc67ea6 WHIRLPOOL a7a8f56e76eb81854e85fb40258b7e569cf0bba25d659cdedeb7290b57169530cf3e7f0944441144c6797b7ec84406f82dcbe445d1ec6901e3bd4a2027019815
+MISC ChangeLog-2015 27068 SHA256 004588c7a9a83bad3e2c4f8b328c77a570e916332eda797fa504a84750373d22 SHA512 b26e0cf65b36ecd72f30f7ae4a467843434374d6c82fb3a8ca67d3a7294073f3aa78e7225052f20b9647266cff4207c95239528c128b5d13eba04e69b04c34af WHIRLPOOL a05d316fa06a95f73ee98c2f247b0cd715da322725ee2f3f09c1e82d12b0fca83cc1f17e362ad6cfb9080fe5fceccb56fab66057afde3b9a4a81554357b0394b
+MISC metadata.xml 1117 SHA256 4b5df713eb05f5d1610a5de599ae97ba21335de28b889ea5128ab52d7819f925 SHA512 1f8703b31ced13b4e15311ecc9d4e03c085eb580e61394e8781744a9c33794e0f10144617415e69b703f5716ca5fd15ad6db14fe93a95c9b5d46c429542beac5 WHIRLPOOL 86f2ca768507b5d12de4d43348bd61f84ee1851beda15e6bc4e69906c31983ab7e4975b472ce041855960252fead92cbf5b8ee889e43b0e017dca77d30706a0c
diff --git a/sys-apps/policycoreutils/files/0010-remove-sesandbox-support.patch b/sys-apps/policycoreutils/files/0010-remove-sesandbox-support.patch
new file mode 100644
index 000000000000..52a34bd1f47b
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0010-remove-sesandbox-support.patch
@@ -0,0 +1,9 @@
+diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile
+--- policycoreutils-2.4-rc2.orig/Makefile	2014-08-28 20:13:23.212622408 +0200
++++ policycoreutils-2.4-rc2/Makefile	2014-08-28 20:14:24.136624808 +0200
+@@ -1,4 +1,4 @@
+-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
++SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
+ 
+ INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
+ 
diff --git a/sys-apps/policycoreutils/files/0020-disable-autodetection-of-pam-and-audit.patch b/sys-apps/policycoreutils/files/0020-disable-autodetection-of-pam-and-audit.patch
new file mode 100644
index 000000000000..a3eeaed901d5
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0020-disable-autodetection-of-pam-and-audit.patch
@@ -0,0 +1,108 @@
+diff -uNr policycoreutils-2.2.1.orig/newrole/Makefile policycoreutils-2.2.1/newrole/Makefile
+--- policycoreutils-2.2.1.orig/newrole/Makefile	2013-11-04 21:37:27.197018032 +0100
++++ policycoreutils-2.2.1/newrole/Makefile	2013-11-04 21:37:47.602018075 +0100
+@@ -4,8 +4,8 @@
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+ LOCALEDIR = /usr/share/locale
+-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++PAMH ?= no
++AUDITH ?= no
+ # Enable capabilities to permit newrole to generate audit records.
+ # This will make newrole a setuid root program.
+ # The capabilities used are: CAP_AUDIT_WRITE.
+@@ -24,7 +24,7 @@
+ EXTRA_OBJS =
+ override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+ LDLIBS += -lselinux -L$(PREFIX)/lib
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), yes)
+ 	override CFLAGS += -DUSE_PAM
+ 	EXTRA_OBJS += hashtab.o
+ 	LDLIBS += -lpam -lpam_misc
+@@ -32,7 +32,7 @@
+ 	override CFLAGS += -D_XOPEN_SOURCE=500
+ 	LDLIBS += -lcrypt
+ endif
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), yes)
+ 	override CFLAGS += -DUSE_AUDIT
+ 	LDLIBS += -laudit
+ endif
+@@ -49,7 +49,7 @@
+ 	IS_SUID=y
+ endif
+ ifeq ($(IS_SUID),y)
+-	MODE := 4555
++	MODE := 0555
+ 	LDLIBS += -lcap-ng
+ else
+ 	MODE := 0555
+@@ -66,7 +66,7 @@
+ 	test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
+ 	install -m $(MODE) newrole $(BINDIR)
+ 	install -m 644 newrole.1 $(MANDIR)/man1/
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), yes)
+ 	test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ ifeq ($(LSPP_PRIV),y)
+ 	install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+diff -uNr policycoreutils-2.2.1.orig/run_init/Makefile policycoreutils-2.2.1/run_init/Makefile
+--- policycoreutils-2.2.1.orig/run_init/Makefile	2013-11-04 21:37:27.115018032 +0100
++++ policycoreutils-2.2.1/run_init/Makefile	2013-11-04 21:37:47.603018075 +0100
+@@ -5,20 +5,20 @@
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+ LOCALEDIR ?= /usr/share/locale
+-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++PAMH ?= no
++AUDITH ?= no
+ 
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+ LDLIBS += -lselinux -L$(PREFIX)/lib
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), yes)
+ 	override CFLAGS += -DUSE_PAM
+ 	LDLIBS += -lpam -lpam_misc
+ else
+ 	override CFLAGS += -D_XOPEN_SOURCE=500
+ 	LDLIBS += -lcrypt
+ endif
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), yes)
+ 	override CFLAGS += -DUSE_AUDIT
+ 	LDLIBS += -laudit
+ endif
+@@ -38,7 +38,7 @@
+ 	install -m 755 open_init_pty $(SBINDIR)
+ 	install -m 644 run_init.8 $(MANDIR)/man8/
+ 	install -m 644 open_init_pty.8 $(MANDIR)/man8/
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), yes)
+ 	install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ endif
+ 
+diff -uNr policycoreutils-2.2.1.orig/setfiles/Makefile policycoreutils-2.2.1/setfiles/Makefile
+--- policycoreutils-2.2.1.orig/setfiles/Makefile	2013-11-04 21:37:27.198018032 +0100
++++ policycoreutils-2.2.1/setfiles/Makefile	2013-11-04 21:37:47.603018075 +0100
+@@ -3,7 +3,7 @@
+ SBINDIR ?= $(DESTDIR)/sbin
+ MANDIR = $(PREFIX)/share/man
+ LIBDIR ?= $(PREFIX)/lib
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++AUDITH ?= no
+ 
+ PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }')
+ ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
+@@ -12,7 +12,7 @@
+ override CFLAGS += -I$(PREFIX)/include
+ LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+ 
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), yes)
+ 	override CFLAGS += -DUSE_AUDIT
+ 	LDLIBS += -laudit
+ endif
diff --git a/sys-apps/policycoreutils/files/0030-make-inotify-check-use-flag-triggered.patch b/sys-apps/policycoreutils/files/0030-make-inotify-check-use-flag-triggered.patch
new file mode 100644
index 000000000000..6a31e255a952
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0030-make-inotify-check-use-flag-triggered.patch
@@ -0,0 +1,14 @@
+diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile
+--- policycoreutils-2.4-rc2.orig/Makefile	2014-08-28 20:22:45.230644554 +0200
++++ policycoreutils-2.4-rc2/Makefile	2014-08-28 20:27:08.642654934 +0200
+@@ -1,8 +1,8 @@
+ SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
+ 
+-INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
++INOTIFYH ?= no
+ 
+-ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
++ifeq (${INOTIFYH}, yes)
+ 	SUBDIRS += restorecond
+ endif
+ 
diff --git a/sys-apps/policycoreutils/files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch b/sys-apps/policycoreutils/files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch
new file mode 100644
index 000000000000..7d438983bb7e
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch
@@ -0,0 +1,11 @@
+diff -uNr policycoreutils-2.2.1.orig/load_policy/Makefile policycoreutils-2.2.1/load_policy/Makefile
+--- policycoreutils-2.2.1.orig/load_policy/Makefile	2013-11-04 21:41:28.289018546 +0100
++++ policycoreutils-2.2.1/load_policy/Makefile	2013-11-04 21:43:31.118018808 +0100
+@@ -19,7 +19,6 @@
+ 	test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ 	install -m 644 load_policy.8 $(MANDIR)/man8/
+ 	-mkdir -p $(USRSBINDIR)
+-	-ln -sf $(SBINDIR)/load_policy $(USRSBINDIR)/load_policy 
+ 
+ clean:
+ 	-rm -f $(TARGETS) *.o 
diff --git a/sys-apps/policycoreutils/files/0110-build-mcstrans-bug-472912.patch b/sys-apps/policycoreutils/files/0110-build-mcstrans-bug-472912.patch
new file mode 100644
index 000000000000..68033c705cd5
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0110-build-mcstrans-bug-472912.patch
@@ -0,0 +1,64 @@
+diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile
+--- policycoreutils-2.4-rc2.orig/Makefile	2014-08-28 20:31:19.563664821 +0200
++++ policycoreutils-2.4-rc2/Makefile	2014-08-28 20:32:25.900667435 +0200
+@@ -1,4 +1,4 @@
+-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
++SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll mcstrans
+ 
+ INOTIFYH ?= n
+ 
+diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/src/Makefile policycoreutils-2.4-rc2/mcstrans/src/Makefile
+--- policycoreutils-2.4-rc2.orig/mcstrans/src/Makefile	2014-08-28 20:31:19.562664821 +0200
++++ policycoreutils-2.4-rc2/mcstrans/src/Makefile	2014-08-28 20:33:39.345670329 +0200
+@@ -1,23 +1,10 @@
+ ARCH = $(shell uname -i)
+-ifeq "$(ARCH)" "x86_64"
+-	# In case of 64 bit system, use these lines
+-	LIBDIR=/usr/lib64
+-else 
+-ifeq "$(ARCH)" "i686"
+-	# In case of 32 bit system, use these lines
+-	LIBDIR=/usr/lib
+-else
+-ifeq "$(ARCH)" "i386"
+-	# In case of 32 bit system, use these lines
+-	LIBDIR=/usr/lib
+-endif
+-endif
+-endif
+ # Installation directories.
+ PREFIX  ?= $(DESTDIR)/usr
+ SBINDIR ?= $(DESTDIR)/sbin
+ INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
+ SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
++LIBDIR ?= $(PREFIX)/lib
+ 
+ PROG_SRC=mcstrans.c  mcscolor.c  mcstransd.c  mls_level.c
+ PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
+diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/utils/Makefile policycoreutils-2.4-rc2/mcstrans/utils/Makefile
+--- policycoreutils-2.4-rc2.orig/mcstrans/utils/Makefile	2014-08-28 20:31:19.556664821 +0200
++++ policycoreutils-2.4-rc2/mcstrans/utils/Makefile	2014-08-28 20:34:14.145671701 +0200
+@@ -3,22 +3,7 @@
+ BINDIR ?= $(PREFIX)/sbin
+ 
+ ARCH = $(shell uname -i)
+-ifeq "$(ARCH)" "x86_64"
+-        # In case of 64 bit system, use these lines
+-        LIBDIR=/usr/lib64
+-else
+-ifeq "$(ARCH)" "i686"
+-        # In case of 32 bit system, use these lines
+-        LIBDIR=/usr/lib
+-else
+-ifeq "$(ARCH)" "i386"
+-        # In case of 32 bit system, use these lines
+-        LIBDIR=/usr/lib
+-endif
+-endif
+-endif
+-
+-
++LIBDIR ?= $(PREFIX)/lib
+ CFLAGS ?= -Wall
+ override CFLAGS += -I../src -D_GNU_SOURCE
+ LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
diff --git a/sys-apps/policycoreutils/files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch b/sys-apps/policycoreutils/files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch
new file mode 100644
index 000000000000..cf50664264e1
--- /dev/null
+++ b/sys-apps/policycoreutils/files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch
@@ -0,0 +1,11 @@
+diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/src/mcscolor.c policycoreutils-2.4-rc2/mcstrans/src/mcscolor.c
+--- policycoreutils-2.4-rc2.orig/mcstrans/src/mcscolor.c	2014-08-28 21:26:25.125795076 +0200
++++ policycoreutils-2.4-rc2/mcstrans/src/mcscolor.c	2014-08-28 21:27:03.509796589 +0200
+@@ -11,6 +11,7 @@
+ #include <syslog.h>
+ #include <selinux/selinux.h>
+ #include <selinux/context.h>
++#include <selinux/av_permissions.h>
+ #include "mcstrans.h"
+ 
+ /* Define data structures */
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch b/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch
new file mode 100644
index 000000000000..6049bbe282af
--- /dev/null
+++ b/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch
@@ -0,0 +1,13 @@
+diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
+index bdefbb8..9cff135 100644
+--- policycoreutils/newrole/Makefile
++++ policycoreutils/newrole/Makefile
+@@ -49,7 +49,7 @@ ifeq ($(NAMESPACE_PRIV),y)
+ 	IS_SUID=y
+ endif
+ ifeq ($(IS_SUID),y)
+-	MODE := 4555
++	MODE := 0555
+ 	override LDLIBS += -lcap-ng
+ else
+ 	MODE := 0555
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.7_rc1-0001-newrole-not-suid.patch b/sys-apps/policycoreutils/files/policycoreutils-2.7_rc1-0001-newrole-not-suid.patch
new file mode 100644
index 000000000000..d4aa531063ff
--- /dev/null
+++ b/sys-apps/policycoreutils/files/policycoreutils-2.7_rc1-0001-newrole-not-suid.patch
@@ -0,0 +1,13 @@
+diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
+index bdefbb8..9cff135 100644
+--- policycoreutils/newrole/Makefile
++++ policycoreutils/newrole/Makefile
+@@ -49,7 +49,7 @@ ifeq ($(NAMESPACE_PRIV),y)
+ 	IS_SUID=y
+ endif
+ ifeq ($(IS_SUID),y)
+-	MODE := 4555
++	MODE := 0555
+ 	LDLIBS += -lcap-ng
+ else
+ 	MODE := 0555
diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml
new file mode 100644
index 000000000000..16effc34b8ee
--- /dev/null
+++ b/sys-apps/policycoreutils/metadata.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>selinux@gentoo.org</email>
+		<name>SELinux Team</name>
+	</maintainer>
+	<longdescription>
+		Policycoreutils contains the policy core utilities that are required
+		for basic operation of a SELinux system.  These utilities include
+		load_policy to load policies, setfiles to label filesystems, newrole
+		to switch roles, and run_init to run /etc/init.d scripts in the proper
+		context.
+
+		Gentoo-specific tools include rlpkg for relabeling packages by name,
+		avc_toggle to toggle between enforcing and permissive modes, and
+		avc_enforcing to query the current mode of the system, enforcing or
+		permissive.
+	</longdescription>
+	<use>
+		<flag name="audit">Enable support for <pkg>sys-process/audit</pkg> and use the audit_* functions (like audit_getuid instead of getuid())</flag>
+	</use>
+	<upstream>
+		<remote-id type="cpe">cpe:/a:redhat:policycoreutils</remote-id>
+		<remote-id type="github">SELinuxProject/selinux</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild b/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild
new file mode 100644
index 000000000000..6a544ae2b9dd
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild
@@ -0,0 +1,187 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+PYTHON_REQ_USE="xml"
+
+inherit multilib python-r1 toolchain-funcs bash-completion-r1
+
+MY_P="${P//_/-}"
+
+MY_RELEASEDATE="20161014"
+EXTRAS_VER="1.35"
+SEMNG_VER="${PV}"
+SELNX_VER="${PV}"
+SEPOL_VER="${PV}"
+
+IUSE="audit pam dbus"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	SRC_URI="https://dev.gentoo.org/~swift/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	S1="${WORKDIR}/${MY_P}/${PN}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+else
+	SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz
+		https://dev.gentoo.org/~swift/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	KEYWORDS="amd64 ~arm64 ~mips x86"
+	S1="${WORKDIR}/${MY_P}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+
+DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python,${PYTHON_USEDEP}]
+	>=sys-libs/glibc-2.4
+	>=sys-libs/libcap-1.10-r10:=
+	>=sys-libs/libsemanage-${SEMNG_VER}:=[python,${PYTHON_USEDEP}]
+	sys-libs/libcap-ng:=
+	>=sys-libs/libsepol-${SEPOL_VER}:=
+	>=app-admin/setools-4.0[${PYTHON_USEDEP}]
+	sys-devel/gettext
+	dev-python/ipy[${PYTHON_USEDEP}]
+	dbus? (
+		sys-apps/dbus
+		dev-libs/dbus-glib:=
+	)
+	audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
+	pam? ( sys-libs/pam:= )
+	${PYTHON_DEPS}
+	!<sec-policy/selinux-base-policy-2.20151208-r6"
+# 2.20151208-r6 and higher has support for new setfiles
+
+### libcgroup -> seunshare
+### dbus -> restorecond
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${DEPEND}
+	dev-python/sepolgen[${PYTHON_USEDEP}]
+	app-misc/pax-utils
+	!<sys-apps/openrc-0.14"
+
+src_unpack() {
+	# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
+	default
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	fi
+}
+
+src_prepare() {
+	S="${S1}"
+	cd "${S}" || die "Failed to switch to ${S}"
+	if [[ ${PV} != 9999 ]] ; then
+		# If needed for live ebuilds please use /etc/portage/patches
+		eapply "${FILESDIR}/0010-remove-sesandbox-support.patch"
+		eapply "${FILESDIR}/0020-disable-autodetection-of-pam-and-audit.patch"
+		eapply "${FILESDIR}/0030-make-inotify-check-use-flag-triggered.patch"
+		eapply "${FILESDIR}/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch"
+		eapply "${FILESDIR}/0110-build-mcstrans-bug-472912.patch"
+		eapply "${FILESDIR}/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch"
+	fi
+
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+
+	eapply_user
+
+	sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
+}
+
+src_compile() {
+	building() {
+		emake -C "${BUILD_DIR}" \
+			AUDIT_LOG_PRIVS="y" \
+			AUDITH="$(usex audit)" \
+			PAMH="$(usex pam)" \
+			INOTIFYH="$(usex dbus)" \
+			SESANDBOX="n" \
+			CC="$(tc-getCC)" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)"
+	}
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
+}
+
+src_install() {
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
+		einfo "Installing policycoreutils"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" \
+			AUDITH="$(usex audit)" \
+			PAMH="$(usex pam)" \
+			INOTIFYH="$(usex dbus)" \
+			SESANDBOX="n" \
+			AUDIT_LOG_PRIV="y" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			install
+		python_optimize
+	}
+
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="$(usex dbus)" SHLIBDIR="${D}$(get_libdir)/rc" install
+		python_optimize
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d" || die
+
+	# compatibility symlinks
+	dosym /sbin/setfiles /usr/sbin/setfiles
+	bashcomp_alias setsebool getsebool
+
+	# location for policy definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
+
+	# Set version-specific scripts
+	for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
+	  python_replicate_script "${ED}/usr/bin/${pyscript}"
+	done
+	for pyscript in semanage rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+
+	dodir /usr/share/doc/${PF}/mcstrans/examples
+	cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples" || die
+}
+
+pkg_postinst() {
+	for POLICY_TYPE in ${POLICY_TYPES} ; do
+		# There have been some changes to the policy store, rebuilding now.
+		# https://marc.info/?l=selinux&m=143757277819717&w=2
+		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
+		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+	done
+}
diff --git a/sys-apps/policycoreutils/policycoreutils-2.7.ebuild b/sys-apps/policycoreutils/policycoreutils-2.7.ebuild
new file mode 100644
index 000000000000..2f74519d79bd
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.7.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+PYTHON_REQ_USE="xml"
+
+inherit multilib python-r1 toolchain-funcs bash-completion-r1
+
+MY_P="${P//_/-}"
+
+MY_RELEASEDATE="20170804"
+EXTRAS_VER="1.36"
+SEMNG_VER="${PV}"
+SELNX_VER="${PV}"
+SEPOL_VER="${PV}"
+
+IUSE="audit pam dbus"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	S1="${WORKDIR}/${MY_P}/${PN}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+else
+	SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz
+		https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	KEYWORDS="amd64 ~arm64 ~mips x86"
+	S1="${WORKDIR}/${MY_P}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+
+DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python,${PYTHON_USEDEP}]
+	>=sys-libs/glibc-2.4
+	>=sys-libs/libcap-1.10-r10:=
+	>=sys-libs/libsemanage-${SEMNG_VER}:=[python,${PYTHON_USEDEP}]
+	sys-libs/libcap-ng:=
+	>=sys-libs/libsepol-${SEPOL_VER}:=
+	>=app-admin/setools-4.1.1[${PYTHON_USEDEP}]
+	sys-devel/gettext
+	dev-python/ipy[${PYTHON_USEDEP}]
+	dbus? (
+		sys-apps/dbus
+		dev-libs/dbus-glib:=
+	)
+	audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
+	pam? ( sys-libs/pam:= )
+	${PYTHON_DEPS}
+	!<sec-policy/selinux-base-policy-2.20151208-r6"
+# 2.20151208-r6 and higher has support for new setfiles
+
+### libcgroup -> seunshare
+### dbus -> restorecond
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${DEPEND}
+	app-misc/pax-utils
+	!<sys-apps/openrc-0.14"
+
+PDEPEND="sys-apps/semodule-utils
+	sys-apps/selinux-python"
+
+src_unpack() {
+	# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
+	default
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	fi
+}
+
+src_prepare() {
+	S="${S1}"
+	cd "${S}" || die "Failed to switch to ${S}"
+	if [[ ${PV} != 9999 ]] ; then
+		# If needed for live ebuilds please use /etc/portage/patches
+		eapply "${FILESDIR}/policycoreutils-2.7-0001-newrole-not-suid.patch"
+	fi
+
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+
+	eapply_user
+
+	sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
+}
+
+src_compile() {
+	building() {
+		emake -C "${BUILD_DIR}" \
+			AUDIT_LOG_PRIVS="y" \
+			AUDITH="$(usex audit y n)" \
+			PAMH="$(usex pam y n)" \
+			INOTIFYH="$(usex dbus y n)" \
+			SESANDBOX="n" \
+			CC="$(tc-getCC)" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)"
+	}
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
+}
+
+src_install() {
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
+		einfo "Installing policycoreutils"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" \
+			AUDITH="$(usex audit y n)" \
+			PAMH="$(usex pam y n)" \
+			INOTIFYH="$(usex dbus y n)" \
+			SESANDBOX="n" \
+			AUDIT_LOG_PRIV="y" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			install
+		python_optimize
+	}
+
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" \
+			DESTDIR="${D}" \
+			INOTIFYH="$(usex dbus)" \
+			SHLIBDIR="${D}$(get_libdir)/rc" \
+			install
+		python_optimize
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d" || die
+
+	# compatibility symlinks
+	dosym /sbin/setfiles /usr/sbin/setfiles
+	bashcomp_alias setsebool getsebool
+
+	# location for policy definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
+
+	# Set version-specific scripts
+	for pyscript in rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+}
+
+pkg_postinst() {
+	for POLICY_TYPE in ${POLICY_TYPES} ; do
+		# There have been some changes to the policy store, rebuilding now.
+		# https://marc.info/?l=selinux&m=143757277819717&w=2
+		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
+		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+	done
+}
diff --git a/sys-apps/policycoreutils/policycoreutils-9999.ebuild b/sys-apps/policycoreutils/policycoreutils-9999.ebuild
new file mode 100644
index 000000000000..9996621df2c0
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-9999.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+PYTHON_REQ_USE="xml"
+
+inherit multilib python-r1 toolchain-funcs bash-completion-r1
+
+MY_P="${P//_/-}"
+
+MY_RELEASEDATE="20170804"
+EXTRAS_VER="1.36"
+SEMNG_VER="${PV}"
+SELNX_VER="${PV}"
+SEPOL_VER="${PV}"
+
+IUSE="audit pam dbus"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	S1="${WORKDIR}/${MY_P}/${PN}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+else
+	SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz
+		https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
+	S1="${WORKDIR}/${MY_P}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+
+DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python,${PYTHON_USEDEP}]
+	>=sys-libs/glibc-2.4
+	>=sys-libs/libcap-1.10-r10:=
+	>=sys-libs/libsemanage-${SEMNG_VER}:=[python,${PYTHON_USEDEP}]
+	sys-libs/libcap-ng:=
+	>=sys-libs/libsepol-${SEPOL_VER}:=
+	>=app-admin/setools-4.1.1[${PYTHON_USEDEP}]
+	sys-devel/gettext
+	dev-python/ipy[${PYTHON_USEDEP}]
+	dbus? (
+		sys-apps/dbus
+		dev-libs/dbus-glib:=
+	)
+	audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
+	pam? ( sys-libs/pam:= )
+	${PYTHON_DEPS}
+	!<sec-policy/selinux-base-policy-2.20151208-r6"
+# 2.20151208-r6 and higher has support for new setfiles
+
+### libcgroup -> seunshare
+### dbus -> restorecond
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${DEPEND}
+	app-misc/pax-utils
+	!<sys-apps/openrc-0.14"
+
+PDEPEND="sys-apps/semodule-utils
+	sys-apps/selinux-python"
+
+src_unpack() {
+	# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
+	default
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	fi
+}
+
+src_prepare() {
+	S="${S1}"
+	cd "${S}" || die "Failed to switch to ${S}"
+	if [[ ${PV} != 9999 ]] ; then
+		# If needed for live ebuilds please use /etc/portage/patches
+		eapply "${FILESDIR}/policycoreutils-2.7-0001-newrole-not-suid.patch"
+	fi
+
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+
+	eapply_user
+
+	sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
+}
+
+src_compile() {
+	building() {
+		emake -C "${BUILD_DIR}" \
+			AUDIT_LOG_PRIVS="y" \
+			AUDITH="$(usex audit y n)" \
+			PAMH="$(usex pam y n)" \
+			INOTIFYH="$(usex dbus y n)" \
+			SESANDBOX="n" \
+			CC="$(tc-getCC)" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)"
+	}
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
+}
+
+src_install() {
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
+		einfo "Installing policycoreutils"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" \
+			AUDITH="$(usex audit y n)" \
+			PAMH="$(usex pam y n)" \
+			INOTIFYH="$(usex dbus y n)" \
+			SESANDBOX="n" \
+			AUDIT_LOG_PRIV="y" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			install
+		python_optimize
+	}
+
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" \
+			DESTDIR="${D}" \
+			INOTIFYH="$(usex dbus)" \
+			SHLIBDIR="${D}$(get_libdir)/rc" \
+			install
+		python_optimize
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d" || die
+
+	# compatibility symlinks
+	dosym /sbin/setfiles /usr/sbin/setfiles
+	bashcomp_alias setsebool getsebool
+
+	# location for policy definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
+
+	# Set version-specific scripts
+	for pyscript in rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+}
+
+pkg_postinst() {
+	for POLICY_TYPE in ${POLICY_TYPES} ; do
+		# There have been some changes to the policy store, rebuilding now.
+		# https://marc.info/?l=selinux&m=143757277819717&w=2
+		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
+		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+	done
+}