Gentoo Packages

Posted: 2026-04-26 by Rahul Sandhu | Revision: 2

Format:: 2.0
Display if installed:: sec-policy/selinux-base
Display if profile:: default/linux/amd64/23.0/hardened/selinux
Display if profile:: default/linux/amd64/23.0/hardened/selinux/systemd
Display if profile:: default/linux/amd64/23.0/musl/hardened/selinux
Display if profile:: default/linux/amd64/23.0/no-multilib/hardened/selinux
Display if profile:: default/linux/amd64/23.0/no-multilib/hardened/selinux/systemd
Display if profile:: default/linux/amd64/23.0/split-usr/hardened/selinux
Display if profile:: default/linux/amd64/23.0/split-usr/musl/hardened/selinux
Display if profile:: default/linux/amd64/23.0/split-usr/no-multilib/hardened/selinux
Display if profile:: default/linux/amd64/23.0/split-usr/no-multilib/selinux
Display if profile:: default/linux/arm/23.0/armv6j_hf/hardened/selinux
Display if profile:: default/linux/arm/23.0/armv6j_hf/musl/hardened/selinux
Display if profile:: default/linux/arm/23.0/armv6j_sf/hardened/selinux
Display if profile:: default/linux/arm/23.0/armv7a_hf/hardened/selinux
Display if profile:: default/linux/arm/23.0/armv7a_hf/musl/hardened/selinux
Display if profile:: default/linux/arm/23.0/armv7a_sf/hardened/selinux
Display if profile:: default/linux/arm/23.0/split-usr/armv6j_hf/hardened/selinux
Display if profile:: default/linux/arm/23.0/split-usr/armv6j_hf/musl/hardened/selinux
Display if profile:: default/linux/arm/23.0/split-usr/armv6j_sf/hardened/selinux
Display if profile:: default/linux/arm/23.0/split-usr/armv7a_hf/hardened/selinux
Display if profile:: default/linux/arm/23.0/split-usr/armv7a_hf/musl/hardened/selinux
Display if profile:: default/linux/arm/23.0/split-usr/armv7a_sf/hardened/selinux
Display if profile:: default/linux/arm64/23.0/hardened/selinux
Display if profile:: default/linux/arm64/23.0/hardened/selinux/systemd
Display if profile:: default/linux/arm64/23.0/musl/hardened/selinux
Display if profile:: default/linux/arm64/23.0/split-usr/hardened/selinux
Display if profile:: default/linux/arm64/23.0/split-usr/musl/hardened/selinux
Display if profile:: default/linux/x86/23.0/i486/hardened/selinux
Display if profile:: default/linux/x86/23.0/i486/musl/selinux
Display if profile:: default/linux/x86/23.0/i486/split-usr/hardened/selinux
Display if profile:: default/linux/x86/23.0/i486/split-usr/musl/selinux
Display if profile:: default/linux/x86/23.0/i486/time64/hardened/selinux
Display if profile:: default/linux/x86/23.0/i486/time64/split-usr/hardened/selinux
Display if profile:: default/linux/x86/23.0/i686/hardened/selinux
Display if profile:: default/linux/x86/23.0/i686/musl/selinux
Display if profile:: default/linux/x86/23.0/i686/split-usr/hardened/selinux
Display if profile:: default/linux/x86/23.0/i686/split-usr/musl/selinux
Display if profile:: default/linux/x86/23.0/i686/time64/hardened/selinux
Display if profile:: default/linux/x86/23.0/i686/time64/split-usr/hardened/selinux

What Changed ============

The SELinux policy packages have all been bumped to EAPI 8.

POLICY_TYPES, which used to be an environment variable, is now a USE expand named SELINUX_POLICY_TYPES. The use of USE_EXPAND fixes some longstanding bugs and allows users to switch policy types more easily.

Whilst the POLICY_TYPES environment variable is considered deprecated going forward, it is still necessary to keep it set (and in sync with SELINUX_POLICY_TYPES) until you are certain that all installed policy packages on your system have been updated.

Please read on for further instructions.

For Users ========= Set SELINUX_POLICY_TYPES in your package.use to match what POLICY_TYPES is currently set to. To get the current value of POLICY_TYPES:

$ portageq envvar POLICY_TYPES

And to set SELINUX_POLICY_TYPES:

# echo 'SELINUX_POLICY_TYPES="mcs"' >>/etc/portage/make.conf

OR

# echo "sec-policy/* SELINUX_POLICY_TYPES: mcs" >>/etc/portage/package.use/selinux-policy

Then, update the system to install the updated policy packages:

# emerge --verbose --ask --update --deep --newuse @world

DO NOT unset POLICY_TYPES until you are certain that all of the policy packages installed have been updated to use EAPI 8 (or above). You can use this command to find all outdated installed policy packages that have not been updated yet:

$ qgrep -eNJ 'EAPI="\?7"\?' 'sec-policy/*'

If the above command returns an empty list, then it is safe to remove the POLICY_TYPES variable.

For Overlay Maintainers ======================= In your SELinux policy packages, bump the EAPI variable to EAPI=8. If your packages have any form of dependency on another policy package, it is neccessary to constrain their USE flags with the new eclass variable SELINUX_POLICY_USEDEP. See selinux-policy-2.eclass(5) for more details.

SELinux Policy EAPI 8 Migration