From e34ec94f7c94192b9c01237da173b3f9fef83e56 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 28 Jul 2015 13:42:40 -0700
Subject: [PATCH] Permit unknown policy objects

We're using a stripped down policy, so we don't care that certain tasks
may refer to policy objects that don't exist. Permit acts that reference
them.
---
 .../sys-libs/libsemanage/libsemanage-2.4-r1.ebuild               | 1 +
 .../coreos-overlay/sys-libs/libsemanage/libsemanage-9999.ebuild  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild
index f70d55b62c..1a0c7f54a4 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild
@@ -64,6 +64,7 @@ src_prepare() {
 	echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
 	echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
 	echo "bzip-small=true" >> "${S}/src/semanage.conf"
+	echo "handle-unknown=allow" >> "${S}/src/semanage.conf"
 
 	epatch "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch"
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-9999.ebuild
index 2ebe49a5a2..08d20dae86 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-9999.ebuild
@@ -71,6 +71,7 @@ src_prepare() {
 	echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
 	echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
 	echo "bzip-small=true" >> "${S}/src/semanage.conf"
+	echo "handle-unknown=allow" >> "${S}/src/semanage.conf"
 
 	if [[ ${PV} != 9999 ]] ; then
 		# If wanted for live builds, please use /etc/portage/patches