Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.gentoo.dev > #70455

[gentoo-dev] [PATCH v2] 2026-04-23-selinux-policy-eapi-8: add news item

Show all headers | View raw

Signed-off-by: Rahul Sandhu <nvraxn@posteo.uk>
---
 .../2026-04-23-selinux-policy-eapi-8.en.txt   | 136 ++++++++++++++++++
 1 file changed, 136 insertions(+)
 create mode 100644 2026-04-23-selinux-policy-eapi-8/2026-04-23-selinux-policy-eapi-8.en.txt

diff --git a/2026-04-23-selinux-policy-eapi-8/2026-04-23-selinux-policy-eapi-8.en.txt b/2026-04-23-selinux-policy-eapi-8/2026-04-23-selinux-policy-eapi-8.en.txt
new file mode 100644
index 0000000..7b134b0
--- /dev/null
+++ b/2026-04-23-selinux-policy-eapi-8/2026-04-23-selinux-policy-eapi-8.en.txt
@@ -0,0 +1,136 @@
+Title: SELinux Policy EAPI 8 Migration
+Author: Rahul Sandhu <nvraxn@posteo.uk>
+Posted: 2026-04-23
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: sec-policy/selinux-base
+Display-If-Profile: default/linux/amd64/17.0/hardened/selinux
+Display-If-Profile: default/linux/amd64/17.0/musl/hardened/selinux
+Display-If-Profile: default/linux/amd64/17.0/no-multilib/hardened/selinux
+Display-If-Profile: default/linux/amd64/17.0/selinux
+Display-If-Profile: default/linux/amd64/17.1/hardened/selinux
+Display-If-Profile: default/linux/amd64/17.1/no-multilib/hardened/selinux
+Display-If-Profile: default/linux/amd64/17.1/no-multilib/systemd/selinux
+Display-If-Profile: default/linux/amd64/17.1/selinux
+Display-If-Profile: default/linux/amd64/17.1/systemd/selinux
+Display-If-Profile: default/linux/amd64/23.0/hardened/selinux
+Display-If-Profile: default/linux/amd64/23.0/musl/hardened/selinux
+Display-If-Profile: default/linux/amd64/23.0/no-multilib/hardened/selinux
+Display-If-Profile: default/linux/amd64/23.0/split-usr/hardened/selinux
+Display-If-Profile: default/linux/amd64/23.0/split-usr/musl/hardened/selinux
+Display-If-Profile: default/linux/amd64/23.0/split-usr/no-multilib/hardened/selinux
+Display-If-Profile: default/linux/amd64/23.0/split-usr/no-multilib/selinux
+Display-If-Profile: default/linux/arm/17.0/armv4t/selinux
+Display-If-Profile: default/linux/arm/17.0/armv5te/selinux
+Display-If-Profile: default/linux/arm/17.0/armv6j/hardened/selinux
+Display-If-Profile: default/linux/arm/17.0/armv6j/selinux
+Display-If-Profile: default/linux/arm/17.0/armv7a/hardened/selinux
+Display-If-Profile: default/linux/arm/17.0/armv7a/selinux
+Display-If-Profile: default/linux/arm/17.0/musl/armv6j/hardened/selinux
+Display-If-Profile: default/linux/arm/17.0/musl/armv7a/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/armv4t/selinux
+Display-If-Profile: default/linux/arm/23.0/armv5te/selinux
+Display-If-Profile: default/linux/arm/23.0/armv6j_hf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/armv6j_hf/musl/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/armv6j_sf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/armv7a_hf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/armv7a_hf/musl/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/armv7a_sf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/split-usr/armv4t/selinux
+Display-If-Profile: default/linux/arm/23.0/split-usr/armv5te/selinux
+Display-If-Profile: default/linux/arm/23.0/split-usr/armv6j_hf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/split-usr/armv6j_hf/musl/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/split-usr/armv6j_sf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/split-usr/armv6j_sf/selinux
+Display-If-Profile: default/linux/arm/23.0/split-usr/armv7a_hf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/split-usr/armv7a_hf/musl/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/split-usr/armv7a_sf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/armv5te/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/armv6j_hf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/armv6j_sf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/armv7a_hf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/armv7a_sf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/split-usr/armv5te/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/split-usr/armv6j_hf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/split-usr/armv6j_sf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/split-usr/armv6j_sf/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/split-usr/armv7a_hf/hardened/selinux
+Display-If-Profile: default/linux/arm/23.0/time64/split-usr/armv7a_sf/hardened/selinux
+Display-If-Profile: default/linux/arm64/17.0/hardened/selinux
+Display-If-Profile: default/linux/arm64/17.0/musl/hardened/selinux
+Display-If-Profile: default/linux/arm64/17.0/selinux
+Display-If-Profile: default/linux/arm64/17.0/systemd/selinux
+Display-If-Profile: default/linux/arm64/23.0/hardened/selinux
+Display-If-Profile: default/linux/arm64/23.0/musl/hardened/selinux
+Display-If-Profile: default/linux/arm64/23.0/split-usr/hardened/selinux
+Display-If-Profile: default/linux/arm64/23.0/split-usr/musl/hardened/selinux
+Display-If-Profile: default/linux/x86/17.0/hardened/selinux
+Display-If-Profile: default/linux/x86/17.0/musl/selinux
+Display-If-Profile: default/linux/x86/17.0/selinux
+Display-If-Profile: default/linux/x86/23.0/i486/hardened/selinux
+Display-If-Profile: default/linux/x86/23.0/i486/musl/selinux
+Display-If-Profile: default/linux/x86/23.0/i486/split-usr/hardened/selinux
+Display-If-Profile: default/linux/x86/23.0/i486/split-usr/musl/selinux
+Display-If-Profile: default/linux/x86/23.0/i486/time64/hardened/selinux
+Display-If-Profile: default/linux/x86/23.0/i486/time64/split-usr/hardened/selinux
+Display-If-Profile: default/linux/x86/23.0/i686/hardened/selinux
+Display-If-Profile: default/linux/x86/23.0/i686/musl/selinux
+Display-If-Profile: default/linux/x86/23.0/i686/split-usr/hardened/selinux
+Display-If-Profile: default/linux/x86/23.0/i686/split-usr/musl/selinux
+Display-If-Profile: default/linux/x86/23.0/i686/time64/hardened/selinux
+Display-If-Profile: default/linux/x86/23.0/i686/time64/split-usr/hardened/selinux
+
+What Changed
+============
+
+The SELinux policy packages have all been bumped to EAPI 8.
+
+POLICY_TYPES, which used to be an environment variable, is now a USE
+expand named SELINUX_POLICY_TYPES. The use of USE_EXPAND fixes some
+longstanding bugs and allows users to switch policy types more easily.
+
+Whilst the POLICY_TYPES environment variable is considered deprecated
+going forward, it is still necessary to keep it set (and in sync with
+SELINUX_POLICY_TYPES) until you are certain that all installed policy
+packages on your system have been updated.
+
+Please read on for further instructions.
+
+For Users
+=========
+Set SELINUX_POLICY_TYPES in your package.use to match what POLICY_TYPES
+is currently set to. To get the current value of POLICY_TYPES:
+
+$ portageq envvar POLICY_TYPES
+
+And to set SELINUX_POLICY_TYPES:
+
+# echo 'SELINUX_POLICY_TYPES="mcs"' >>/etc/portage/make.conf
+
+OR
+
+# echo "sec-policy/* SELINUX_POLICY_TYPES: mcs" >>/etc/portage/package.use/selinux-policy
+
+Then, update the system to install the updated policy packages:
+
+# emerge --verbose --ask --update --deep --newuse @world
+
+DO NOT unset POLICY_TYPES until you are certain that all of the policy
+packages installed have been updated to use EAPI 8 (or above). You can
+use this command to find all outdated installed policy packages that
+have not been updated yet:
+
+$ for pkg in $(qlist -Iv '^sec-policy/selinux-*'); do
+  	[[ $(cat "/var/db/pkg/${pkg}/EAPI") -lt 8 ]] && echo "${pkg}";
+  done
+
+If the above command returns an empty list, then it is safe to remove
+the POLICY_TYPES variable.
+
+For Overlay Maintainers
+=======================
+In your SELinux policy packages, bump the EAPI variable to EAPI=8. If
+your packages have any form of dependency on another policy package,
+it is neccessary to constrain their USE flags with the new eclass
+variable SELINUX_POLICY_USEDEP. See selinux-policy-2.eclass(5) for more
+details.
-- 
2.53.0

Back to linux.gentoo.dev | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

[gentoo-dev] [PATCH] 2026-04-07-selinux-policy-eapi-8: add news item Rahul Sandhu <nvraxn@posteo.uk> - 2026-04-07 23:50 +0200
  Re: [gentoo-dev] [PATCH] 2026-04-07-selinux-policy-eapi-8: add news  item Kenton Groombridge <concord@gentoo.org> - 2026-04-08 01:50 +0200
    Re: [gentoo-dev] [PATCH] 2026-04-07-selinux-policy-eapi-8: add news  item "Rahul Sandhu" <nvraxn@posteo.uk> - 2026-04-08 11:10 +0200
      Re: [gentoo-dev] [PATCH] 2026-04-07-selinux-policy-eapi-8: add news  item Kenton Groombridge <concord@gentoo.org> - 2026-04-08 16:10 +0200
        [gentoo-dev] [PATCH v2] 2026-04-23-selinux-policy-eapi-8: add news item Rahul Sandhu <nvraxn@posteo.uk> - 2026-04-23 20:40 +0200
          [gentoo-dev] [PATCH v3] 2026-04-23-selinux-policy-eapi-8: add news item Rahul Sandhu <nvraxn@posteo.uk> - 2026-04-24 01:20 +0200
            Re: [gentoo-dev] [PATCH v3] 2026-04-23-selinux-policy-eapi-8: add  news item Sam James <sam@gentoo.org> - 2026-04-30 02:40 +0200
            Re: [gentoo-dev] [PATCH v3] 2026-04-23-selinux-policy-eapi-8: add  news item Eli Schwartz <eschwartz@gentoo.org> - 2026-04-30 03:10 +0200
  [gentoo-dev] Re: [PATCH] 2026-04-07-selinux-policy-eapi-8: add news item Sam James <sam@gentoo.org> - 2026-04-08 02:40 +0200

csiph-web