glibc's linux-specific implementation of get_nprocs (__get_nprocs in sysdeps/unix/sysv/linux/getsysstats.c" tries to read /sys/devices/system/cpu/online, which has a type of sysfs_t and is therefore not readable for many processes. As a fallback, it uses /proc/stat or /proc/cpuinfo, but they aren't accessible by everyone either.
A solution would be to flag /sys/devices/system/cpu/online as another type, e.g. "cpu_online_t", and allow everyone access to that. But this approach would require an init script for reflagging the file on each boot.
Indeed; this is also the approach that fedora takes in this matter
Is in the repository, will be in rev 13. Am contemplating where/how to push out the init script.
policycoreutils-2.1.13-r8 will provide a "selinux_gentoo" init script that includes a restorecon against the cpu/online file.
In main tree, ~arch'ed (20130424-r1 release)
Now stable in repo