Fix selinux configuration file location

We were installing selinux configuration files in /etc which caused problems
on upgrades. Move them into /usr and ensure that systemd sets up appropriate
temporary files. Fixes https://github.com/coreos/bugs/issues/447

sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/tmpfiles.d/selinux-base.conf

@@ -1,2 +1,3 @@
 d	/etc/selinux/		-	-	-	-	-
+L	/etc/selinux/config	-	-	-	-	../../usr/lib/selinux/config
 L	/etc/selinux/mcs	-	-	-	-	../../usr/lib/selinux/mcs

sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r6.ebuild

@@ -160,11 +160,13 @@ src_install() {
 	done
 
 	systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/selinux-base.conf"
+	systemd-tmpfiles --root="${D}" --create selinux-base.conf
+
 	dodoc doc/Makefile.example doc/example.{te,fc,if}
 
 	doman man/man8/*.8;
 
-	insinto /etc/selinux
+	insinto /usr/lib/selinux
 	doins "${FILESDIR}/config"
 
 	insinto /etc/selinux/mcs/contexts

sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-9999.ebuild

@@ -156,11 +156,14 @@ src_install() {
 
 	done
 
+	systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/selinux-base.conf"
+	systemd-tmpfiles --root="${D}" --create selinux-base.conf
+
 	dodoc doc/Makefile.example doc/example.{te,fc,if}
 
 	doman man/man8/*.8;
 
-	insinto /etc/selinux
+	insinto /usr/lib/selinux
 	doins "${FILESDIR}/config"
 }
 

sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/files/tmpfiles.d/libsemanage.conf

@@ -0,0 +1 @@
+L	/etc/selinux/semanage.conf	-	-	-	-	../../usr/lib/selinux/semanage.conf

sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild

@@ -5,7 +5,7 @@
 EAPI="5"
 PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
 
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
+inherit multilib python-r1 toolchain-funcs eutils multilib-minimal systemd
 
 MY_P="${P//_/-}"
 
@@ -92,6 +92,7 @@ multilib_src_compile() {
 
 multilib_src_install() {
 	emake \
+		DEFAULT_SEMANAGE_CONF_LOCATION="${ED}/usr/lib/selinux/semanage.conf" \
 		LIBDIR="${ED}/usr/$(get_libdir)" \
 		SHLIBDIR="${ED}/usr/$(get_libdir)" \
 		DESTDIR="${ED}" install
@@ -104,4 +105,5 @@ multilib_src_install() {
 		}
 		python_foreach_impl installation_py
 	fi
+	systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/libsemanage.conf"
 }

sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-9999.ebuild

@@ -5,7 +5,7 @@
 EAPI="5"
 PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
 
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
+inherit multilib python-r1 toolchain-funcs eutils multilib-minimal systemd
 
 MY_P="${P//_/-}"
 MY_RELEASEDATE="20150202"
@@ -102,6 +102,7 @@ multilib_src_compile() {
 
 multilib_src_install() {
 	emake \
+		DEFAULT_SEMANAGE_CONF_LOCATION="${ED}/usr/lib/selinux/semanage.conf" \
 		LIBDIR="${ED}/usr/$(get_libdir)" \
 		SHLIBDIR="${ED}/usr/$(get_libdir)" \
 		DESTDIR="${ED}" install
@@ -114,4 +115,5 @@ multilib_src_install() {
 		}
 		python_foreach_impl installation_py
 	fi
+        systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/libsemanage.conf"
 }