Knowledge Base:Conflicting specifications during rlpkg
When trying to relabel a package (using the rlpkg tool) a message similar to the following is displayed:
rlpkg -a -r
filespec_add: conflicting specifications for /usr/bin/getconf and /usr/lib64/misc/glibc/getconf/XBS5_LP64_OFF64, using system_u:object_r:lib_t
This article is applicable to Gentoo Linux systems with a selinux profile:
eselect profile show
Current /etc/make.profile symlink: hardened/linux/amd64/selinux
A SElinux profile ends with
This is most likely caused by hard linked files. SELinux uses the extended attributes in the file system to store the security context of a file. If two separate paths point to the same file using hard links (i.e. the files share the same inode) then both files will have the same security context. rlpkg (and related applications) obtain the security context from a path value. As such, they may get two different results (different paths) for the same file (hardlinked files).
The solution depends on the particular case; in order of most likely to happen and resolve:
- Although both files are the same, they are not used in the same context. In such cases, it is recommended to remove one of the files and then copy the other file back to the first. For example: This way, both files have different inodes and can be labelled accordingly.
rm file_B; cp file_A file_B
- Both files are used for the same purpose; in this case, it might be better to label the file which would not be labelled correctly (say a binary somewhere in a /usr/lib64 location) using the semanage tool:
semanage fcontext -a -t correct_domain_t /usr/lib64/path/to/file
It is also not a bad idea to report (after verifying if it has not been reported by someone else) this on Gentoo's Bugzilla so that the default policies are updated accordingly.