79 files changed, 283 insertions, 301 deletions
diff --git a/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend b/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend
index c1e8ed6..b01ad25 100644
--- a/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend
+++ b/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend
@@ -1 +1 @@
-inherit with-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
index 81fe7b7..7719d3b 100644
--- a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
+++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend
@@ -1 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_selinux.inc b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_selinux.inc
new file mode 100644
index 0000000..81fe7b7
--- /dev/null
+++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_selinux.inc
@@ -0,0 +1 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
diff --git a/recipes-connectivity/bind/bind_%.bbappend b/recipes-connectivity/bind/bind_%.bbappend
index a15e045..7719d3b 100644
--- a/recipes-connectivity/bind/bind_%.bbappend
+++ b/recipes-connectivity/bind/bind_%.bbappend
@@ -1,13 +1 @@
-PR .= ".3"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
-SRC_URI += "file://volatiles.04_bind"
-do_install_append() {
-        install -d ${D}${sysconfdir}/default/volatiles
-        install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind
-        sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\
-            [ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind
-}
diff --git a/recipes-connectivity/bind/bind_selinux.inc b/recipes-connectivity/bind/bind_selinux.inc
new file mode 100644
index 0000000..1dfef8a
--- /dev/null
+++ b/recipes-connectivity/bind/bind_selinux.inc
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+SRC_URI += "file://volatiles.04_bind"
+do_install_append() {
+        install -d ${D}${sysconfdir}/default/volatiles
+        install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind
+        sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\
+            [ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind
+}
diff --git a/recipes-connectivity/dhcp/dhcp_%.bbappend b/recipes-connectivity/dhcp/dhcp_%.bbappend
index 2d2232c..7719d3b 100644
--- a/recipes-connectivity/dhcp/dhcp_%.bbappend
+++ b/recipes-connectivity/dhcp/dhcp_%.bbappend
@@ -1,3 +1 @@
-inherit selinux
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/files:')}"
diff --git a/recipes-connectivity/dhcp/dhcp_selinux.inc b/recipes-connectivity/dhcp/dhcp_selinux.inc
new file mode 100644
index 0000000..08389f1
--- /dev/null
+++ b/recipes-connectivity/dhcp/dhcp_selinux.inc
@@ -0,0 +1,3 @@
+inherit selinux
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
diff --git a/recipes-connectivity/iproute2/iproute2_%.bbappend b/recipes-connectivity/iproute2/iproute2_%.bbappend
index c866b54..7719d3b 100644
--- a/recipes-connectivity/iproute2/iproute2_%.bbappend
+++ b/recipes-connectivity/iproute2/iproute2_%.bbappend
@@ -1,9 +1 @@
-inherit with-selinux
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-do_configure_append() {
-        if ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'true', 'false', d)}; then
-                sed -i 's/\(HAVE_SELINUX:=\).*/\1y/' ${B}/Config
-        else
-                sed -i 's/\(HAVE_SELINUX:=\).*/\1n/' ${B}/Config
-        fi
-}
diff --git a/recipes-connectivity/iproute2/iproute2_selinux.inc b/recipes-connectivity/iproute2/iproute2_selinux.inc
new file mode 100644
index 0000000..b0a7ffe
--- /dev/null
+++ b/recipes-connectivity/iproute2/iproute2_selinux.inc
@@ -0,0 +1,5 @@
+inherit with-selinux
+do_configure_append() {
+        sed -i 's/\(HAVE_SELINUX:=\).*/\1y/' ${B}/Config
+}
diff --git a/recipes-connectivity/openssh/openssh_%.bbappend b/recipes-connectivity/openssh/openssh_%.bbappend
index 223b8cf..7719d3b 100644
--- a/recipes-connectivity/openssh/openssh_%.bbappend
+++ b/recipes-connectivity/openssh/openssh_%.bbappend
@@ -1,13 +1 @@
-PR .= ".5"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-inherit with-selinux
-FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/files:')}"
-# There is no distro feature just for audit.  If we want it,
-# uncomment the following.
-#
-#PACKAGECONFIG += "${@target_selinux(d, 'audit')}"
-PACKAGECONFIG[audit] = "--with-audit=linux,--without-audit,audit,"
diff --git a/recipes-connectivity/openssh/openssh_selinux.inc b/recipes-connectivity/openssh/openssh_selinux.inc
new file mode 100644
index 0000000..ebd2721
--- /dev/null
+++ b/recipes-connectivity/openssh/openssh_selinux.inc
@@ -0,0 +1,9 @@
+inherit with-selinux
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+# There is no distro feature just for audit.
+PACKAGECONFIG_append = " audit"
+PACKAGECONFIG[audit] = "--with-audit=linux,--without-audit,audit,"
diff --git a/recipes-core/busybox/busybox_%.bbappend b/recipes-core/busybox/busybox_%.bbappend
index b4935b2..7719d3b 100644
--- a/recipes-core/busybox/busybox_%.bbappend
+++ b/recipes-core/busybox/busybox_%.bbappend
@@ -1,87 +1 @@
-PR .= ".1"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-FILES_${PN} += "${libdir}/${PN}"
-# We should use sh wrappers instead of links so the commands could get correct
-# security labels
-python create_sh_wrapper_reset_alternative_vars () {
-    # We need to load the full set of busybox provides from the /etc/busybox.links
-    # Use this to see the update-alternatives with the right information
-    dvar = d.getVar('D', True)
-    pn = d.getVar('PN', True)
-    def create_sh_alternative_vars(links, target, mode):
-        import shutil
-        # Create sh wrapper template
-        fwp = open("busybox_wrapper", 'w')
-        fwp.write("#!%s" % (target))
-        os.fchmod(fwp.fileno(), mode)
-        fwp.close()
-        # Install the sh wrappers and alternatives reset to link to them
-        wpdir = os.path.join(d.getVar('libdir', True), pn)
-        wpdir_dest = '%s%s' % (dvar, wpdir)
-        if not os.path.exists(wpdir_dest):
-            os.makedirs(wpdir_dest)
-        f = open('%s%s' % (dvar, links), 'r')
-        for alt_link_name in f:
-            alt_link_name = alt_link_name.strip()
-            alt_name = os.path.basename(alt_link_name)
-            # Copy script wrapper to wp_path
-            alt_wppath = '%s%s' % (wpdir, alt_link_name)
-            alt_wppath_dest = '%s%s' % (wpdir_dest, alt_link_name) 
-            alt_wpdir_dest = os.path.dirname(alt_wppath_dest)
-            if not os.path.exists(alt_wpdir_dest):
-                os.makedirs(alt_wpdir_dest)
-            shutil.copy2("busybox_wrapper", alt_wppath_dest)
-            # Re-set alternatives
-            # Match coreutils
-            if alt_name == '[':
-                alt_name = 'lbracket'
-            d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
-            d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
-            if os.path.exists(alt_wppath_dest):
-                d.setVarFlag('ALTERNATIVE_TARGET', alt_name, alt_wppath)
-        f.close()
-        os.remove("busybox_wrapper")
-        return
-    if os.path.exists('%s/etc/busybox.links' % (dvar)):
-        create_sh_alternative_vars("/etc/busybox.links", "/bin/busybox", 0o0755)
-    else:
-        create_sh_alternative_vars("/etc/busybox.links.nosuid", "/bin/busybox.nosuid", 0o0755)
-        create_sh_alternative_vars("/etc/busybox.links.suid", "/bin/busybox.suid", 0o4755)
-}
-# Add to PACKAGEBUILDPKGD so it could override the alternatives, which are set in
-# do_package_prepend() section of busybox_*.bb.
-PACKAGEBUILDPKGD_prepend = "create_sh_wrapper_reset_alternative_vars "
-# Use sh wrappers instead of links
-pkg_postinst_${PN} () {
-        # This part of code is dedicated to the on target upgrade problem.
-        # It's known that if we don't make appropriate symlinks before update-alternatives calls,
-        # there will be errors indicating missing commands such as 'sed'.
-        # These symlinks will later be updated by update-alternatives calls.
-        test -n 2 > /dev/null || alias test='busybox test'
-        if test "x$D" = "x"; then
-                # Remove busybox.nosuid if it's a symlink, because this situation indicates
-                # that we're installing or upgrading to a one-binary busybox.
-                if test -h /bin/busybox.nosuid; then
-                        rm -f /bin/busybox.nosuid
-                fi
-                for suffix in "" ".nosuid" ".suid"; do
-                        if test -e /etc/busybox.links$suffix; then
-                                while read link; do
-                                        if test ! -e "$link"; then
-                                                # we can use busybox here because even if we are using splitted busybox
-                                                # we've made a symlink from /bin/busybox to /bin/busybox.nosuid.
-                                                busybox echo "#!/bin/busybox$suffix" > $link
-                                        fi
-                                done < /etc/busybox.links$suffix
-                        fi
-                done
-        fi
-}
diff --git a/recipes-core/busybox/busybox_selinux.inc b/recipes-core/busybox/busybox_selinux.inc
new file mode 100644
index 0000000..3f20815
--- /dev/null
+++ b/recipes-core/busybox/busybox_selinux.inc
@@ -0,0 +1,85 @@
+FILES_${PN} += "${libdir}/${PN}"
+# We should use sh wrappers instead of links so the commands could get correct
+# security labels
+python create_sh_wrapper_reset_alternative_vars () {
+    # We need to load the full set of busybox provides from the /etc/busybox.links
+    # Use this to see the update-alternatives with the right information
+    dvar = d.getVar('D', True)
+    pn = d.getVar('PN', True)
+    def create_sh_alternative_vars(links, target, mode):
+        import shutil
+        # Create sh wrapper template
+        fwp = open("busybox_wrapper", 'w')
+        fwp.write("#!%s" % (target))
+        os.fchmod(fwp.fileno(), mode)
+        fwp.close()
+        # Install the sh wrappers and alternatives reset to link to them
+        wpdir = os.path.join(d.getVar('libdir', True), pn)
+        wpdir_dest = '%s%s' % (dvar, wpdir)
+        if not os.path.exists(wpdir_dest):
+            os.makedirs(wpdir_dest)
+        f = open('%s%s' % (dvar, links), 'r')
+        for alt_link_name in f:
+            alt_link_name = alt_link_name.strip()
+            alt_name = os.path.basename(alt_link_name)
+            # Copy script wrapper to wp_path
+            alt_wppath = '%s%s' % (wpdir, alt_link_name)
+            alt_wppath_dest = '%s%s' % (wpdir_dest, alt_link_name) 
+            alt_wpdir_dest = os.path.dirname(alt_wppath_dest)
+            if not os.path.exists(alt_wpdir_dest):
+                os.makedirs(alt_wpdir_dest)
+            shutil.copy2("busybox_wrapper", alt_wppath_dest)
+            # Re-set alternatives
+            # Match coreutils
+            if alt_name == '[':
+                alt_name = 'lbracket'
+            d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
+            d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
+            if os.path.exists(alt_wppath_dest):
+                d.setVarFlag('ALTERNATIVE_TARGET', alt_name, alt_wppath)
+        f.close()
+        os.remove("busybox_wrapper")
+        return
+    if os.path.exists('%s/etc/busybox.links' % (dvar)):
+        create_sh_alternative_vars("/etc/busybox.links", "/bin/busybox", 0o0755)
+    else:
+        create_sh_alternative_vars("/etc/busybox.links.nosuid", "/bin/busybox.nosuid", 0o0755)
+        create_sh_alternative_vars("/etc/busybox.links.suid", "/bin/busybox.suid", 0o4755)
+}
+# Add to PACKAGEBUILDPKGD so it could override the alternatives, which are set in
+# do_package_prepend() section of busybox_*.bb.
+PACKAGEBUILDPKGD_prepend = "create_sh_wrapper_reset_alternative_vars "
+# Use sh wrappers instead of links
+pkg_postinst_${PN} () {
+        # This part of code is dedicated to the on target upgrade problem.
+        # It's known that if we don't make appropriate symlinks before update-alternatives calls,
+        # there will be errors indicating missing commands such as 'sed'.
+        # These symlinks will later be updated by update-alternatives calls.
+        test -n 2 > /dev/null || alias test='busybox test'
+        if test "x$D" = "x"; then
+                # Remove busybox.nosuid if it's a symlink, because this situation indicates
+                # that we're installing or upgrading to a one-binary busybox.
+                if test -h /bin/busybox.nosuid; then
+                        rm -f /bin/busybox.nosuid
+                fi
+                for suffix in "" ".nosuid" ".suid"; do
+                        if test -e /etc/busybox.links$suffix; then
+                                while read link; do
+                                        if test ! -e "$link"; then
+                                                # we can use busybox here because even if we are using splitted busybox
+                                                # we've made a symlink from /bin/busybox to /bin/busybox.nosuid.
+                                                busybox echo "#!/bin/busybox$suffix" > $link
+                                        fi
+                                done < /etc/busybox.links$suffix
+                        fi
+                done
+        fi
+}
diff --git a/recipes-core/coreutils/coreutils_%.bbappend b/recipes-core/coreutils/coreutils_%.bbappend
index c1e8ed6..7b9a2dc 100644
--- a/recipes-core/coreutils/coreutils_%.bbappend
+++ b/recipes-core/coreutils/coreutils_%.bbappend
@@ -1 +1,2 @@
-inherit with-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/recipes-core/dbus/dbus_%.bbappend b/recipes-core/dbus/dbus_%.bbappend
index 8c11cac..ee221e2 100644
--- a/recipes-core/dbus/dbus_%.bbappend
+++ b/recipes-core/dbus/dbus_%.bbappend
@@ -1 +1,2 @@
-inherit enable-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
diff --git a/recipes-core/eudev/eudev_%.bbappend b/recipes-core/eudev/eudev_%.bbappend
index e1e7cd1..b0b03ec 100644
--- a/recipes-core/eudev/eudev_%.bbappend
+++ b/recipes-core/eudev/eudev_%.bbappend
@@ -1,3 +1,2 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-inherit enable-selinux
diff --git a/recipes-core/eudev/eudev_selinux.inc b/recipes-core/eudev/eudev_selinux.inc
new file mode 100644
index 0000000..2ad6b13
--- /dev/null
+++ b/recipes-core/eudev/eudev_selinux.inc
@@ -0,0 +1,3 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+inherit enable-selinux
diff --git a/recipes-core/eudev/eudev/init b/recipes-core/eudev/files/init
index ee64f86..ee64f86 100644
--- a/recipes-core/eudev/eudev/init
+++ b/recipes-core/eudev/files/init
diff --git a/recipes-core/eudev/eudev/udev-cache b/recipes-core/eudev/files/udev-cache
index 6898577..6898577 100644
--- a/recipes-core/eudev/eudev/udev-cache
+++ b/recipes-core/eudev/files/udev-cache
diff --git a/recipes-core/glib-2.0/glib-2.0_%.bbappend b/recipes-core/glib-2.0/glib-2.0_%.bbappend
index 8c11cac..74e22b3 100644
--- a/recipes-core/glib-2.0/glib-2.0_%.bbappend
+++ b/recipes-core/glib-2.0/glib-2.0_%.bbappend
@@ -1 +1 @@
-inherit enable-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
diff --git a/recipes-core/initscripts/initscripts/devpts.sh b/recipes-core/initscripts/files/devpts.sh
index a0b037f..a0b037f 100755
--- a/recipes-core/initscripts/initscripts/devpts.sh
+++ b/recipes-core/initscripts/files/devpts.sh
diff --git a/recipes-core/initscripts/initscripts-1.0_selinux.inc b/recipes-core/initscripts/initscripts-1.0_selinux.inc
new file mode 100644
index 0000000..6e8a9b6
--- /dev/null
+++ b/recipes-core/initscripts/initscripts-1.0_selinux.inc
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+do_install_append () {
+        cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh
+touch /var/log/lastlog
+test ! -x /sbin/restorecon || /sbin/restorecon -iRF /var/volatile/ /var/lib /run \
+    /etc/resolv.conf /etc/adjtime
+EOF
+        sed -i '/mount -n -o remount,$rootmode/i\test ! -x /sbin/restorecon || /sbin/restorecon -iRF /run' \
+            ${D}${sysconfdir}/init.d/checkroot.sh
+}
diff --git a/recipes-core/initscripts/initscripts_1.0.bbappend b/recipes-core/initscripts/initscripts_1.0.bbappend
index 0fc7a5e..4f9950b 100644
--- a/recipes-core/initscripts/initscripts_1.0.bbappend
+++ b/recipes-core/initscripts/initscripts_1.0.bbappend
@@ -1,13 +1 @@
-PR .= ".3"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'initscripts-1.0_selinux.inc', '', d)}
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-do_install_append () {
-        cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh
-touch /var/log/lastlog
-test ! -x /sbin/restorecon || /sbin/restorecon -iRF /var/volatile/ /var/lib /run \
-    /etc/resolv.conf /etc/adjtime
-EOF
-        sed -i '/mount -n -o remount,$rootmode/i\test ! -x /sbin/restorecon || /sbin/restorecon -iRF /run' \
-            ${D}${sysconfdir}/init.d/checkroot.sh
-}
diff --git a/recipes-core/libcgroup/libcgroup_%.bbappend b/recipes-core/libcgroup/libcgroup_%.bbappend
index b7e0c5f..7719d3b 100644
--- a/recipes-core/libcgroup/libcgroup_%.bbappend
+++ b/recipes-core/libcgroup/libcgroup_%.bbappend
@@ -1,12 +1 @@
-PR .= ".3"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-EXTRA_OECONF_virtclass-native = "--enable-pam=no"
-do_install_append() {
-        test ! -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 || {
-                mv -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 ${D}${base_libdir}/security/pam_cgroup.so
-                rm -f ${D}${base_libdir}/security/pam_cgroup.so.*
-        }
-}
-BBCLASSEXTEND = "native"
diff --git a/recipes-core/libcgroup/libcgroup_selinux.inc b/recipes-core/libcgroup/libcgroup_selinux.inc
new file mode 100644
index 0000000..f81188f
--- /dev/null
+++ b/recipes-core/libcgroup/libcgroup_selinux.inc
@@ -0,0 +1,10 @@
+EXTRA_OECONF_virtclass-native = "--enable-pam=no"
+do_install_append() {
+        test ! -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 || {
+                mv -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 ${D}${base_libdir}/security/pam_cgroup.so
+                rm -f ${D}${base_libdir}/security/pam_cgroup.so.*
+        }
+}
+BBCLASSEXTEND = "native"
diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend
index f1bdaf8..5ac3adb 100644
--- a/recipes-core/systemd/systemd_%.bbappend
+++ b/recipes-core/systemd/systemd_%.bbappend
@@ -1 +1 @@
-inherit enable-audit
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)}
diff --git a/recipes-core/sysvinit/sysvinit-2.88dsf/sysvinit-fix-is_selinux_enabled.patch b/recipes-core/sysvinit/files/sysvinit-fix-is_selinux_enabled.patch
index 62703b1..62703b1 100644
--- a/recipes-core/sysvinit/sysvinit-2.88dsf/sysvinit-fix-is_selinux_enabled.patch
+++ b/recipes-core/sysvinit/files/sysvinit-fix-is_selinux_enabled.patch
diff --git a/recipes-core/sysvinit/sysvinit-2.88dsf_selinux.inc b/recipes-core/sysvinit/sysvinit-2.88dsf_selinux.inc
new file mode 100644
index 0000000..fcfbdb7
--- /dev/null
+++ b/recipes-core/sysvinit/sysvinit-2.88dsf_selinux.inc
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+B = "${S}"
+SRC_URI += "file://sysvinit-fix-is_selinux_enabled.patch"
+inherit selinux
+DEPENDS += "${LIBSELINUX}"
+EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}"
diff --git a/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend b/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend
index 636dc5e..9df30b6 100644
--- a/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend
+++ b/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend
@@ -1,14 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'sysvinit-2.88dsf_selinux.inc', '', d)}
-B = "${S}"
-SRC_URI += "file://sysvinit-fix-is_selinux_enabled.patch"
-inherit selinux
-DEPENDS += "${LIBSELINUX}"
-EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}"
-PR .= ".2"
diff --git a/recipes-core/util-linux/util-linux_%.bbappend b/recipes-core/util-linux/util-linux_%.bbappend
index 7695b77..b01ad25 100644
--- a/recipes-core/util-linux/util-linux_%.bbappend
+++ b/recipes-core/util-linux/util-linux_%.bbappend
@@ -1,3 +1 @@
-PR .= ".3"
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
-inherit with-selinux
diff --git a/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend b/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend
index 7acaf48..7719d3b 100644
--- a/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend
+++ b/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend
@@ -1,2 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-SRC_URI += "file://misc_create_inode.c-label_rootfs.patch"
diff --git a/recipes-devtools/e2fsprogs/e2fsprogs_selinux.inc b/recipes-devtools/e2fsprogs/e2fsprogs_selinux.inc
new file mode 100644
index 0000000..9cbb7fe
--- /dev/null
+++ b/recipes-devtools/e2fsprogs/e2fsprogs_selinux.inc
@@ -0,0 +1,3 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+SRC_URI += "file://misc_create_inode.c-label_rootfs.patch"
diff --git a/recipes-devtools/e2fsprogs/e2fsprogs/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch b/recipes-devtools/e2fsprogs/files/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch
index b87c414..b87c414 100644
--- a/recipes-devtools/e2fsprogs/e2fsprogs/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch
+++ b/recipes-devtools/e2fsprogs/files/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch
diff --git a/recipes-devtools/e2fsprogs/e2fsprogs/misc_create_inode.c-label_rootfs.patch b/recipes-devtools/e2fsprogs/files/misc_create_inode.c-label_rootfs.patch
index 1de0dde..1de0dde 100644
--- a/recipes-devtools/e2fsprogs/e2fsprogs/misc_create_inode.c-label_rootfs.patch
+++ b/recipes-devtools/e2fsprogs/files/misc_create_inode.c-label_rootfs.patch
diff --git a/recipes-devtools/prelink/prelink_git.bbappend b/recipes-devtools/prelink/prelink_git.bbappend
index 366fdf5..74e22b3 100644
--- a/recipes-devtools/prelink/prelink_git.bbappend
+++ b/recipes-devtools/prelink/prelink_git.bbappend
@@ -1,3 +1 @@
-PR .= ".2"
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
-inherit enable-selinux
diff --git a/recipes-devtools/python/python/sitecustomize.py b/recipes-devtools/python/files/sitecustomize.py
index d2b71fa..d2b71fa 100644
--- a/recipes-devtools/python/python/sitecustomize.py
+++ b/recipes-devtools/python/files/sitecustomize.py
diff --git a/recipes-devtools/python/python_%.bbappend b/recipes-devtools/python/python_%.bbappend
index 9eefd2d..7719d3b 100644
--- a/recipes-devtools/python/python_%.bbappend
+++ b/recipes-devtools/python/python_%.bbappend
@@ -1,3 +1 @@
-inherit selinux
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-# If selinux enabled, disable handlers to rw command history file
-FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/${PN}:')}"
diff --git a/recipes-devtools/python/python_selinux.inc b/recipes-devtools/python/python_selinux.inc
new file mode 100644
index 0000000..bb54a90
--- /dev/null
+++ b/recipes-devtools/python/python_selinux.inc
@@ -0,0 +1,5 @@
+# If selinux enabled, disable handlers to rw command history file
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+inherit selinux
diff --git a/recipes-devtools/rpm/rpm_%.bbappend b/recipes-devtools/rpm/rpm_%.bbappend
index 9f3ec90..7719d3b 100644
--- a/recipes-devtools/rpm/rpm_%.bbappend
+++ b/recipes-devtools/rpm/rpm_%.bbappend
@@ -1,4 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-inherit with-selinux
-PACKAGECONFIG[selinux] = "${WITH_SELINUX},${WITHOUT_SELINUX},libsemanage,"
diff --git a/recipes-devtools/rpm/rpm_selinux.inc b/recipes-devtools/rpm/rpm_selinux.inc
new file mode 100644
index 0000000..983dda7
--- /dev/null
+++ b/recipes-devtools/rpm/rpm_selinux.inc
@@ -0,0 +1,2 @@
+inherit with-selinux
+PACKAGECONFIG[selinux] = "${WITH_SELINUX},${WITHOUT_SELINUX},libsemanage,"
diff --git a/recipes-extended/at/at_%.bbappend b/recipes-extended/at/at_%.bbappend
index c1e8ed6..b01ad25 100644
--- a/recipes-extended/at/at_%.bbappend
+++ b/recipes-extended/at/at_%.bbappend
@@ -1 +1 @@
-inherit with-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/recipes-extended/cronie/cronie_%.bbappend b/recipes-extended/cronie/cronie_%.bbappend
index a398bec..cfa56ca 100644
--- a/recipes-extended/cronie/cronie_%.bbappend
+++ b/recipes-extended/cronie/cronie_%.bbappend
@@ -1,3 +1,2 @@
-PR .= ".2"
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-audit', '', d)}
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
-inherit with-selinux with-audit
diff --git a/recipes-extended/findutils/findutils_4.6.%.bbappend b/recipes-extended/findutils/findutils_4.6.%.bbappend
index a24a14f..b01ad25 100644
--- a/recipes-extended/findutils/findutils_4.6.%.bbappend
+++ b/recipes-extended/findutils/findutils_4.6.%.bbappend
@@ -1,2 +1 @@
-inherit with-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
diff --git a/recipes-extended/logrotate/logrotate_%.bbappend b/recipes-extended/logrotate/logrotate_%.bbappend
index 1bdca98..7719d3b 100644
--- a/recipes-extended/logrotate/logrotate_%.bbappend
+++ b/recipes-extended/logrotate/logrotate_%.bbappend
@@ -1,5 +1 @@
-inherit selinux
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-DEPENDS += "${LIBSELINUX}"
-EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}"
diff --git a/recipes-extended/logrotate/logrotate_selinux.inc b/recipes-extended/logrotate/logrotate_selinux.inc
new file mode 100644
index 0000000..1bdca98
--- /dev/null
+++ b/recipes-extended/logrotate/logrotate_selinux.inc
@@ -0,0 +1,5 @@
+inherit selinux
+DEPENDS += "${LIBSELINUX}"
+EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}"
diff --git a/recipes-extended/lsof/lsof_%.bbappend b/recipes-extended/lsof/lsof_%.bbappend
index 793b13f..7719d3b 100644
--- a/recipes-extended/lsof/lsof_%.bbappend
+++ b/recipes-extended/lsof/lsof_%.bbappend
@@ -1,16 +1 @@
-PR .= ".2"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-inherit selinux
-DEPENDS += "${LIBSELINUX}"
-do_configure_prepend () {
-        export LINUX_HASSELINUX="${@target_selinux(d, 'Y', 'N')}"
-        export LSOF_CFGF="${CFLAGS}"
-        export LSOF_CFGL="${LDFLAGS}"
-        export LSOF_CC="${BUILD_CC}"
-}
-do_compile () {
-        oe_runmake 'CC=${CC}' 'DEBUG='
-}
diff --git a/recipes-extended/lsof/lsof_selinux.inc b/recipes-extended/lsof/lsof_selinux.inc
new file mode 100644
index 0000000..6691b4c
--- /dev/null
+++ b/recipes-extended/lsof/lsof_selinux.inc
@@ -0,0 +1,14 @@
+inherit selinux
+DEPENDS += "${LIBSELINUX}"
+do_configure_prepend () {
+        export LINUX_HASSELINUX="${@target_selinux(d, 'Y', 'N')}"
+        export LSOF_CFGF="${CFLAGS}"
+        export LSOF_CFGL="${LDFLAGS}"
+        export LSOF_CC="${BUILD_CC}"
+}
+do_compile () {
+        oe_runmake 'CC=${CC}' 'DEBUG='
+}
diff --git a/recipes-extended/net-tools/net-tools/netstat-selinux-support.patch b/recipes-extended/net-tools/files/netstat-selinux-support.patch
index f089041..f089041 100644
--- a/recipes-extended/net-tools/net-tools/netstat-selinux-support.patch
+++ b/recipes-extended/net-tools/files/netstat-selinux-support.patch
diff --git a/recipes-extended/net-tools/net-tools_%.bbappend b/recipes-extended/net-tools/net-tools_%.bbappend
index e99a5bc..7719d3b 100644
--- a/recipes-extended/net-tools/net-tools_%.bbappend
+++ b/recipes-extended/net-tools/net-tools_%.bbappend
@@ -1,11 +1 @@
-PR .= ".2"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-SRC_URI += "file://netstat-selinux-support.patch"
-inherit selinux
-DEPENDS += "${LIBSELINUX}"
-EXTRA_OEMAKE += "${@target_selinux(d, 'HAVE_SELINUX=1', 'HAVE_SELINUX=0')}"
diff --git a/recipes-extended/net-tools/net-tools_selinux.inc b/recipes-extended/net-tools/net-tools_selinux.inc
new file mode 100644
index 0000000..cc3196f
--- /dev/null
+++ b/recipes-extended/net-tools/net-tools_selinux.inc
@@ -0,0 +1,9 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+SRC_URI += "file://netstat-selinux-support.patch"
+inherit selinux
+DEPENDS += "${LIBSELINUX}"
+EXTRA_OEMAKE += "${@target_selinux(d, 'HAVE_SELINUX=1', 'HAVE_SELINUX=0')}"
diff --git a/recipes-extended/pam/libpam_%.bbappend b/recipes-extended/pam/libpam_%.bbappend
index adcf938..7719d3b 100644
--- a/recipes-extended/pam/libpam_%.bbappend
+++ b/recipes-extended/pam/libpam_%.bbappend
@@ -1,3 +1 @@
-inherit enable-selinux
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-RDEPENDS_${PN}-runtime += "${@target_selinux(d, 'pam-plugin-selinux')}"
diff --git a/recipes-extended/pam/libpam_selinux.inc b/recipes-extended/pam/libpam_selinux.inc
new file mode 100644
index 0000000..adcf938
--- /dev/null
+++ b/recipes-extended/pam/libpam_selinux.inc
@@ -0,0 +1,3 @@
+inherit enable-selinux
+RDEPENDS_${PN}-runtime += "${@target_selinux(d, 'pam-plugin-selinux')}"
diff --git a/recipes-extended/parted/parted_%.bbappend b/recipes-extended/parted/parted_%.bbappend
index 366fdf5..74e22b3 100644
--- a/recipes-extended/parted/parted_%.bbappend
+++ b/recipes-extended/parted/parted_%.bbappend
@@ -1,3 +1 @@
-PR .= ".2"
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
-inherit enable-selinux
diff --git a/recipes-extended/psmisc/psmisc_%.bbappend b/recipes-extended/psmisc/psmisc_%.bbappend
index bbb84f4..74e22b3 100644
--- a/recipes-extended/psmisc/psmisc_%.bbappend
+++ b/recipes-extended/psmisc/psmisc_%.bbappend
@@ -1,5 +1 @@
-PR .= ".2"
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-inherit enable-selinux
diff --git a/recipes-extended/sed/sed_4.2.2.bbappend b/recipes-extended/sed/sed_4.2.2.bbappend
index 7695b77..b01ad25 100644
--- a/recipes-extended/sed/sed_4.2.2.bbappend
+++ b/recipes-extended/sed/sed_4.2.2.bbappend
@@ -1,3 +1 @@
-PR .= ".3"
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
-inherit with-selinux
diff --git a/recipes-extended/shadow/shadow_%.bbappend b/recipes-extended/shadow/shadow_%.bbappend
index b7ccf40..7719d3b 100644
--- a/recipes-extended/shadow/shadow_%.bbappend
+++ b/recipes-extended/shadow/shadow_%.bbappend
@@ -1,7 +1 @@
-PR .= ".1"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-inherit with-selinux with-audit
-PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage,"
-FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/files:')}"
diff --git a/recipes-extended/shadow/shadow_selinux.inc b/recipes-extended/shadow/shadow_selinux.inc
new file mode 100644
index 0000000..496ea6a
--- /dev/null
+++ b/recipes-extended/shadow/shadow_selinux.inc
@@ -0,0 +1,6 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+inherit with-selinux with-audit
+PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage,"
diff --git a/recipes-extended/sudo/sudo_%.bbappend b/recipes-extended/sudo/sudo_%.bbappend
index 5ad8973..b01ad25 100644
--- a/recipes-extended/sudo/sudo_%.bbappend
+++ b/recipes-extended/sudo/sudo_%.bbappend
@@ -1,3 +1 @@
-PR .= ".2"
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)}
-inherit with-selinux
diff --git a/recipes-extended/sysklogd/sysklogd_%.bbappend b/recipes-extended/sysklogd/sysklogd_%.bbappend
index 81fe7b7..7719d3b 100644
--- a/recipes-extended/sysklogd/sysklogd_%.bbappend
+++ b/recipes-extended/sysklogd/sysklogd_%.bbappend
@@ -1 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-extended/sysklogd/sysklogd_selinux.inc b/recipes-extended/sysklogd/sysklogd_selinux.inc
new file mode 100644
index 0000000..81fe7b7
--- /dev/null
+++ b/recipes-extended/sysklogd/sysklogd_selinux.inc
@@ -0,0 +1 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
diff --git a/recipes-extended/tar/tar_%.bbappend b/recipes-extended/tar/tar_%.bbappend
index 4b48777..7719d3b 100644
--- a/recipes-extended/tar/tar_%.bbappend
+++ b/recipes-extended/tar/tar_%.bbappend
@@ -1,6 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-inherit with-selinux
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)}"
diff --git a/recipes-extended/tar/tar_selinux.inc b/recipes-extended/tar/tar_selinux.inc
new file mode 100644
index 0000000..341df8b
--- /dev/null
+++ b/recipes-extended/tar/tar_selinux.inc
@@ -0,0 +1,3 @@
+inherit with-selinux
+PACKAGECONFIG_append = "${@bb.utils.contains('DISTRO_FEATURES', 'acl', ' acl', '', d)}"
diff --git a/recipes-graphics/mesa/mesa_%.bbappend b/recipes-graphics/mesa/mesa_%.bbappend
index 0004f71..b0b03ec 100644
--- a/recipes-graphics/mesa/mesa_%.bbappend
+++ b/recipes-graphics/mesa/mesa_%.bbappend
@@ -1,6 +1,2 @@
-inherit enable-selinux
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-# But wait!  There's more!  mesa builds a host program named builtin_compiler
-# and it needs selinux, too.  We replace the PACKAGECONFIG[] in the bbclass.
-#
-PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux libselinux-native,"
diff --git a/recipes-graphics/mesa/mesa_selinux.inc b/recipes-graphics/mesa/mesa_selinux.inc
new file mode 100644
index 0000000..0004f71
--- /dev/null
+++ b/recipes-graphics/mesa/mesa_selinux.inc
@@ -0,0 +1,6 @@
+inherit enable-selinux
+# But wait!  There's more!  mesa builds a host program named builtin_compiler
+# and it needs selinux, too.  We replace the PACKAGECONFIG[] in the bbclass.
+#
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux libselinux-native,"
diff --git a/recipes-graphics/xcb/libxcb_%.bbappend b/recipes-graphics/xcb/libxcb_%.bbappend
index f1bd5a8..7719d3b 100644
--- a/recipes-graphics/xcb/libxcb_%.bbappend
+++ b/recipes-graphics/xcb/libxcb_%.bbappend
@@ -1,8 +1 @@
-PR .= ".1"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-inherit enable-selinux
-# libxcb-xselinux will not build with libselinux, so remove the depend
-PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,,"
-PACKAGES += "${PN}-xselinux"
-FILES_${PN}-xselinux += "${libdir}/libxcb-xselinux.so.*"
diff --git a/recipes-graphics/xcb/libxcb_selinux.inc b/recipes-graphics/xcb/libxcb_selinux.inc
new file mode 100644
index 0000000..29bdadb
--- /dev/null
+++ b/recipes-graphics/xcb/libxcb_selinux.inc
@@ -0,0 +1,6 @@
+inherit enable-selinux
+# libxcb-xselinux will not build with libselinux, so remove the depend
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,,"
+PACKAGES += "${PN}-xselinux"
+FILES_${PN}-xselinux += "${libdir}/libxcb-xselinux.so.*"
diff --git a/recipes-kernel/linux/linux-yocto/selinux.cfg b/recipes-kernel/linux/files/selinux.cfg
index 2edd366..2edd366 100644
--- a/recipes-kernel/linux/linux-yocto/selinux.cfg
+++ b/recipes-kernel/linux/files/selinux.cfg
diff --git a/recipes-kernel/linux/linux-yocto_4.%.bbappend b/recipes-kernel/linux/linux-yocto_4.%.bbappend
index a8c0647..7719d3b 100644
--- a/recipes-kernel/linux/linux-yocto_4.%.bbappend
+++ b/recipes-kernel/linux/linux-yocto_4.%.bbappend
@@ -1,8 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-# Enable selinux support in the kernel if the feature is enabled
-SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}"
-# For inconsistent kallsyms data bug on ARM
-# http://lists.infradead.org/pipermail/linux-arm-kernel/2012-March/thread.html#89718
-EXTRA_OEMAKE += "${@bb.utils.contains('TARGET_ARCH', 'arm', ' KALLSYMS_EXTRA_PASS=1', '', d)}"
diff --git a/recipes-kernel/linux/linux-yocto_selinux.inc b/recipes-kernel/linux/linux-yocto_selinux.inc
new file mode 100644
index 0000000..3312e06
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_selinux.inc
@@ -0,0 +1,4 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+# Enable selinux support in the kernel if the feature is enabled
+SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}"
diff --git a/recipes-kernel/perf/perf.bbappend b/recipes-kernel/perf/perf.bbappend
index 93df43e..b0b03ec 100644
--- a/recipes-kernel/perf/perf.bbappend
+++ b/recipes-kernel/perf/perf.bbappend
@@ -1 +1,2 @@
-DEPENDS += " ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'audit', '', d)}"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
diff --git a/recipes-kernel/perf/perf_selinux.inc b/recipes-kernel/perf/perf_selinux.inc
new file mode 100644
index 0000000..bed3cc2
--- /dev/null
+++ b/recipes-kernel/perf/perf_selinux.inc
@@ -0,0 +1 @@
+DEPENDS .= "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', ' audit', '', d)}"
diff --git a/recipes-support/attr/attr_%.bbappend b/recipes-support/attr/attr_%.bbappend
index 6be8191..7719d3b 100644
--- a/recipes-support/attr/attr_%.bbappend
+++ b/recipes-support/attr/attr_%.bbappend
@@ -1,5 +1 @@
-inherit selinux
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
-SRC_URI += "${@target_selinux(d, 'file://fix-ptest-failures-when-selinux-enabled.patch')}"
diff --git a/recipes-support/attr/attr_selinux.inc b/recipes-support/attr/attr_selinux.inc
new file mode 100644
index 0000000..ba0314e
--- /dev/null
+++ b/recipes-support/attr/attr_selinux.inc
@@ -0,0 +1,5 @@
+inherit selinux
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+SRC_URI += "file://fix-ptest-failures-when-selinux-enabled.patch"
diff --git a/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch b/recipes-support/attr/files/fix-ptest-failures-when-selinux-enabled.patch
index e1eefa7..e1eefa7 100644
--- a/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
+++ b/recipes-support/attr/files/fix-ptest-failures-when-selinux-enabled.patch
diff --git a/recipes-support/gnupg/gnupg_2.%.bbappend b/recipes-support/gnupg/gnupg_2.%.bbappend
index 12571b4..7719d3b 100644
--- a/recipes-support/gnupg/gnupg_2.%.bbappend
+++ b/recipes-support/gnupg/gnupg_2.%.bbappend
@@ -1,3 +1 @@
-inherit enable-selinux
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-# gnupg will not build with libselinux, so remove the depend
-PACKAGECONFIG[selinux] = "--enable-selinux-support,--disable-selinux-support,,"
diff --git a/recipes-support/gnupg/gnupg_selinux.inc b/recipes-support/gnupg/gnupg_selinux.inc
new file mode 100644
index 0000000..12571b4
--- /dev/null
+++ b/recipes-support/gnupg/gnupg_selinux.inc
@@ -0,0 +1,3 @@
+inherit enable-selinux
+# gnupg will not build with libselinux, so remove the depend
+PACKAGECONFIG[selinux] = "--enable-selinux-support,--disable-selinux-support,,"
diff --git a/recipes-support/libpcre/libpcre_%.bbappend b/recipes-support/libpcre/libpcre_%.bbappend
index ad18d61..7719d3b 100644
--- a/recipes-support/libpcre/libpcre_%.bbappend
+++ b/recipes-support/libpcre/libpcre_%.bbappend
@@ -1,14 +1 @@
-PR .= "9"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)}
-do_install_append () {
-        if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
-                realsofile=`readlink ${D}${libdir}/libpcre.so`
-                mkdir -p ${D}/${base_libdir}/
-                mv -f ${D}${libdir}/libpcre.so.* ${D}${base_libdir}/
-                relpath=${@os.path.relpath("${base_libdir}", "${libdir}")}
-                ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so
-                ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so.1
-        fi
-}
-FILES_${PN} += "${base_libdir}/libpcre.so.*"
diff --git a/recipes-support/libpcre/libpcre_selinux.inc b/recipes-support/libpcre/libpcre_selinux.inc
new file mode 100644
index 0000000..59c0184
--- /dev/null
+++ b/recipes-support/libpcre/libpcre_selinux.inc
@@ -0,0 +1,12 @@
+do_install_append () {
+        if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
+                realsofile=`readlink ${D}${libdir}/libpcre.so`
+                mkdir -p ${D}/${base_libdir}/
+                mv -f ${D}${libdir}/libpcre.so.* ${D}${base_libdir}/
+                relpath=${@os.path.relpath("${base_libdir}", "${libdir}")}
+                ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so
+                ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so.1
+        fi
+}
+FILES_${PN} += "${base_libdir}/libpcre.so.*"
diff --git a/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend b/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend
index 8c11cac..74e22b3 100644
--- a/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend
+++ b/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend
@@ -1 +1 @@
-inherit enable-selinux
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}