search

pycontribs / selinux

Pure-python selinux shim module for use in virtualenvs
MIT License
20 stars 19 forks source link

Can't find selinux bindings for Python3.6 on CentOS 7 #22

Closed onelapahead closed 5 years ago

onelapahead commented 5 years ago

Hey thanks for the shim, it worked great with Python 2.7 on centos 7 and not requiring site packages in my venv.

However, I was hoping to use Python 3.6 instead, but when Ansible (2.8.1) used my venv it couldn't find the bindings:

Traceback (most recent call last):
  File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 114, in <module>
    _ansiballz_main()
  File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 106, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 45, in invoke_module
    from ansible.module_utils import basic
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load
  File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 656, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 626, in _load_backward_compatible
  File "/tmp/ansible_file_payload_pvahd0cu/ansible_file_payload.zip/ansible/module_utils/basic.py", line 74, in <module>
  File "/usr/local/venv/lib/python3.6/site-packages/selinux/__init__.py", line 91, in <module>
    check_system_sitepackages()
  File "/usr/local/venv/lib/python3.6/site-packages/selinux/__init__.py", line 89, in check_system_sitepackages
    system_sitepackages)
Exception: Failed to detect selinux python bindings at ['/usr/local/lib64/python3.6/site-packages', '/usr/local/lib/python3.6/site-packages', '/usr/lib64/python3.6/site-packages', '/usr/lib/python3.6/site-packages']

Not surprising since from what I understand its because libselinux-python only provides bindings for Python 2. Based on your comment it sounded like I couldn't simply yum install the bindings, nor could I find a package to do so.

I tried building them from scratch based on what was described here for Fedora but after installing a few additional yum packages:

flex
pcre-devel
bzip2
bzip2-devel

I couldn't get past the error below even though audit-libs was installed:

seusers_local.c:11:22: fatal error: libaudit.h: No such file or directory
 #include <libaudit.h>
                      ^
compilation terminated.

I noticed in your docs that you've only tested Python 3 on Fedora but not CentOS... is this why? Do you have an idea of when these bindings might make their way into a yum package?

Thanks for the help!

ssbarnea commented 5 years ago

There is no rpm with libselinux for python36 on centos and I do not have plans to attempt to build it myself.

I know this is bad and usually translates to "use fedora28+, rhel8 or wait for centos8". The python3 support in CentOS7 is barely unusable due the lack of selinux support and AFAIK there are no plans to fix it. You may make few people happy if you manage to publish a RPM for it.

ssbarnea commented 5 years ago

This will be fixes soon as the missing libselinux-python3 rpm will be added. See

PhilipSchmid commented 4 years ago

Installing libselinux-python3 helped on CentOS 7, thanks for the hint!

Regards, Philip

lamebread commented 1 year ago

I don't understand what's wrong on my server.

python3-libselinux is installed.

$ yum list --installed | grep python3-libselinux
python3-libselinux.x86_64            2.9-5.el8                              @anaconda

But python3 does not seem to agree...

Python 3.9.7 (default, May 10 2022, 23:45:56)
[GCC 8.5.0 20210514 (Red Hat 8.5.0-10)] on linux
>>> import selinux
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/user/.local/lib/python3.9/site-packages/selinux/__init__.py", line 104, in <module>
    check_system_sitepackages()
  File "/home/user/.local/lib/python3.9/site-packages/selinux/__init__.py", line 100, in check_system_sitepackages
    raise Exception(
Exception: **Failed to detect selinux python bindings** at ['/usr/local/lib64/python3.9/site-packages', '/usr/local/lib/python3.9/site-packages', '/usr/lib64/python3.9/site-packages', '/usr/lib/python3.9/site-packages']

I don't use virtualenvs, btw.

ssbarnea commented 1 year ago

Sorry but anaconda python is for sure not installed in the same location as system python. That use case is not supported.