search

pycontribs / selinux

Pure-python selinux shim module for use in virtualenvs
MIT License
20 stars 19 forks source link

Change system_python variable to consider minor python version #56

Closed dmasteller4 closed 1 year ago

dmasteller4 commented 1 year ago

Similar to 'change to platform-python #48 #49', we were having an issue with python3-selinux binding looking in the wrong site packages directory when multiple versions of python are installed. This fix grabs more fields of platform.python_version_tuple(), ensuring it is getting the site packages from the python version that is actually running.

Ansible error encountered:

Note the discovered_interpreter_python is python3.8, but the selinux python bindings detection is being done under python3.7 /usr/local/lib/python3.7/site-packages

Using the commit from this PR fixed the problem for us.

fatal: [192.168.1.44]: FAILED! => changed=false 
  ansible_facts: {}
  failed_modules:
    ansible.legacy.setup:
      ansible_facts:
        discovered_interpreter_python: /usr/bin/python3.8
      exception: |-
        Traceback (most recent call last):
          File "/home/ec2-user/.ansible/tmp/ansible-tmp-1668811218.9790955-465955-71594733476064/AnsiballZ_setup.py", line 107, in <module>
            _ansiballz_main()
          File "/home/ec2-user/.ansible/tmp/ansible-tmp-1668811218.9790955-465955-71594733476064/AnsiballZ_setup.py", line 99, in _ansiballz_main
            invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
          File "/home/ec2-user/.ansible/tmp/ansible-tmp-1668811218.9790955-465955-71594733476064/AnsiballZ_setup.py", line 44, in invoke_module
            from ansible.module_utils import basic
          File "<frozen importlib._bootstrap>", line 991, in _find_and_load
          File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
          File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
          File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
          File "<frozen zipimport>", line 259, in load_module
          File "/tmp/ansible_ansible.legacy.setup_payload_tnvn_qci/ansible_ansible.legacy.setup_payload.zip/ansible/module_utils/basic.py", line 145, in <module>
          File "<frozen importlib._bootstrap>", line 991, in _find_and_load
          File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
          File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
          File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
          File "<frozen zipimport>", line 259, in load_module
          File "/tmp/ansible_ansible.legacy.setup_payload_tnvn_qci/ansible_ansible.legacy.setup_payload.zip/ansible/module_utils/common/process.py", line 9, in <module>
          File "<frozen importlib._bootstrap>", line 991, in _find_and_load
          File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
          File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
          File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
          File "<frozen zipimport>", line 259, in load_module
          File "/tmp/ansible_ansible.legacy.setup_payload_tnvn_qci/ansible_ansible.legacy.setup_payload.zip/ansible/module_utils/common/file.py", line 25, in <module>
          File "/home/ec2-user/.local/lib/python3.8/site-packages/selinux/__init__.py", line 104, in <module>
            check_system_sitepackages()
          File "/home/ec2-user/.local/lib/python3.8/site-packages/selinux/__init__.py", line 95, in check_system_sitepackages
            success = add_location(candidate)
          File "/home/ec2-user/.local/lib/python3.8/site-packages/selinux/__init__.py", line 65, in add_location
            reload(sys.modules["selinux"])
          File "/usr/lib64/python3.8/importlib/__init__.py", line 169, in reload
            _bootstrap._exec(spec, module)
          File "/usr/local/lib/python3.8/site-packages/selinux/__init__.py", line 104, in <module>
            check_system_sitepackages()
          File "/usr/local/lib/python3.8/site-packages/selinux/__init__.py", line 100, in check_system_sitepackages
            raise Exception(
        Exception: Failed to detect selinux python bindings at ['/usr/local/lib64/python3.7/site-packages', '/usr/local/lib/python3.7/site-packages', '/usr/lib64/python3.7/site-packages', '/usr/lib/python3.7/site-packages']
      failed: true
      module_stderr: |-
        Shared connection to 10.1.1.95 closed.
      module_stdout: |-
        Traceback (most recent call last):
          File "/home/ec2-user/.ansible/tmp/ansible-tmp-1668811218.9790955-465955-71594733476064/AnsiballZ_setup.py", line 107, in <module>
            _ansiballz_main()
          File "/home/ec2-user/.ansible/tmp/ansible-tmp-1668811218.9790955-465955-71594733476064/AnsiballZ_setup.py", line 99, in _ansiballz_main
            invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
          File "/home/ec2-user/.ansible/tmp/ansible-tmp-1668811218.9790955-465955-71594733476064/AnsiballZ_setup.py", line 44, in invoke_module
            from ansible.module_utils import basic
          File "<frozen importlib._bootstrap>", line 991, in _find_and_load
          File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
          File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
          File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
          File "<frozen zipimport>", line 259, in load_module
          File "/tmp/ansible_ansible.legacy.setup_payload_tnvn_qci/ansible_ansible.legacy.setup_payload.zip/ansible/module_utils/basic.py", line 145, in <module>
          File "<frozen importlib._bootstrap>", line 991, in _find_and_load
          File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
          File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
          File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
          File "<frozen zipimport>", line 259, in load_module
          File "/tmp/ansible_ansible.legacy.setup_payload_tnvn_qci/ansible_ansible.legacy.setup_payload.zip/ansible/module_utils/common/process.py", line 9, in <module>
          File "<frozen importlib._bootstrap>", line 991, in _find_and_load
          File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
          File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
          File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
          File "<frozen zipimport>", line 259, in load_module
          File "/tmp/ansible_ansible.legacy.setup_payload_tnvn_qci/ansible_ansible.legacy.setup_payload.zip/ansible/module_utils/common/file.py", line 25, in <module>
          File "/home/ec2-user/.local/lib/python3.8/site-packages/selinux/__init__.py", line 104, in <module>
            check_system_sitepackages()
          File "/home/ec2-user/.local/lib/python3.8/site-packages/selinux/__init__.py", line 95, in check_system_sitepackages
            success = add_location(candidate)
          File "/home/ec2-user/.local/lib/python3.8/site-packages/selinux/__init__.py", line 65, in add_location
            reload(sys.modules["selinux"])
          File "/usr/lib64/python3.8/importlib/__init__.py", line 169, in reload
            _bootstrap._exec(spec, module)
          File "/usr/local/lib/python3.8/site-packages/selinux/__init__.py", line 104, in <module>
            check_system_sitepackages()
          File "/usr/local/lib/python3.8/site-packages/selinux/__init__.py", line 100, in check_system_sitepackages
            raise Exception(
        Exception: Failed to detect selinux python bindings at ['/usr/local/lib64/python3.7/site-packages', '/usr/local/lib/python3.7/site-packages', '/usr/lib64/python3.7/site-packages', '/usr/lib/python3.7/site-packages']
      msg: |-
        MODULE FAILURE
        See stdout/stderr for the exact error
      rc: 1
  msg: |-
    The following modules failed to execute: ansible.legacy.setup

Fixes: #48 Fixes: #49

ghost commented 1 year ago

This change has caused a lot of issues with Ansible on our systems. We can no longer run Ansible from a Centos Stream 8 host unless we are installing Ansible in a venv created from the system Python (3.6). It would generally be fine for this to fail and not load the selinux bindings in our case because this is our Ansible controller but since this package is hard-coded to look only at /usr/bin/python... 🤷‍♂️

The 0.3.0 release has major breaking changes in it but it is a minor release made during a holiday, on a weekend. Seems like a questionable choice.