Knowledge Base:Conflicting specifications during rlpkg

Synopsis
When trying to relabel a package (using the rlpkg tool) a message similar to the following is displayed:

Environment
This article is applicable to Gentoo Linux systems with a selinux profile:

A SElinux profile ends with.

Analysis
This is most likely caused by hard linked files. SELinux uses the extended attributes in the file system to store the security context of a file. If two separate paths point to the same file using hard links (i.e. the files share the same inode) then both files will have the same security context. rlpkg (and related applications) obtain the security context from a path value. As such, they may get two different results (different paths) for the same file (hardlinked files).

Resolution
The solution depends on the particular case; in order of most likely to happen and resolve:


 * 1) Although both files are the same, they are not used in the same context. In such cases, it is recommended to remove one of the files and then copy the other file back to the first. For example:  This way, both files have different inodes and can be labelled accordingly.
 * 2) Both files are used for the same purpose; in this case, it might be better to label the file which would not be labelled correctly (say a binary somewhere in a /usr/lib64 location) using the semanage tool:

It is also not a bad idea to report (after verifying if it has not been reported by someone else) this on Gentoo's bugzilla so that the default policies are updated accordingly.