From 74ba4c41ed7172efef2f2abcb16e1fe63ce00b93 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Thu, 5 Mar 2026 16:46:53 +0100
Subject: [PATCH] Force installing some selinux libraries into selinux sysext

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
---
 build_library/extra_sysexts.sh | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/build_library/extra_sysexts.sh b/build_library/extra_sysexts.sh
index 0df112610a..5b7ee60bc7 100644
--- a/build_library/extra_sysexts.sh
+++ b/build_library/extra_sysexts.sh
@@ -1,3 +1,12 @@
+# String format:
+#
+# name | packages to install | USE flags | allowed architectures
+#
+# packages to install - a comma-separated list of packages to install, can specify a slot too
+#
+# USE flags - USE flags passed as an environment variable to emerge; optional, defaults to nothing
+#
+# allowed architectures - optional, defaults to all the architectures
 EXTRA_SYSEXTS=(
   "incus|app-containers/incus"
   "nvidia-drivers-535|x11-drivers/nvidia-drivers:0/535|-kernel-open persistenced|amd64"
@@ -9,7 +18,8 @@ EXTRA_SYSEXTS=(
   "overlaybd|sys-fs/overlaybd,app-containers/accelerated-container-image"
   "podman|app-containers/podman,net-misc/passt"
   "python|dev-lang/python,dev-python/pip"
-  "selinux|sys-apps/policycoreutils,app-admin/setools"
+  # Force installing libselinux and libsemanage - they are only partially installed in prod images
+  "selinux|sys-apps/policycoreutils,app-admin/setools,sys-libs/libselinux,sys-libs/libsemanage"
   "zfs|sys-fs/zfs"
 )