http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2012-March/009205.html

https://bugs.gentoo.org/406819

--- shadow-4.1.5/lib/commonio.c
+++ shadow-4.1.5/lib/commonio.c
@@ -977,6 +977,12 @@ int commonio_close (struct commonio_db *
 
 	snprintf (buf, sizeof buf, "%s+", db->filename);
 
+#ifdef WITH_SELINUX
+	if (set_selinux_file_context (buf) != 0) {
+		errors++;
+	}
+#endif
+
 	db->fp = fopen_set_perms (buf, "w", &sb);
 	if (NULL == db->fp) {
 		goto fail;
@@ -1011,6 +1017,12 @@ int commonio_close (struct commonio_db *
 		goto fail;
 	}
 
+#ifdef WITH_SELINUX
+	if (reset_selinux_file_context () != 0) {
+		goto fail;
+	}
+#endif
+
 	nscd_need_reload = true;
 	goto success;
       fail: