1 files changed, 13 insertions, 1 deletions

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20210908-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20210908-r1.ebuild
index 76791df9dcb2..cb444f4de09d 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20210908-r1.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20210908-r1.ebuild
@@ -12,7 +12,7 @@ if [[ ${PV} == 9999* ]]; then
 else
 	SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
 			https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
-	KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
+	KEYWORDS="amd64 arm arm64 ~mips x86"
 fi
 
 HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
@@ -28,6 +28,7 @@ BDEPEND="
 	sys-devel/m4"
 
 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
+DEL_MODS="hotplug"
 LICENSE="GPL-2"
 SLOT="0"
 S="${WORKDIR}/"
@@ -60,6 +61,10 @@ src_prepare() {
 		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
 	done
 
+	for i in ${DEL_MODS}; do
+		[[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}"
+	done
+
 	for i in ${POLICY_TYPES}; do
 		mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
 		cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
@@ -111,6 +116,13 @@ pkg_postinst() {
 		cd "${ROOT}/usr/share/selinux/${i}"
 
 		semodule ${root_opts} -s ${i} ${COMMAND}
+
+		for mod in ${DEL_MODS}; do
+			if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then
+				einfo "Removing obsolete ${i} ${mod} policy package"
+				semodule ${root_opts} -s ${i} -r ${mod}
+			fi
+		done
 	done
 
 	# Don't relabel when cross compiling