Added new features/selinux profile. Bug #365483

9 files changed, 557 insertions, 0 deletions

diff --git a/profiles/features/selinux/make.defaults b/profiles/features/selinux/make.defaults
new file mode 100644
index 000000000000..ebcfce01df00
--- /dev/null
+++ b/profiles/features/selinux/make.defaults
@@ -0,0 +1,13 @@
+# Copyright 1999-2011 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/features/selinux/make.defaults,v 1.1 2011/05/17 10:46:49 blueness Exp $
+#
+
+USE="-acl selinux open_perms"
+
+FEATURES="selinux sesandbox sfperms"
+
+POLICY_TYPES="strict targeted"
+PORTAGE_T="portage_t"
+PORTAGE_FETCH_T="portage_fetch_t"
+PORTAGE_SANDBOX_T="portage_sandbox_t"
diff --git a/profiles/features/selinux/package.mask b/profiles/features/selinux/package.mask
new file mode 100644
index 000000000000..a8789eea938f
--- /dev/null
+++ b/profiles/features/selinux/package.mask
@@ -0,0 +1,436 @@
+# $Header: /var/cvsroot/gentoo-x86/profiles/features/selinux/package.mask,v 1.1 2011/05/17 10:46:49 blueness Exp $
+
+# >=sci-libs/acml-3.6 requires gcc-4.2.
+>=sci-libs/acml-3.6
+
+# Diego E. Pettenò <flameeyes@gentoo.org> (25 Apr 2010)
+#  on behalf of QA team <qa@gentoo.org
+#
+# Mask SElinux packages on all the profile and unmask it only for
+# selinux itself; automagic dependencies can break systems otherwise
+#
+# Please keep this mask in sync between profiles/package.mask and
+# selinux/package.mask (with - prefix there).
+-app-admin/setools
+-dev-python/python-selinux
+-dev-python/sepolgen
+-sys-apps/checkpolicy
+-sys-apps/policycoreutils
+-sys-libs/libselinux
+-sys-libs/libsemanage
+-sec-policy/selinux-acct
+-sec-policy/selinux-acpi
+-sec-policy/selinux-ada
+-sec-policy/selinux-afs
+-sec-policy/selinux-aide
+-sec-policy/selinux-alsa
+-sec-policy/selinux-amanda
+-sec-policy/selinux-amavis
+-sec-policy/selinux-apache
+-sec-policy/selinux-apcupsd
+-sec-policy/selinux-apm
+-sec-policy/selinux-arpwatch
+-sec-policy/selinux-asterisk
+-sec-policy/selinux-audio-entropyd
+-sec-policy/selinux-automount
+-sec-policy/selinux-avahi
+-sec-policy/selinux-awstats
+-sec-policy/selinux-base-policy
+-sec-policy/selinux-bind
+-sec-policy/selinux-bitlbee
+-sec-policy/selinux-bluetooth
+-sec-policy/selinux-bluez
+-sec-policy/selinux-brctl
+-sec-policy/selinux-calamaris
+-sec-policy/selinux-canna
+-sec-policy/selinux-ccs
+-sec-policy/selinux-cdrecord
+-sec-policy/selinux-cgroup
+-sec-policy/selinux-chronyd
+-sec-policy/selinux-clamav
+-sec-policy/selinux-clockspeed
+-sec-policy/selinux-consolekit
+-sec-policy/selinux-corosync
+-sec-policy/selinux-courier
+-sec-policy/selinux-courier-imap
+-sec-policy/selinux-cpucontrol
+-sec-policy/selinux-cpufreqselector
+-sec-policy/selinux-cups
+-sec-policy/selinux-cvs
+-sec-policy/selinux-cyphesis
+-sec-policy/selinux-cyrus-sasl
+-sec-policy/selinux-daemontools
+-sec-policy/selinux-dante
+-sec-policy/selinux-dbskk
+-sec-policy/selinux-dbus
+-sec-policy/selinux-dcc
+-sec-policy/selinux-ddclient
+-sec-policy/selinux-ddcprobe
+-sec-policy/selinux-desktop
+-sec-policy/selinux-dhcp
+-sec-policy/selinux-dictd
+-sec-policy/selinux-distcc
+-sec-policy/selinux-djbdns
+-sec-policy/selinux-dkim
+-sec-policy/selinux-dmidecode
+-sec-policy/selinux-dnsmasq
+-sec-policy/selinux-dovecot
+-sec-policy/selinux-evolution
+-sec-policy/selinux-exim
+-sec-policy/selinux-fail2ban
+-sec-policy/selinux-fetchmail
+-sec-policy/selinux-finger
+-sec-policy/selinux-fprintd
+-sec-policy/selinux-ftpd
+-sec-policy/selinux-games
+-sec-policy/selinux-gatekeeper
+-sec-policy/selinux-gift
+-sec-policy/selinux-gitosis
+-sec-policy/selinux-gnome
+-sec-policy/selinux-gnupg
+-sec-policy/selinux-gorg
+-sec-policy/selinux-gpm
+-sec-policy/selinux-gpsd
+-sec-policy/selinux-hddtemp
+-sec-policy/selinux-icecast
+-sec-policy/selinux-ifplugd
+-sec-policy/selinux-imaze
+-sec-policy/selinux-inetd
+-sec-policy/selinux-inn
+-sec-policy/selinux-ipsec-tools
+-sec-policy/selinux-ircd
+-sec-policy/selinux-irqbalance
+-sec-policy/selinux-jabber-server
+-sec-policy/selinux-java
+-sec-policy/selinux-kdump
+-sec-policy/selinux-kerberos
+-sec-policy/selinux-kerneloops
+-sec-policy/selinux-kismet
+-sec-policy/selinux-ksmtuned
+-sec-policy/selinux-kudzu
+-sec-policy/selinux-ldap
+-sec-policy/selinux-links
+-sec-policy/selinux-lircd
+-sec-policy/selinux-loadkeys
+-sec-policy/selinux-lockdev
+-sec-policy/selinux-logrotate
+-sec-policy/selinux-logwatch
+-sec-policy/selinux-lpd
+-sec-policy/selinux-mailman
+-sec-policy/selinux-mcelog
+-sec-policy/selinux-memcached
+-sec-policy/selinux-milter
+-sec-policy/selinux-modemmanager
+-sec-policy/selinux-mono
+-sec-policy/selinux-mozilla
+-sec-policy/selinux-mplayer
+-sec-policy/selinux-mrtg
+-sec-policy/selinux-mta
+-sec-policy/selinux-munin
+-sec-policy/selinux-mutt
+-sec-policy/selinux-mysql
+-sec-policy/selinux-nagios
+-sec-policy/selinux-nessus
+-sec-policy/selinux-networkmanager
+-sec-policy/selinux-nfs
+-sec-policy/selinux-ntop
+-sec-policy/selinux-ntp
+-sec-policy/selinux-nut
+-sec-policy/selinux-nx
+-sec-policy/selinux-oidentd
+-sec-policy/selinux-openct
+-sec-policy/selinux-openldap
+-sec-policy/selinux-openvpn
+-sec-policy/selinux-pcmcia
+-sec-policy/selinux-perdition
+-sec-policy/selinux-podsleuth
+-sec-policy/selinux-policykit
+-sec-policy/selinux-portmap
+-sec-policy/selinux-postfix
+-sec-policy/selinux-postgresql
+-sec-policy/selinux-postgrey
+-sec-policy/selinux-ppp
+-sec-policy/selinux-prelink
+-sec-policy/selinux-prelude
+-sec-policy/selinux-privoxy
+-sec-policy/selinux-procmail
+-sec-policy/selinux-psad
+-sec-policy/selinux-publicfile
+-sec-policy/selinux-pulseaudio
+-sec-policy/selinux-puppet
+-sec-policy/selinux-pyicqt
+-sec-policy/selinux-pyzor
+-sec-policy/selinux-qemu
+-sec-policy/selinux-qmail
+-sec-policy/selinux-quota
+-sec-policy/selinux-radius
+-sec-policy/selinux-radvd
+-sec-policy/selinux-razor
+-sec-policy/selinux-rgmanager
+-sec-policy/selinux-roundup
+-sec-policy/selinux-rpc
+-sec-policy/selinux-rpcbind
+-sec-policy/selinux-rssh
+-sec-policy/selinux-rtkit
+-sec-policy/selinux-samba
+-sec-policy/selinux-sasl
+-sec-policy/selinux-screen
+-sec-policy/selinux-sendmail
+-sec-policy/selinux-shorewall
+-sec-policy/selinux-shutdown
+-sec-policy/selinux-skype
+-sec-policy/selinux-slocate
+-sec-policy/selinux-slrnpull
+-sec-policy/selinux-smartmon
+-sec-policy/selinux-smokeping
+-sec-policy/selinux-snmpd
+-sec-policy/selinux-snort
+-sec-policy/selinux-soundserver
+-sec-policy/selinux-spamassassin
+-sec-policy/selinux-speedtouch
+-sec-policy/selinux-squid
+-sec-policy/selinux-stunnel
+-sec-policy/selinux-sudo
+-sec-policy/selinux-sxid
+-sec-policy/selinux-sysstat
+-sec-policy/selinux-tcpd
+-sec-policy/selinux-telnet
+-sec-policy/selinux-tftpd
+-sec-policy/selinux-tgtd
+-sec-policy/selinux-thunderbird
+-sec-policy/selinux-timidity
+-sec-policy/selinux-tmpreaper
+-sec-policy/selinux-tor
+-sec-policy/selinux-tripwire
+-sec-policy/selinux-tvtime
+-sec-policy/selinux-ucspi-tcp
+-sec-policy/selinux-ulogd
+-sec-policy/selinux-uml
+-sec-policy/selinux-uptime
+-sec-policy/selinux-usbmuxd
+-sec-policy/selinux-varnishd
+-sec-policy/selinux-vbetool
+-sec-policy/selinux-vde
+-sec-policy/selinux-virt
+-sec-policy/selinux-vlock
+-sec-policy/selinux-vmware
+-sec-policy/selinux-vpn
+-sec-policy/selinux-watchdog
+-sec-policy/selinux-webalizer
+-sec-policy/selinux-wine
+-sec-policy/selinux-wireshark
+-sec-policy/selinux-xen
+-sec-policy/selinux-xfce4
+-sec-policy/selinux-xfs
+-sec-policy/selinux-xscreensaver
+-sec-policy/selinux-xserver
+-sec-policy/selinux-zabbix
+
+# force version 2.YYYYMMDD policy over version YYYYMMDD policy
+>=sec-policy/selinux-acct-3
+>=sec-policy/selinux-acpi-3
+>=sec-policy/selinux-ada-3
+>=sec-policy/selinux-afs-3
+>=sec-policy/selinux-aide-3
+>=sec-policy/selinux-alsa-3
+>=sec-policy/selinux-amanda-3
+>=sec-policy/selinux-amavis-3
+>=sec-policy/selinux-apache-3
+>=sec-policy/selinux-apcupsd-3
+>=sec-policy/selinux-apm-3
+>=sec-policy/selinux-arpwatch-3
+>=sec-policy/selinux-asterisk-3
+>=sec-policy/selinux-audio-entropyd-3
+>=sec-policy/selinux-automount-3
+>=sec-policy/selinux-avahi-3
+>=sec-policy/selinux-awstats-3
+>=sec-policy/selinux-base-policy-3
+>=sec-policy/selinux-bind-3
+>=sec-policy/selinux-bitlbee-3
+>=sec-policy/selinux-bluetooth-3
+>=sec-policy/selinux-bluez-3
+>=sec-policy/selinux-brctl-3
+>=sec-policy/selinux-calamaris-3
+>=sec-policy/selinux-canna-3
+>=sec-policy/selinux-ccs-3
+>=sec-policy/selinux-cdrecord-3
+>=sec-policy/selinux-cgroup-3
+>=sec-policy/selinux-chronyd-3
+>=sec-policy/selinux-clamav-3
+>=sec-policy/selinux-clockspeed-3
+>=sec-policy/selinux-consolekit-3
+>=sec-policy/selinux-corosync-3
+>=sec-policy/selinux-courier-3
+>=sec-policy/selinux-courier-imap-3
+>=sec-policy/selinux-cpucontrol-3
+>=sec-policy/selinux-cpufreqselector-3
+>=sec-policy/selinux-cups-3
+>=sec-policy/selinux-cvs-3
+>=sec-policy/selinux-cyphesis-3
+>=sec-policy/selinux-cyrus-sasl-3
+>=sec-policy/selinux-daemontools-3
+>=sec-policy/selinux-dante-3
+>=sec-policy/selinux-dbskk-3
+>=sec-policy/selinux-dbus-3
+>=sec-policy/selinux-dcc-3
+>=sec-policy/selinux-ddclient-3
+>=sec-policy/selinux-ddcprobe-3
+>=sec-policy/selinux-desktop-3
+>=sec-policy/selinux-dhcp-3
+>=sec-policy/selinux-dictd-3
+>=sec-policy/selinux-distcc-3
+>=sec-policy/selinux-djbdns-3
+>=sec-policy/selinux-dkim-3
+>=sec-policy/selinux-dmidecode-3
+>=sec-policy/selinux-dnsmasq-3
+>=sec-policy/selinux-dovecot-3
+>=sec-policy/selinux-evolution-3
+>=sec-policy/selinux-exim-3
+>=sec-policy/selinux-fail2ban-3
+>=sec-policy/selinux-fetchmail-3
+>=sec-policy/selinux-finger-3
+>=sec-policy/selinux-fprintd-3
+>=sec-policy/selinux-ftpd-3
+>=sec-policy/selinux-games-3
+>=sec-policy/selinux-gatekeeper-3
+>=sec-policy/selinux-gift-3
+>=sec-policy/selinux-gitosis-3
+>=sec-policy/selinux-gnome-3
+>=sec-policy/selinux-gnupg-3
+>=sec-policy/selinux-gorg-3
+>=sec-policy/selinux-gpm-3
+>=sec-policy/selinux-gpsd-3
+>=sec-policy/selinux-hddtemp-3
+>=sec-policy/selinux-icecast-3
+>=sec-policy/selinux-ifplugd-3
+>=sec-policy/selinux-imaze-3
+>=sec-policy/selinux-inetd-3
+>=sec-policy/selinux-inn-3
+>=sec-policy/selinux-ipsec-tools-3
+>=sec-policy/selinux-ircd-3
+>=sec-policy/selinux-irqbalance-3
+>=sec-policy/selinux-jabber-server-3
+>=sec-policy/selinux-java-3
+>=sec-policy/selinux-kdump-3
+>=sec-policy/selinux-kerberos-3
+>=sec-policy/selinux-kerneloops-3
+>=sec-policy/selinux-kismet-3
+>=sec-policy/selinux-ksmtuned-3
+>=sec-policy/selinux-kudzu-3
+>=sec-policy/selinux-ldap-3
+>=sec-policy/selinux-links-3
+>=sec-policy/selinux-lircd-3
+>=sec-policy/selinux-loadkeys-3
+>=sec-policy/selinux-lockdev-3
+>=sec-policy/selinux-logrotate-3
+>=sec-policy/selinux-logwatch-3
+>=sec-policy/selinux-lpd-3
+>=sec-policy/selinux-mailman-3
+>=sec-policy/selinux-mcelog-3
+>=sec-policy/selinux-memcached-3
+>=sec-policy/selinux-milter-3
+>=sec-policy/selinux-modemmanager-3
+>=sec-policy/selinux-mono-3
+>=sec-policy/selinux-mozilla-3
+>=sec-policy/selinux-mplayer-3
+>=sec-policy/selinux-mrtg-3
+>=sec-policy/selinux-mta-3
+>=sec-policy/selinux-munin-3
+>=sec-policy/selinux-mutt-3
+>=sec-policy/selinux-mysql-3
+>=sec-policy/selinux-nagios-3
+>=sec-policy/selinux-nessus-3
+>=sec-policy/selinux-networkmanager-3
+>=sec-policy/selinux-nfs-3
+>=sec-policy/selinux-ntop-3
+>=sec-policy/selinux-ntp-3
+>=sec-policy/selinux-nut-3
+>=sec-policy/selinux-nx-3
+>=sec-policy/selinux-oidentd-3
+>=sec-policy/selinux-openct-3
+>=sec-policy/selinux-openldap-3
+>=sec-policy/selinux-openvpn-3
+>=sec-policy/selinux-pcmcia-3
+>=sec-policy/selinux-perdition-3
+>=sec-policy/selinux-podsleuth-3
+>=sec-policy/selinux-policykit-3
+>=sec-policy/selinux-portmap-3
+>=sec-policy/selinux-postfix-3
+>=sec-policy/selinux-postgresql-3
+>=sec-policy/selinux-postgrey-3
+>=sec-policy/selinux-ppp-3
+>=sec-policy/selinux-prelink-3
+>=sec-policy/selinux-prelude-3
+>=sec-policy/selinux-privoxy-3
+>=sec-policy/selinux-procmail-3
+>=sec-policy/selinux-psad-3
+>=sec-policy/selinux-publicfile-3
+>=sec-policy/selinux-pulseaudio-3
+>=sec-policy/selinux-puppet-3
+>=sec-policy/selinux-pyicqt-3
+>=sec-policy/selinux-pyzor-3
+>=sec-policy/selinux-qemu-3
+>=sec-policy/selinux-qmail-3
+>=sec-policy/selinux-quota-3
+>=sec-policy/selinux-radius-3
+>=sec-policy/selinux-radvd-3
+>=sec-policy/selinux-razor-3
+>=sec-policy/selinux-rgmanager-3
+>=sec-policy/selinux-roundup-3
+>=sec-policy/selinux-rpc-3
+>=sec-policy/selinux-rpcbind-3
+>=sec-policy/selinux-rssh-3
+>=sec-policy/selinux-rtkit-3
+>=sec-policy/selinux-samba-3
+>=sec-policy/selinux-sasl-3
+>=sec-policy/selinux-screen-3
+>=sec-policy/selinux-sendmail-3
+>=sec-policy/selinux-shorewall-3
+>=sec-policy/selinux-shutdown-3
+>=sec-policy/selinux-skype-3
+>=sec-policy/selinux-slocate-3
+>=sec-policy/selinux-slrnpull-3
+>=sec-policy/selinux-smartmon-3
+>=sec-policy/selinux-smokeping-3
+>=sec-policy/selinux-snmpd-3
+>=sec-policy/selinux-snort-3
+>=sec-policy/selinux-soundserver-3
+>=sec-policy/selinux-spamassassin-3
+>=sec-policy/selinux-speedtouch-3
+>=sec-policy/selinux-squid-3
+>=sec-policy/selinux-stunnel-3
+>=sec-policy/selinux-sudo-3
+>=sec-policy/selinux-sxid-3
+>=sec-policy/selinux-sysstat-3
+>=sec-policy/selinux-tcpd-3
+>=sec-policy/selinux-telnet-3
+>=sec-policy/selinux-tftpd-3
+>=sec-policy/selinux-tgtd-3
+>=sec-policy/selinux-thunderbird-3
+>=sec-policy/selinux-timidity-3
+>=sec-policy/selinux-tmpreaper-3
+>=sec-policy/selinux-tor-3
+>=sec-policy/selinux-tripwire-3
+>=sec-policy/selinux-tvtime-3
+>=sec-policy/selinux-ucspi-tcp-3
+>=sec-policy/selinux-ulogd-3
+>=sec-policy/selinux-uml-3
+>=sec-policy/selinux-uptime-3
+>=sec-policy/selinux-usbmuxd-3
+>=sec-policy/selinux-varnishd-3
+>=sec-policy/selinux-vbetool-3
+>=sec-policy/selinux-vde-3
+>=sec-policy/selinux-virt-3
+>=sec-policy/selinux-vlock-3
+>=sec-policy/selinux-vmware-3
+>=sec-policy/selinux-vpn-3
+>=sec-policy/selinux-watchdog-3
+>=sec-policy/selinux-webalizer-3
+>=sec-policy/selinux-wine-3
+>=sec-policy/selinux-wireshark-3
+>=sec-policy/selinux-xen-3
+>=sec-policy/selinux-xfce4-3
+>=sec-policy/selinux-xfs-3
+>=sec-policy/selinux-xscreensaver-3
+>=sec-policy/selinux-xserver-3
+>=sec-policy/selinux-zabbix-3
diff --git a/profiles/features/selinux/package.use.force b/profiles/features/selinux/package.use.force
new file mode 100644
index 000000000000..78e565902ac9
--- /dev/null
+++ b/profiles/features/selinux/package.use.force
@@ -0,0 +1,7 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/features/selinux/package.use.force,v 1.1 2011/05/17 10:46:49 blueness Exp $
+
+# Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org> (18 Feb 2011)
+# sys-apps/portage depends on sys-libs/libselinux, which currently does not support Python 3.
+sys-apps/portage python2
diff --git a/profiles/features/selinux/package.use.mask b/profiles/features/selinux/package.use.mask
new file mode 100644
index 000000000000..1a3b9efdf02b
--- /dev/null
+++ b/profiles/features/selinux/package.use.mask
@@ -0,0 +1,10 @@
+# Saleem Abdulrasool <compnerd@gentoo.org> (23 Nov 2007)
+# Unmask when we get HAL 0.5.10 straightened out
+media-sound/pulseaudio policykit
+
+# requires gcc-4.4
+app-emulation/wine win64
+
+# Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org> (18 Feb 2011)
+# sys-apps/portage depends on sys-libs/libselinux, which currently does not support Python 3.
+sys-apps/portage python3
diff --git a/profiles/features/selinux/packages b/profiles/features/selinux/packages
new file mode 100644
index 000000000000..72b3ac7141ef
--- /dev/null
+++ b/profiles/features/selinux/packages
@@ -0,0 +1,54 @@
+# Copyright 1999-2011 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/features/selinux/packages,v 1.1 2011/05/17 10:46:49 blueness Exp $
+
+# This file extends the base packages file for the default profile that all
+# architectures will enjoy.  Please note that default is what most architectures
+# will have.  Some will have an selinux profile (see ${PORTDIR}/profiles/selinux).
+# The idea is to only create a new family of profiles when absolutely necessary.
+
+*sys-apps/busybox
+*sys-apps/hdparm
+*sys-apps/man-pages
+
+##############################################################################
+# Basic SELinux required versionings
+
+# Core Packages
+>=sys-apps/portage-2.0.49-r15
+>=sys-apps/baselayout-1.8.6.12-r2
+>=sys-libs/glibc-2.3
+>=sys-libs/uclibc-0.9.26-r8
+>=sys-kernel/linux-headers-2.4.20
+
+# Base SELinux packages
+*sys-libs/libsepol
+*sys-libs/libselinux
+*sys-libs/libsemanage
+*sys-apps/checkpolicy
+*sys-apps/policycoreutils
+*sec-policy/selinux-base-policy
+
+# SELinux-aware packages
+>=net-misc/openssh-3.7.1_p2
+>=sys-apps/coreutils-5.0.91
+>=sys-apps/findutils-4.1.20-r1
+>=sys-apps/shadow-4.0.3-r7
+*>=sys-apps/util-linux-2.12
+*>=sys-libs/pam-0.77
+>=sys-process/procps-3.1.15
+>=sys-process/psmisc-21.2-r4
+
+# optional SELinux-aware programs:
+>=app-admin/logrotate-3.6.5-r1
+>=gnome-base/gdm-2.4.4.7
+>=sys-process/fcron-2.9.4
+>=sys-fs/udev-055
+>=sys-process/vixie-cron-3.0.1-r2
+
+# SELinux is integrated in 2.6
+>=sys-kernel/vanilla-sources-2.6.0
+
+# Critical xattr fixes:
+>=sys-boot/grub-0.94
+>=sys-boot/grub-static-0.94
diff --git a/profiles/features/selinux/profile.bashrc b/profiles/features/selinux/profile.bashrc
new file mode 100644
index 000000000000..f3cc3c24919f
--- /dev/null
+++ b/profiles/features/selinux/profile.bashrc
@@ -0,0 +1,5 @@
+# SELinux-aware progams write to entries here
+SANDBOX_WRITE="${SANDBOX_WRITE}:/selinux/"
+
+# for setfscreatecon
+SANDBOX_WRITE="${SANDBOX_WRITE}:/proc/self/"
diff --git a/profiles/features/selinux/use.force b/profiles/features/selinux/use.force
new file mode 100644
index 000000000000..a651b206dcf2
--- /dev/null
+++ b/profiles/features/selinux/use.force
@@ -0,0 +1 @@
+selinux
diff --git a/profiles/features/selinux/use.mask b/profiles/features/selinux/use.mask
new file mode 100644
index 000000000000..570d69d734fe
--- /dev/null
+++ b/profiles/features/selinux/use.mask
@@ -0,0 +1,23 @@
+# Copyright 1999-2011 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/features/selinux/use.mask,v 1.1 2011/05/17 10:46:50 blueness Exp $
+
+# This file masks out USE flags that are simply NOT allowed in the default
+# profile for any architecture.  This works, for example, if a non-default
+# profile (such as the selinux profiles) have a USE flag associated with
+# them.
+
+-hardened
+-selinux
+
+# amd64 only:
+emul-linux-x86
+
+# Only used by mips and old amd64 profiles
+multilib
+
+# ppc and x86/amd64
+x264
+
+# tcc is x86-only
+tcc
diff --git a/profiles/features/selinux/virtuals b/profiles/features/selinux/virtuals
new file mode 100644
index 000000000000..3deb4c9d6152
--- /dev/null
+++ b/profiles/features/selinux/virtuals
@@ -0,0 +1,8 @@
+# Copyright 1999-2011 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/features/selinux/virtuals,v 1.1 2011/05/17 10:46:50 blueness Exp $
+
+# Use this virtuals file to either overload the base profile's defined
+# virtuals, or add virtuals that are specific to this family of profiles
+
+virtual/linux-sources		sys-kernel/gentoo-sources