SELinux/Policy store

A policy store contains the SELinux policy package and system administrator modifications combined in a single, logical entity. Multiple stores can be used on a system, allowing administrators to have separate SELinux policies which can be switched (either directly or after reboot).

Policy store location
The policy store is located in in a subdirectory called after the policy store.

Pre-defined policy stores are strict, targeted, mcs and mls, but this can be fully configured by the administrator.

Policy differentiation
By allowing multiple policy stores, administrators can support different policies on a single system.

For instance, an administrator might have both strict and mcs available. The strict policy does not support MLS, whereas mcs does (but with a single security level).

Active policy store
The active policy store is configured in through the   variable:

POLICY_TYPES in make.conf
The policy stores that need to be maintained on a Gentoo system are covered by the  variable.

By default, this variable is defined in the Gentoo profile and set as follows:

Default POLICY_TYPES declaration

The variable can be overridden through the file.