Knowledge Base:Conflicting specifications during rlpkg

Synopsis
When trying to relabel a package (using rlpkg) you get a message similar to the following:

Environment
This article is applicable to Gentoo Linux systems with a selinux profile:

A SElinux profile ends with.

Analysis
This is most likely caused by hard linked files. Remember, SELinux uses the extended attributes in the file system to store the security context of a file. If two separate paths point to the same file using hard links (i.e. the files share the same inode) then both files will have the same security context. But rlpkg (and related applications) obtain the security context from a path value. As such, they might get two different results (different paths) for the same file (hardlinked files).

Resolution
The solution depends on the particular case; in order of most likely to happen and resolve:


 * 1) Although both files are the same, they are not used in the same context. In such cases, it is recommended to remove one of the files and then copy the other file back to the first  This way, both files have different inodes and can be labelled accordingly.
 * 2) Both files are used for the same purpose; in this case, it might be better to label the file which would not be labelled correctly (say a binary somewhere in a /usr/lib64 location) using semanage

It is also not a bad idea to report (after verifying if it hasn't been reported first) this on Gentoo's bugzilla so that the default policies are updated accordingly.