Refactor to conform to YP Compat requirements

Change the references to check for the distribution flag of 'selinux' being
set before taking any action within the bbappends.  This prevents the
signature from being modified.

Also remove PR changes, as they are no longer allowed.

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>

79 files changed, 283 insertions, 301 deletions

diff --git a/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend b/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend
index c1e8ed6..b01ad25 100644
--- a/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend
+++ b/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend
@@ -1 +1 @@
-inherit with-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
index 81fe7b7..7719d3b 100644
--- a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
+++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
@@ -1 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_selinux.inc b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_selinux.inc
new file mode 100644
index 0000000..81fe7b7
--- /dev/null
+++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_selinux.inc
@@ -0,0 +1 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
diff --git a/recipes-connectivity/bind/bind_%.bbappend b/recipes-connectivity/bind/bind_%.bbappend
index a15e045..7719d3b 100644
--- a/recipes-connectivity/bind/bind_%.bbappend
+++ b/recipes-connectivity/bind/bind_%.bbappend
@@ -1,13 +1 @@
-PR .= ".3"
-
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
-
-SRC_URI += "file://volatiles.04_bind"
-
-do_install_append() {
-        install -d ${D}${sysconfdir}/default/volatiles
-        install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind
-
-        sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\
-            [ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind
-}
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-connectivity/bind/bind_selinux.inc b/recipes-connectivity/bind/bind_selinux.inc
new file mode 100644
index 0000000..1dfef8a
--- /dev/null
+++ b/recipes-connectivity/bind/bind_selinux.inc
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI += "file://volatiles.04_bind"
+
+do_install_append() {
+        install -d ${D}${sysconfdir}/default/volatiles
+        install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind
+
+        sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\
+            [ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind
+}
diff --git a/recipes-connectivity/dhcp/dhcp_%.bbappend b/recipes-connectivity/dhcp/dhcp_%.bbappend
index 2d2232c..7719d3b 100644
--- a/recipes-connectivity/dhcp/dhcp_%.bbappend
+++ b/recipes-connectivity/dhcp/dhcp_%.bbappend
@@ -1,3 +1 @@
-inherit selinux
-
-FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/files:')}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-connectivity/dhcp/dhcp_selinux.inc b/recipes-connectivity/dhcp/dhcp_selinux.inc
new file mode 100644
index 0000000..08389f1
--- /dev/null
+++ b/recipes-connectivity/dhcp/dhcp_selinux.inc
@@ -0,0 +1,3 @@
+inherit selinux
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
diff --git a/recipes-connectivity/iproute2/iproute2_%.bbappend b/recipes-connectivity/iproute2/iproute2_%.bbappend
index c866b54..7719d3b 100644
--- a/recipes-connectivity/iproute2/iproute2_%.bbappend
+++ b/recipes-connectivity/iproute2/iproute2_%.bbappend
@@ -1,9 +1 @@
-inherit with-selinux
-
-do_configure_append() {
-        if ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'true', 'false', d)}; then
-                sed -i 's/\(HAVE_SELINUX:=\).*/\1y/' ${B}/Config
-        else
-                sed -i 's/\(HAVE_SELINUX:=\).*/\1n/' ${B}/Config
-        fi
-}
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-connectivity/iproute2/iproute2_selinux.inc b/recipes-connectivity/iproute2/iproute2_selinux.inc
new file mode 100644
index 0000000..b0a7ffe
--- /dev/null
+++ b/recipes-connectivity/iproute2/iproute2_selinux.inc
@@ -0,0 +1,5 @@
+inherit with-selinux
+
+do_configure_append() {
+        sed -i 's/\(HAVE_SELINUX:=\).*/\1y/' ${B}/Config
+}
diff --git a/recipes-connectivity/openssh/openssh_%.bbappend b/recipes-connectivity/openssh/openssh_%.bbappend
index 223b8cf..7719d3b 100644
--- a/recipes-connectivity/openssh/openssh_%.bbappend
+++ b/recipes-connectivity/openssh/openssh_%.bbappend
@@ -1,13 +1 @@
-PR .= ".5"
-
-inherit with-selinux
-
-FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/files:')}"
-
-# There is no distro feature just for audit.  If we want it,
-# uncomment the following.
-#
-#PACKAGECONFIG += "${@target_selinux(d, 'audit')}"
-
-PACKAGECONFIG[audit] = "--with-audit=linux,--without-audit,audit,"
-
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-connectivity/openssh/openssh_selinux.inc b/recipes-connectivity/openssh/openssh_selinux.inc
new file mode 100644
index 0000000..ebd2721
--- /dev/null
+++ b/recipes-connectivity/openssh/openssh_selinux.inc
@@ -0,0 +1,9 @@
+inherit with-selinux
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+# There is no distro feature just for audit.
+PACKAGECONFIG_append = " audit"
+
+PACKAGECONFIG[audit] = "--with-audit=linux,--without-audit,audit,"
+
diff --git a/recipes-core/busybox/busybox_%.bbappend b/recipes-core/busybox/busybox_%.bbappend
index b4935b2..7719d3b 100644
--- a/recipes-core/busybox/busybox_%.bbappend
+++ b/recipes-core/busybox/busybox_%.bbappend
@@ -1,87 +1 @@
-PR .= ".1"
-
-FILES_${PN} += "${libdir}/${PN}"
-
-# We should use sh wrappers instead of links so the commands could get correct
-# security labels
-python create_sh_wrapper_reset_alternative_vars () {
-    # We need to load the full set of busybox provides from the /etc/busybox.links
-    # Use this to see the update-alternatives with the right information
-
-    dvar = d.getVar('D', True)
-    pn = d.getVar('PN', True)
-
-    def create_sh_alternative_vars(links, target, mode):
-        import shutil
-        # Create sh wrapper template
-        fwp = open("busybox_wrapper", 'w')
-        fwp.write("#!%s" % (target))
-        os.fchmod(fwp.fileno(), mode)
-        fwp.close()
-        # Install the sh wrappers and alternatives reset to link to them
-        wpdir = os.path.join(d.getVar('libdir', True), pn)
-        wpdir_dest = '%s%s' % (dvar, wpdir)
-        if not os.path.exists(wpdir_dest):
-            os.makedirs(wpdir_dest)
-        f = open('%s%s' % (dvar, links), 'r')
-        for alt_link_name in f:
-            alt_link_name = alt_link_name.strip()
-            alt_name = os.path.basename(alt_link_name)
-            # Copy script wrapper to wp_path
-            alt_wppath = '%s%s' % (wpdir, alt_link_name)
-            alt_wppath_dest = '%s%s' % (wpdir_dest, alt_link_name) 
-            alt_wpdir_dest = os.path.dirname(alt_wppath_dest)
-            if not os.path.exists(alt_wpdir_dest):
-                os.makedirs(alt_wpdir_dest)
-            shutil.copy2("busybox_wrapper", alt_wppath_dest)
-            # Re-set alternatives
-            # Match coreutils
-            if alt_name == '[':
-                alt_name = 'lbracket'
-            d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
-            d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
-            if os.path.exists(alt_wppath_dest):
-                d.setVarFlag('ALTERNATIVE_TARGET', alt_name, alt_wppath)
-        f.close()
-
-        os.remove("busybox_wrapper")
-        return
-
-    if os.path.exists('%s/etc/busybox.links' % (dvar)):
-        create_sh_alternative_vars("/etc/busybox.links", "/bin/busybox", 0o0755)
-    else:
-        create_sh_alternative_vars("/etc/busybox.links.nosuid", "/bin/busybox.nosuid", 0o0755)
-        create_sh_alternative_vars("/etc/busybox.links.suid", "/bin/busybox.suid", 0o4755)
-}
-
-# Add to PACKAGEBUILDPKGD so it could override the alternatives, which are set in
-# do_package_prepend() section of busybox_*.bb.
-PACKAGEBUILDPKGD_prepend = "create_sh_wrapper_reset_alternative_vars "
-
-# Use sh wrappers instead of links
-pkg_postinst_${PN} () {
-        # This part of code is dedicated to the on target upgrade problem.
-        # It's known that if we don't make appropriate symlinks before update-alternatives calls,
-        # there will be errors indicating missing commands such as 'sed'.
-        # These symlinks will later be updated by update-alternatives calls.
-        test -n 2 > /dev/null || alias test='busybox test'
-        if test "x$D" = "x"; then
-                # Remove busybox.nosuid if it's a symlink, because this situation indicates
-                # that we're installing or upgrading to a one-binary busybox.
-                if test -h /bin/busybox.nosuid; then
-                        rm -f /bin/busybox.nosuid
-                fi
-                for suffix in "" ".nosuid" ".suid"; do
-                        if test -e /etc/busybox.links$suffix; then
-                                while read link; do
-                                        if test ! -e "$link"; then
-                                                # we can use busybox here because even if we are using splitted busybox
-                                                # we've made a symlink from /bin/busybox to /bin/busybox.nosuid.
-                                                busybox echo "#!/bin/busybox$suffix" > $link
-                                        fi
-                                done < /etc/busybox.links$suffix
-                        fi
-                done
-        fi
-}
-
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-core/busybox/busybox_selinux.inc b/recipes-core/busybox/busybox_selinux.inc
new file mode 100644
index 0000000..3f20815
--- /dev/null
+++ b/recipes-core/busybox/busybox_selinux.inc
@@ -0,0 +1,85 @@
+FILES_${PN} += "${libdir}/${PN}"
+
+# We should use sh wrappers instead of links so the commands could get correct
+# security labels
+python create_sh_wrapper_reset_alternative_vars () {
+    # We need to load the full set of busybox provides from the /etc/busybox.links
+    # Use this to see the update-alternatives with the right information
+
+    dvar = d.getVar('D', True)
+    pn = d.getVar('PN', True)
+
+    def create_sh_alternative_vars(links, target, mode):
+        import shutil
+        # Create sh wrapper template
+        fwp = open("busybox_wrapper", 'w')
+        fwp.write("#!%s" % (target))
+        os.fchmod(fwp.fileno(), mode)
+        fwp.close()
+        # Install the sh wrappers and alternatives reset to link to them
+        wpdir = os.path.join(d.getVar('libdir', True), pn)
+        wpdir_dest = '%s%s' % (dvar, wpdir)
+        if not os.path.exists(wpdir_dest):
+            os.makedirs(wpdir_dest)
+        f = open('%s%s' % (dvar, links), 'r')
+        for alt_link_name in f:
+            alt_link_name = alt_link_name.strip()
+            alt_name = os.path.basename(alt_link_name)
+            # Copy script wrapper to wp_path
+            alt_wppath = '%s%s' % (wpdir, alt_link_name)
+            alt_wppath_dest = '%s%s' % (wpdir_dest, alt_link_name) 
+            alt_wpdir_dest = os.path.dirname(alt_wppath_dest)
+            if not os.path.exists(alt_wpdir_dest):
+                os.makedirs(alt_wpdir_dest)
+            shutil.copy2("busybox_wrapper", alt_wppath_dest)
+            # Re-set alternatives
+            # Match coreutils
+            if alt_name == '[':
+                alt_name = 'lbracket'
+            d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
+            d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
+            if os.path.exists(alt_wppath_dest):
+                d.setVarFlag('ALTERNATIVE_TARGET', alt_name, alt_wppath)
+        f.close()
+
+        os.remove("busybox_wrapper")
+        return
+
+    if os.path.exists('%s/etc/busybox.links' % (dvar)):
+        create_sh_alternative_vars("/etc/busybox.links", "/bin/busybox", 0o0755)
+    else:
+        create_sh_alternative_vars("/etc/busybox.links.nosuid", "/bin/busybox.nosuid", 0o0755)
+        create_sh_alternative_vars("/etc/busybox.links.suid", "/bin/busybox.suid", 0o4755)
+}
+
+# Add to PACKAGEBUILDPKGD so it could override the alternatives, which are set in
+# do_package_prepend() section of busybox_*.bb.
+PACKAGEBUILDPKGD_prepend = "create_sh_wrapper_reset_alternative_vars "
+
+# Use sh wrappers instead of links
+pkg_postinst_${PN} () {
+        # This part of code is dedicated to the on target upgrade problem.
+        # It's known that if we don't make appropriate symlinks before update-alternatives calls,
+        # there will be errors indicating missing commands such as 'sed'.
+        # These symlinks will later be updated by update-alternatives calls.
+        test -n 2 > /dev/null || alias test='busybox test'
+        if test "x$D" = "x"; then
+                # Remove busybox.nosuid if it's a symlink, because this situation indicates
+                # that we're installing or upgrading to a one-binary busybox.
+                if test -h /bin/busybox.nosuid; then
+                        rm -f /bin/busybox.nosuid
+                fi
+                for suffix in "" ".nosuid" ".suid"; do
+                        if test -e /etc/busybox.links$suffix; then
+                                while read link; do
+                                        if test ! -e "$link"; then
+                                                # we can use busybox here because even if we are using splitted busybox
+                                                # we've made a symlink from /bin/busybox to /bin/busybox.nosuid.
+                                                busybox echo "#!/bin/busybox$suffix" > $link
+                                        fi
+                                done < /etc/busybox.links$suffix
+                        fi
+                done
+        fi
+}
+
diff --git a/recipes-core/coreutils/coreutils_%.bbappend b/recipes-core/coreutils/coreutils_%.bbappend
index c1e8ed6..7b9a2dc 100644
--- a/recipes-core/coreutils/coreutils_%.bbappend
+++ b/recipes-core/coreutils/coreutils_%.bbappend
@@ -1 +1,2 @@
-inherit with-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
+
diff --git a/recipes-core/dbus/dbus_%.bbappend b/recipes-core/dbus/dbus_%.bbappend
index 8c11cac..ee221e2 100644
--- a/recipes-core/dbus/dbus_%.bbappend
+++ b/recipes-core/dbus/dbus_%.bbappend
@@ -1 +1,2 @@
-inherit enable-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
+
diff --git a/recipes-core/eudev/eudev_%.bbappend b/recipes-core/eudev/eudev_%.bbappend
index e1e7cd1..b0b03ec 100644
--- a/recipes-core/eudev/eudev_%.bbappend
+++ b/recipes-core/eudev/eudev_%.bbappend
@@ -1,3 +1,2 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
 
-inherit enable-selinux
diff --git a/recipes-core/eudev/eudev_selinux.inc b/recipes-core/eudev/eudev_selinux.inc
new file mode 100644
index 0000000..2ad6b13
--- /dev/null
+++ b/recipes-core/eudev/eudev_selinux.inc
@@ -0,0 +1,3 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+inherit enable-selinux
diff --git a/recipes-core/eudev/eudev/init b/recipes-core/eudev/files/init
index ee64f86..ee64f86 100644
--- a/recipes-core/eudev/eudev/init
+++ b/recipes-core/eudev/files/init
diff --git a/recipes-core/eudev/eudev/udev-cache b/recipes-core/eudev/files/udev-cache
index 6898577..6898577 100644
--- a/recipes-core/eudev/eudev/udev-cache
+++ b/recipes-core/eudev/files/udev-cache
diff --git a/recipes-core/glib-2.0/glib-2.0_%.bbappend b/recipes-core/glib-2.0/glib-2.0_%.bbappend
index 8c11cac..74e22b3 100644
--- a/recipes-core/glib-2.0/glib-2.0_%.bbappend
+++ b/recipes-core/glib-2.0/glib-2.0_%.bbappend
@@ -1 +1 @@
-inherit enable-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
diff --git a/recipes-core/initscripts/initscripts/devpts.sh b/recipes-core/initscripts/files/devpts.sh
index a0b037f..a0b037f 100755
--- a/recipes-core/initscripts/initscripts/devpts.sh
+++ b/recipes-core/initscripts/files/devpts.sh
diff --git a/recipes-core/initscripts/initscripts-1.0_selinux.inc b/recipes-core/initscripts/initscripts-1.0_selinux.inc
new file mode 100644
index 0000000..6e8a9b6
--- /dev/null
+++ b/recipes-core/initscripts/initscripts-1.0_selinux.inc
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+do_install_append () {
+        cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh
+touch /var/log/lastlog
+test ! -x /sbin/restorecon || /sbin/restorecon -iRF /var/volatile/ /var/lib /run \
+    /etc/resolv.conf /etc/adjtime
+EOF
+        sed -i '/mount -n -o remount,$rootmode/i\test ! -x /sbin/restorecon || /sbin/restorecon -iRF /run' \
+            ${D}${sysconfdir}/init.d/checkroot.sh
+}
diff --git a/recipes-core/initscripts/initscripts_1.0.bbappend b/recipes-core/initscripts/initscripts_1.0.bbappend
index 0fc7a5e..4f9950b 100644
--- a/recipes-core/initscripts/initscripts_1.0.bbappend
+++ b/recipes-core/initscripts/initscripts_1.0.bbappend
@@ -1,13 +1 @@
-PR .= ".3"
-
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-do_install_append () {
-        cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh
-touch /var/log/lastlog
-test ! -x /sbin/restorecon || /sbin/restorecon -iRF /var/volatile/ /var/lib /run \
-    /etc/resolv.conf /etc/adjtime
-EOF
-        sed -i '/mount -n -o remount,$rootmode/i\test ! -x /sbin/restorecon || /sbin/restorecon -iRF /run' \
-            ${D}${sysconfdir}/init.d/checkroot.sh
-}
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'initscripts-1.0_selinux.inc', '', d)}
diff --git a/recipes-core/libcgroup/libcgroup_%.bbappend b/recipes-core/libcgroup/libcgroup_%.bbappend
index b7e0c5f..7719d3b 100644
--- a/recipes-core/libcgroup/libcgroup_%.bbappend
+++ b/recipes-core/libcgroup/libcgroup_%.bbappend
@@ -1,12 +1 @@
-PR .= ".3"
-
-EXTRA_OECONF_virtclass-native = "--enable-pam=no"
-
-do_install_append() {
-        test ! -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 || {
-                mv -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 ${D}${base_libdir}/security/pam_cgroup.so
-                rm -f ${D}${base_libdir}/security/pam_cgroup.so.*
-        }
-}
-
-BBCLASSEXTEND = "native"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-core/libcgroup/libcgroup_selinux.inc b/recipes-core/libcgroup/libcgroup_selinux.inc
new file mode 100644
index 0000000..f81188f
--- /dev/null
+++ b/recipes-core/libcgroup/libcgroup_selinux.inc
@@ -0,0 +1,10 @@
+EXTRA_OECONF_virtclass-native = "--enable-pam=no"
+
+do_install_append() {
+        test ! -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 || {
+                mv -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 ${D}${base_libdir}/security/pam_cgroup.so
+                rm -f ${D}${base_libdir}/security/pam_cgroup.so.*
+        }
+}
+
+BBCLASSEXTEND = "native"
diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend
index f1bdaf8..5ac3adb 100644
--- a/recipes-core/systemd/systemd_%.bbappend
+++ b/recipes-core/systemd/systemd_%.bbappend
@@ -1 +1 @@
-inherit enable-audit
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)}
diff --git a/recipes-core/sysvinit/sysvinit-2.88dsf/sysvinit-fix-is_selinux_enabled.patch b/recipes-core/sysvinit/files/sysvinit-fix-is_selinux_enabled.patch
index 62703b1..62703b1 100644
--- a/recipes-core/sysvinit/sysvinit-2.88dsf/sysvinit-fix-is_selinux_enabled.patch
+++ b/recipes-core/sysvinit/files/sysvinit-fix-is_selinux_enabled.patch
diff --git a/recipes-core/sysvinit/sysvinit-2.88dsf_selinux.inc b/recipes-core/sysvinit/sysvinit-2.88dsf_selinux.inc
new file mode 100644
index 0000000..fcfbdb7
--- /dev/null
+++ b/recipes-core/sysvinit/sysvinit-2.88dsf_selinux.inc
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+B = "${S}"
+
+SRC_URI += "file://sysvinit-fix-is_selinux_enabled.patch"
+
+inherit selinux
+
+DEPENDS += "${LIBSELINUX}"
+
+EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}"
diff --git a/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend b/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend
index 636dc5e..9df30b6 100644
--- a/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend
+++ b/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend
@@ -1,14 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:"
-
-B = "${S}"
-
-SRC_URI += "file://sysvinit-fix-is_selinux_enabled.patch"
-
-inherit selinux
-
-DEPENDS += "${LIBSELINUX}"
-
-EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}"
-
-PR .= ".2"
-
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'sysvinit-2.88dsf_selinux.inc', '', d)}
diff --git a/recipes-core/util-linux/util-linux_%.bbappend b/recipes-core/util-linux/util-linux_%.bbappend
index 7695b77..b01ad25 100644
--- a/recipes-core/util-linux/util-linux_%.bbappend
+++ b/recipes-core/util-linux/util-linux_%.bbappend
@@ -1,3 +1 @@
-PR .= ".3"
-
-inherit with-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend b/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend
index 7acaf48..7719d3b 100644
--- a/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend
+++ b/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend
@@ -1,2 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-SRC_URI += "file://misc_create_inode.c-label_rootfs.patch"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-devtools/e2fsprogs/e2fsprogs_selinux.inc b/recipes-devtools/e2fsprogs/e2fsprogs_selinux.inc
new file mode 100644
index 0000000..9cbb7fe
--- /dev/null
+++ b/recipes-devtools/e2fsprogs/e2fsprogs_selinux.inc
@@ -0,0 +1,3 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI += "file://misc_create_inode.c-label_rootfs.patch"
diff --git a/recipes-devtools/e2fsprogs/e2fsprogs/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch b/recipes-devtools/e2fsprogs/files/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch
index b87c414..b87c414 100644
--- a/recipes-devtools/e2fsprogs/e2fsprogs/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch
+++ b/recipes-devtools/e2fsprogs/files/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch
diff --git a/recipes-devtools/e2fsprogs/e2fsprogs/misc_create_inode.c-label_rootfs.patch b/recipes-devtools/e2fsprogs/files/misc_create_inode.c-label_rootfs.patch
index 1de0dde..1de0dde 100644
--- a/recipes-devtools/e2fsprogs/e2fsprogs/misc_create_inode.c-label_rootfs.patch
+++ b/recipes-devtools/e2fsprogs/files/misc_create_inode.c-label_rootfs.patch
diff --git a/recipes-devtools/prelink/prelink_git.bbappend b/recipes-devtools/prelink/prelink_git.bbappend
index 366fdf5..74e22b3 100644
--- a/recipes-devtools/prelink/prelink_git.bbappend
+++ b/recipes-devtools/prelink/prelink_git.bbappend
@@ -1,3 +1 @@
-PR .= ".2"
-
-inherit enable-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
diff --git a/recipes-devtools/python/python/sitecustomize.py b/recipes-devtools/python/files/sitecustomize.py
index d2b71fa..d2b71fa 100644
--- a/recipes-devtools/python/python/sitecustomize.py
+++ b/recipes-devtools/python/files/sitecustomize.py
diff --git a/recipes-devtools/python/python_%.bbappend b/recipes-devtools/python/python_%.bbappend
index 9eefd2d..7719d3b 100644
--- a/recipes-devtools/python/python_%.bbappend
+++ b/recipes-devtools/python/python_%.bbappend
@@ -1,3 +1 @@
-inherit selinux
-# If selinux enabled, disable handlers to rw command history file
-FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/${PN}:')}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-devtools/python/python_selinux.inc b/recipes-devtools/python/python_selinux.inc
new file mode 100644
index 0000000..bb54a90
--- /dev/null
+++ b/recipes-devtools/python/python_selinux.inc
@@ -0,0 +1,5 @@
+# If selinux enabled, disable handlers to rw command history file
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+inherit selinux
+
diff --git a/recipes-devtools/rpm/rpm_%.bbappend b/recipes-devtools/rpm/rpm_%.bbappend
index 9f3ec90..7719d3b 100644
--- a/recipes-devtools/rpm/rpm_%.bbappend
+++ b/recipes-devtools/rpm/rpm_%.bbappend
@@ -1,4 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-inherit with-selinux
-PACKAGECONFIG[selinux] = "${WITH_SELINUX},${WITHOUT_SELINUX},libsemanage,"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-devtools/rpm/rpm_selinux.inc b/recipes-devtools/rpm/rpm_selinux.inc
new file mode 100644
index 0000000..983dda7
--- /dev/null
+++ b/recipes-devtools/rpm/rpm_selinux.inc
@@ -0,0 +1,2 @@
+inherit with-selinux
+PACKAGECONFIG[selinux] = "${WITH_SELINUX},${WITHOUT_SELINUX},libsemanage,"
diff --git a/recipes-extended/at/at_%.bbappend b/recipes-extended/at/at_%.bbappend
index c1e8ed6..b01ad25 100644
--- a/recipes-extended/at/at_%.bbappend
+++ b/recipes-extended/at/at_%.bbappend
@@ -1 +1 @@
-inherit with-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/recipes-extended/cronie/cronie_%.bbappend b/recipes-extended/cronie/cronie_%.bbappend
index a398bec..cfa56ca 100644
--- a/recipes-extended/cronie/cronie_%.bbappend
+++ b/recipes-extended/cronie/cronie_%.bbappend
@@ -1,3 +1,2 @@
-PR .= ".2"
-
-inherit with-selinux with-audit
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-audit', '', d)}
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/recipes-extended/findutils/findutils_4.6.%.bbappend b/recipes-extended/findutils/findutils_4.6.%.bbappend
index a24a14f..b01ad25 100644
--- a/recipes-extended/findutils/findutils_4.6.%.bbappend
+++ b/recipes-extended/findutils/findutils_4.6.%.bbappend
@@ -1,2 +1 @@
-inherit with-selinux
-
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/recipes-extended/logrotate/logrotate_%.bbappend b/recipes-extended/logrotate/logrotate_%.bbappend
index 1bdca98..7719d3b 100644
--- a/recipes-extended/logrotate/logrotate_%.bbappend
+++ b/recipes-extended/logrotate/logrotate_%.bbappend
@@ -1,5 +1 @@
-inherit selinux
-
-DEPENDS += "${LIBSELINUX}"
-
-EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-extended/logrotate/logrotate_selinux.inc b/recipes-extended/logrotate/logrotate_selinux.inc
new file mode 100644
index 0000000..1bdca98
--- /dev/null
+++ b/recipes-extended/logrotate/logrotate_selinux.inc
@@ -0,0 +1,5 @@
+inherit selinux
+
+DEPENDS += "${LIBSELINUX}"
+
+EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}"
diff --git a/recipes-extended/lsof/lsof_%.bbappend b/recipes-extended/lsof/lsof_%.bbappend
index 793b13f..7719d3b 100644
--- a/recipes-extended/lsof/lsof_%.bbappend
+++ b/recipes-extended/lsof/lsof_%.bbappend
@@ -1,16 +1 @@
-PR .= ".2"
-
-inherit selinux
-
-DEPENDS += "${LIBSELINUX}"
-
-do_configure_prepend () {
-        export LINUX_HASSELINUX="${@target_selinux(d, 'Y', 'N')}"
-        export LSOF_CFGF="${CFLAGS}"
-        export LSOF_CFGL="${LDFLAGS}"
-        export LSOF_CC="${BUILD_CC}"
-}
-
-do_compile () {
-        oe_runmake 'CC=${CC}' 'DEBUG='
-}
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-extended/lsof/lsof_selinux.inc b/recipes-extended/lsof/lsof_selinux.inc
new file mode 100644
index 0000000..6691b4c
--- /dev/null
+++ b/recipes-extended/lsof/lsof_selinux.inc
@@ -0,0 +1,14 @@
+inherit selinux
+
+DEPENDS += "${LIBSELINUX}"
+
+do_configure_prepend () {
+        export LINUX_HASSELINUX="${@target_selinux(d, 'Y', 'N')}"
+        export LSOF_CFGF="${CFLAGS}"
+        export LSOF_CFGL="${LDFLAGS}"
+        export LSOF_CC="${BUILD_CC}"
+}
+
+do_compile () {
+        oe_runmake 'CC=${CC}' 'DEBUG='
+}
diff --git a/recipes-extended/net-tools/net-tools/netstat-selinux-support.patch b/recipes-extended/net-tools/files/netstat-selinux-support.patch
index f089041..f089041 100644
--- a/recipes-extended/net-tools/net-tools/netstat-selinux-support.patch
+++ b/recipes-extended/net-tools/files/netstat-selinux-support.patch
diff --git a/recipes-extended/net-tools/net-tools_%.bbappend b/recipes-extended/net-tools/net-tools_%.bbappend
index e99a5bc..7719d3b 100644
--- a/recipes-extended/net-tools/net-tools_%.bbappend
+++ b/recipes-extended/net-tools/net-tools_%.bbappend
@@ -1,11 +1 @@
-PR .= ".2"
-
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-SRC_URI += "file://netstat-selinux-support.patch"
-
-inherit selinux
-
-DEPENDS += "${LIBSELINUX}"
-
-EXTRA_OEMAKE += "${@target_selinux(d, 'HAVE_SELINUX=1', 'HAVE_SELINUX=0')}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-extended/net-tools/net-tools_selinux.inc b/recipes-extended/net-tools/net-tools_selinux.inc
new file mode 100644
index 0000000..cc3196f
--- /dev/null
+++ b/recipes-extended/net-tools/net-tools_selinux.inc
@@ -0,0 +1,9 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI += "file://netstat-selinux-support.patch"
+
+inherit selinux
+
+DEPENDS += "${LIBSELINUX}"
+
+EXTRA_OEMAKE += "${@target_selinux(d, 'HAVE_SELINUX=1', 'HAVE_SELINUX=0')}"
diff --git a/recipes-extended/pam/libpam_%.bbappend b/recipes-extended/pam/libpam_%.bbappend
index adcf938..7719d3b 100644
--- a/recipes-extended/pam/libpam_%.bbappend
+++ b/recipes-extended/pam/libpam_%.bbappend
@@ -1,3 +1 @@
-inherit enable-selinux
-
-RDEPENDS_${PN}-runtime += "${@target_selinux(d, 'pam-plugin-selinux')}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-extended/pam/libpam_selinux.inc b/recipes-extended/pam/libpam_selinux.inc
new file mode 100644
index 0000000..adcf938
--- /dev/null
+++ b/recipes-extended/pam/libpam_selinux.inc
@@ -0,0 +1,3 @@
+inherit enable-selinux
+
+RDEPENDS_${PN}-runtime += "${@target_selinux(d, 'pam-plugin-selinux')}"
diff --git a/recipes-extended/parted/parted_%.bbappend b/recipes-extended/parted/parted_%.bbappend
index 366fdf5..74e22b3 100644
--- a/recipes-extended/parted/parted_%.bbappend
+++ b/recipes-extended/parted/parted_%.bbappend
@@ -1,3 +1 @@
-PR .= ".2"
-
-inherit enable-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
diff --git a/recipes-extended/psmisc/psmisc_%.bbappend b/recipes-extended/psmisc/psmisc_%.bbappend
index bbb84f4..74e22b3 100644
--- a/recipes-extended/psmisc/psmisc_%.bbappend
+++ b/recipes-extended/psmisc/psmisc_%.bbappend
@@ -1,5 +1 @@
-PR .= ".2"
-
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-inherit enable-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
diff --git a/recipes-extended/sed/sed_4.2.2.bbappend b/recipes-extended/sed/sed_4.2.2.bbappend
index 7695b77..b01ad25 100644
--- a/recipes-extended/sed/sed_4.2.2.bbappend
+++ b/recipes-extended/sed/sed_4.2.2.bbappend
@@ -1,3 +1 @@
-PR .= ".3"
-
-inherit with-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/recipes-extended/shadow/shadow_%.bbappend b/recipes-extended/shadow/shadow_%.bbappend
index b7ccf40..7719d3b 100644
--- a/recipes-extended/shadow/shadow_%.bbappend
+++ b/recipes-extended/shadow/shadow_%.bbappend
@@ -1,7 +1 @@
-PR .= ".1"
-
-inherit with-selinux with-audit
-
-PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage,"
-
-FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/files:')}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-extended/shadow/shadow_selinux.inc b/recipes-extended/shadow/shadow_selinux.inc
new file mode 100644
index 0000000..496ea6a
--- /dev/null
+++ b/recipes-extended/shadow/shadow_selinux.inc
@@ -0,0 +1,6 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+inherit with-selinux with-audit
+
+PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage,"
+
diff --git a/recipes-extended/sudo/sudo_%.bbappend b/recipes-extended/sudo/sudo_%.bbappend
index 5ad8973..b01ad25 100644
--- a/recipes-extended/sudo/sudo_%.bbappend
+++ b/recipes-extended/sudo/sudo_%.bbappend
@@ -1,3 +1 @@
-PR .= ".2"
-
-inherit with-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/recipes-extended/sysklogd/sysklogd_%.bbappend b/recipes-extended/sysklogd/sysklogd_%.bbappend
index 81fe7b7..7719d3b 100644
--- a/recipes-extended/sysklogd/sysklogd_%.bbappend
+++ b/recipes-extended/sysklogd/sysklogd_%.bbappend
@@ -1 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-extended/sysklogd/sysklogd_selinux.inc b/recipes-extended/sysklogd/sysklogd_selinux.inc
new file mode 100644
index 0000000..81fe7b7
--- /dev/null
+++ b/recipes-extended/sysklogd/sysklogd_selinux.inc
@@ -0,0 +1 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
diff --git a/recipes-extended/tar/tar_%.bbappend b/recipes-extended/tar/tar_%.bbappend
index 4b48777..7719d3b 100644
--- a/recipes-extended/tar/tar_%.bbappend
+++ b/recipes-extended/tar/tar_%.bbappend
@@ -1,6 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-inherit with-selinux
-
-
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-extended/tar/tar_selinux.inc b/recipes-extended/tar/tar_selinux.inc
new file mode 100644
index 0000000..341df8b
--- /dev/null
+++ b/recipes-extended/tar/tar_selinux.inc
@@ -0,0 +1,3 @@
+inherit with-selinux
+
+PACKAGECONFIG_append = "${@bb.utils.contains('DISTRO_FEATURES', 'acl', ' acl', '', d)}"
diff --git a/recipes-graphics/mesa/mesa_%.bbappend b/recipes-graphics/mesa/mesa_%.bbappend
index 0004f71..b0b03ec 100644
--- a/recipes-graphics/mesa/mesa_%.bbappend
+++ b/recipes-graphics/mesa/mesa_%.bbappend
@@ -1,6 +1,2 @@
-inherit enable-selinux
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
 
-# But wait!  There's more!  mesa builds a host program named builtin_compiler
-# and it needs selinux, too.  We replace the PACKAGECONFIG[] in the bbclass.
-#
-PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux libselinux-native,"
diff --git a/recipes-graphics/mesa/mesa_selinux.inc b/recipes-graphics/mesa/mesa_selinux.inc
new file mode 100644
index 0000000..0004f71
--- /dev/null
+++ b/recipes-graphics/mesa/mesa_selinux.inc
@@ -0,0 +1,6 @@
+inherit enable-selinux
+
+# But wait!  There's more!  mesa builds a host program named builtin_compiler
+# and it needs selinux, too.  We replace the PACKAGECONFIG[] in the bbclass.
+#
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux libselinux-native,"
diff --git a/recipes-graphics/xcb/libxcb_%.bbappend b/recipes-graphics/xcb/libxcb_%.bbappend
index f1bd5a8..7719d3b 100644
--- a/recipes-graphics/xcb/libxcb_%.bbappend
+++ b/recipes-graphics/xcb/libxcb_%.bbappend
@@ -1,8 +1 @@
-PR .= ".1"
-
-inherit enable-selinux
-# libxcb-xselinux will not build with libselinux, so remove the depend
-PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,,"
-
-PACKAGES += "${PN}-xselinux"
-FILES_${PN}-xselinux += "${libdir}/libxcb-xselinux.so.*"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-graphics/xcb/libxcb_selinux.inc b/recipes-graphics/xcb/libxcb_selinux.inc
new file mode 100644
index 0000000..29bdadb
--- /dev/null
+++ b/recipes-graphics/xcb/libxcb_selinux.inc
@@ -0,0 +1,6 @@
+inherit enable-selinux
+# libxcb-xselinux will not build with libselinux, so remove the depend
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,,"
+
+PACKAGES += "${PN}-xselinux"
+FILES_${PN}-xselinux += "${libdir}/libxcb-xselinux.so.*"
diff --git a/recipes-kernel/linux/linux-yocto/selinux.cfg b/recipes-kernel/linux/files/selinux.cfg
index 2edd366..2edd366 100644
--- a/recipes-kernel/linux/linux-yocto/selinux.cfg
+++ b/recipes-kernel/linux/files/selinux.cfg
diff --git a/recipes-kernel/linux/linux-yocto_4.%.bbappend b/recipes-kernel/linux/linux-yocto_4.%.bbappend
index a8c0647..7719d3b 100644
--- a/recipes-kernel/linux/linux-yocto_4.%.bbappend
+++ b/recipes-kernel/linux/linux-yocto_4.%.bbappend
@@ -1,8 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-# Enable selinux support in the kernel if the feature is enabled
-SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}"
-
-# For inconsistent kallsyms data bug on ARM
-# http://lists.infradead.org/pipermail/linux-arm-kernel/2012-March/thread.html#89718
-EXTRA_OEMAKE += "${@bb.utils.contains('TARGET_ARCH', 'arm', ' KALLSYMS_EXTRA_PASS=1', '', d)}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-kernel/linux/linux-yocto_selinux.inc b/recipes-kernel/linux/linux-yocto_selinux.inc
new file mode 100644
index 0000000..3312e06
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_selinux.inc
@@ -0,0 +1,4 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+# Enable selinux support in the kernel if the feature is enabled
+SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}"
diff --git a/recipes-kernel/perf/perf.bbappend b/recipes-kernel/perf/perf.bbappend
index 93df43e..b0b03ec 100644
--- a/recipes-kernel/perf/perf.bbappend
+++ b/recipes-kernel/perf/perf.bbappend
@@ -1 +1,2 @@
-DEPENDS += " ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'audit', '', d)}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
+
diff --git a/recipes-kernel/perf/perf_selinux.inc b/recipes-kernel/perf/perf_selinux.inc
new file mode 100644
index 0000000..bed3cc2
--- /dev/null
+++ b/recipes-kernel/perf/perf_selinux.inc
@@ -0,0 +1 @@
+DEPENDS .= "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', ' audit', '', d)}"
diff --git a/recipes-support/attr/attr_%.bbappend b/recipes-support/attr/attr_%.bbappend
index 6be8191..7719d3b 100644
--- a/recipes-support/attr/attr_%.bbappend
+++ b/recipes-support/attr/attr_%.bbappend
@@ -1,5 +1 @@
-inherit selinux
-
-FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
-
-SRC_URI += "${@target_selinux(d, 'file://fix-ptest-failures-when-selinux-enabled.patch')}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-support/attr/attr_selinux.inc b/recipes-support/attr/attr_selinux.inc
new file mode 100644
index 0000000..ba0314e
--- /dev/null
+++ b/recipes-support/attr/attr_selinux.inc
@@ -0,0 +1,5 @@
+inherit selinux
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI += "file://fix-ptest-failures-when-selinux-enabled.patch"
diff --git a/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch b/recipes-support/attr/files/fix-ptest-failures-when-selinux-enabled.patch
index e1eefa7..e1eefa7 100644
--- a/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
+++ b/recipes-support/attr/files/fix-ptest-failures-when-selinux-enabled.patch
diff --git a/recipes-support/gnupg/gnupg_2.%.bbappend b/recipes-support/gnupg/gnupg_2.%.bbappend
index 12571b4..7719d3b 100644
--- a/recipes-support/gnupg/gnupg_2.%.bbappend
+++ b/recipes-support/gnupg/gnupg_2.%.bbappend
@@ -1,3 +1 @@
-inherit enable-selinux
-# gnupg will not build with libselinux, so remove the depend
-PACKAGECONFIG[selinux] = "--enable-selinux-support,--disable-selinux-support,,"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-support/gnupg/gnupg_selinux.inc b/recipes-support/gnupg/gnupg_selinux.inc
new file mode 100644
index 0000000..12571b4
--- /dev/null
+++ b/recipes-support/gnupg/gnupg_selinux.inc
@@ -0,0 +1,3 @@
+inherit enable-selinux
+# gnupg will not build with libselinux, so remove the depend
+PACKAGECONFIG[selinux] = "--enable-selinux-support,--disable-selinux-support,,"
diff --git a/recipes-support/libpcre/libpcre_%.bbappend b/recipes-support/libpcre/libpcre_%.bbappend
index ad18d61..7719d3b 100644
--- a/recipes-support/libpcre/libpcre_%.bbappend
+++ b/recipes-support/libpcre/libpcre_%.bbappend
@@ -1,14 +1 @@
-PR .= "9"
-
-do_install_append () {
-        if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
-                realsofile=`readlink ${D}${libdir}/libpcre.so`
-                mkdir -p ${D}/${base_libdir}/
-                mv -f ${D}${libdir}/libpcre.so.* ${D}${base_libdir}/
-                relpath=${@os.path.relpath("${base_libdir}", "${libdir}")}
-                ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so
-                ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so.1
-        fi
-}
-
-FILES_${PN} += "${base_libdir}/libpcre.so.*"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-support/libpcre/libpcre_selinux.inc b/recipes-support/libpcre/libpcre_selinux.inc
new file mode 100644
index 0000000..59c0184
--- /dev/null
+++ b/recipes-support/libpcre/libpcre_selinux.inc
@@ -0,0 +1,12 @@
+do_install_append () {
+        if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
+                realsofile=`readlink ${D}${libdir}/libpcre.so`
+                mkdir -p ${D}/${base_libdir}/
+                mv -f ${D}${libdir}/libpcre.so.* ${D}${base_libdir}/
+                relpath=${@os.path.relpath("${base_libdir}", "${libdir}")}
+                ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so
+                ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so.1
+        fi
+}
+
+FILES_${PN} += "${base_libdir}/libpcre.so.*"
diff --git a/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend b/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend
index 8c11cac..74e22b3 100644
--- a/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend
+++ b/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend
@@ -1 +1 @@
-inherit enable-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}