After installing software, Portage already relabels the files to have the right context. However, it looks like it only sets the file type context and not the SELinux owner and role (well, role is always "object_r" so does not matter). See: # ls -Z $(qlist cowsay) system_u:object_r:bin_t:s0 /usr/bin/cowsay staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/milk.cow staff_u:object_r:bin_t:s0 /usr/bin/cowthink staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/moofasa.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/beavis.zen.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/moose.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/bong.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/mutilated.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/bud-frogs.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/ren.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/bunny.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/satanic.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/cheese.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/sheep.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/cower.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/skeleton.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/daemon.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/small.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/default.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/sodomized.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/dragon-and-cow.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/stegosaurus.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/dragon.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/stimpy.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/elephant.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/supermilker.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/elephant-in-snake.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/surgery.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/eyes.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/telebears.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/flaming-sheep.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/three-eyes.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/ghostbusters.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/turkey.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/head-in.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/turtle.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/hellokitty.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/tux.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/kiss.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/udder.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/kitty.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/vader.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/koala.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/vader-koala.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/kosh.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/www.cow staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/luke-koala.cow staff_u:object_r:man_t:s0 /usr/share/man/man1/cowsay.1.bz2 staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/mech-and-cow staff_u:object_r:man_t:s0 /usr/share/man/man1/cowthink.1.bz2 staff_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/meow.cow A force relabel (like with "rlpkg -r cowsay") results in: # ls -Z $(qlist cowsay) system_u:object_r:bin_t:s0 /usr/bin/cowsay system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/milk.cow system_u:object_r:bin_t:s0 /usr/bin/cowthink system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/moofasa.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/beavis.zen.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/moose.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/bong.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/mutilated.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/bud-frogs.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/ren.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/bunny.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/satanic.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/cheese.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/sheep.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/cower.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/skeleton.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/daemon.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/small.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/default.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/sodomized.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/dragon-and-cow.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/stegosaurus.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/dragon.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/stimpy.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/elephant.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/supermilker.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/elephant-in-snake.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/surgery.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/eyes.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/telebears.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/flaming-sheep.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/three-eyes.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/ghostbusters.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/turkey.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/head-in.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/turtle.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/hellokitty.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/tux.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/kiss.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/udder.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/kitty.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/vader.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/koala.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/vader-koala.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/kosh.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/www.cow system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/luke-koala.cow system_u:object_r:man_t:s0 /usr/share/man/man1/cowsay.1.bz2 system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/mech-and-cow system_u:object_r:man_t:s0 /usr/share/man/man1/cowthink.1.bz2 system_u:object_r:usr_t:s0 /usr/share/cowsay-3.03/cows/meow.cow It is probably just a simple fix. The problem with wrong SELinux user is that, on systems with USE="ubac" set, other SELinux users might not be able to access these resources at all. Reproducible: Always
Created attachment 390126 [details, diff] Force SELinux user during relabel Small fix to misc-functions.sh to use the "-F" option. Tested locally again and the files are now installed with the right, complete context. Can be fixed manually on systems as well (as workaround) by editing /usr/lib/portage/bin/misc-functions.sh (around line 1131).
I've posted your patch for review here: http://thread.gmane.org/gmane.linux.gentoo.portage.devel/4838
This is in the master branch now: https://github.com/gentoo/portage/commit/bcac54411c462aa59fe874325e4843f61dc71312
released in portage-2.2.14