I've pushed out live ebuilds for the SELinux policies to the hardened-dev
overlay. They will pull the policies from the git repository that I develop
the policies in . This allows some users to get the most recent changes
if they can't wait for the ebuilds themselves.
Note however that, if you use this, you will need to update your policies
using the following command:
This because the dependencies for the modules are always resolved (they all
refer to -9999 which is then always satisfied) so we need to pull them in
explicitly. We first install the base ones (to make sure the interfaces are
properly stored on the file system and the core modules are loaded) and then
all installed modules (this will pull the base/base-policy in again but that
The overlay also contains an update for the eclass to support live ebuilds
for the SELinux policy modules, but it looks like overlays automatically
take precendence for eclasses as well.