From eb258f2da7f31dbaee081a0571774f4f684a11c3 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Fri, 14 Aug 2015 17:25:43 -0700
Subject: [PATCH] selinux-policy: do not execute binaries under $ROOT

Run-time binaries must be provided by the SDK, dynamic libraries or the
entire architecture may be different under the target $ROOT.

I have no idea if selinux can be built cross-architecture though, if not
this may need to be revisited with qemu.
---
 ...pends-0.0.1-r19.ebuild => sdk-depends-0.0.1-r20.ebuild} | 0
 .../coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild      | 7 +++++++
 .../coreos-overlay/eclass/selinux-policy-2.eclass          | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)
 rename sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/{sdk-depends-0.0.1-r19.ebuild => sdk-depends-0.0.1-r20.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r19.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r20.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r19.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r20.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
index 2527bee8fa..9bcbc5c774 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
@@ -40,4 +40,11 @@ DEPEND="
 	sys-fs/cryptsetup
 	dev-rust/cargo
 	"
+
+# Must match the build-time dependencies listed in selinux-policy-2.eclass
+DEPEND="${DEPEND}
+	>=sys-apps/checkpolicy-2.0.21
+	>=sys-apps/policycoreutils-2.0.82
+	sys-devel/m4"
+
 RDEPEND="${DEPEND}"
diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass
index aef0e1b419..8a7821ea3f 100644
--- a/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass
+++ b/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass
@@ -232,7 +232,7 @@ selinux-policy-2_src_compile() {
 			# Parallel builds are broken in 2.20140311-r7 and earlier, bug 530178
 			emake -j1 NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
 		else
-			emake NAME=$i BINDIR="${ROOT}/usr/bin" SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
+			emake NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
 		fi
 	done
 }