https://nixos.org/ The NixOS distribution of Linux is based on having hashes of packages in the path names. /nix/store/l2b7y9waqwp4i1f03899yfsmzk8i7rid-shadow-4.5/bin/usermod /nix/store/l2b7y9waqwp4i1f03899yfsmzk8i7rid-shadow-4.5/bin/vipw /nix/store/lvrxkcf4b398nyiayknsqr44p8pl51s9-drbd-8.4.4/bin/drbdadm /nix/store/lvrxkcf4b398nyiayknsqr44p8pl51s9-drbd-8.4.4/bin/drbdsetup /nix/store/mzxhj1cxrhbqvsga4155xhw44iigwxxs-shadow-4.5-su/bin/su /nix/store/n3d4l234fppvz40jjyqlxa1jxglzbs48-xen-4.8.2/bin/xenconsoled /nix/store/n3d4l234fppvz40jjyqlxa1jxglzbs48-xen-4.8.2/bin/xenstored /nix/store/n3d4l234fppvz40jjyqlxa1jxglzbs48-xen-4.8.2/bin/xl /nix/store/n419slr5x6h4ydk2dd56nkwki7qpkf6v-fuse-2.9.7/bin/fusermount /nix/store/n419slr5x6h4ydk2dd56nkwki7qpkf6v-fuse-2.9.7/bin/mount.fuse /nix/store/pc4j7b2bvac49qmjllhw9rk0fnbr86fs-libvirt-3.10.0/bin/libvirtd /nix/store/pc4j7b2bvac49qmjllhw9rk0fnbr86fs-libvirt-3.10.0/bin/virsh /nix/store/pc4j7b2bvac49qmjllhw9rk0fnbr86fs-libvirt-3.10.0/bin/virtlockd /nix/store/pc4j7b2bvac49qmjllhw9rk0fnbr86fs-libvirt-3.10.0/bin/virtlogd /nix/store/pr94n9l1kvpiqilhjr308xbr8qmzilih-extra-utils/bin/blkid /nix/store/pr94n9l1kvpiqilhjr308xbr8qmzilih-extra-utils/bin/dmsetup /nix/store/pr94n9l1kvpiqilhjr308xbr8qmzilih-extra-utils/bin/e2fsck Above is a random sample of binaries that need labelling on a NixOS system. Before anyone asks, the naming of such paths is core to the way NixOS works, requesting a change in that regard is not viable. NixOS can run as a full OS (managing grub etc) or it can run on a system running a regular Linux distribution. Running as a full OS or as a labelled chroot are the use cases that interest me. semanage fcontext -a -e / "/nix/store/*" setfiles -r /chroot/nix /etc/selinux/default/contexts/files/file_contexts \ /chroot/nix/store -v I've written a patch to support commands like the above to label a Nix store (the above is a chroot example but the next step is to get full SE Linux support in NixOS). I've attached the patch. I don't expect this version to be accepted upstream as-is. But it's a place to start the discussion about how to approach this problem. Russell Coker PS Please use my personal address russell@coker.com.au for SE Linux discussions unrelated to NixOS.