Summary
I tried to run the following command:
- local_action: copy content={{ test.stdout_lines }} dest=/home/user/ansible/ansible/files/ttt.{{inventory_hostname}}.txt
ansible shows error on «msg»: «Aborting, target uses selinux but python bindings (libselinux-python) aren’t installed!»
Then I decided to install selinux using pip, and when I ran the playbook again it shows the below:
ERROR! Unexpected Exception, this is probably a bug: Failed to detect selinux python bindings at ['/usr/local/lib/python3.8/site-packages']
the full traceback was:
Traceback (most recent call last):
File "/home/user1/ansible/bin/ansible-playbook", line 92, in <module>
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/home/user1/ansible/lib/python3.8/site-packages/ansible/cli/__init__.py", line 24, in <module>
from ansible.parsing.dataloader import DataLoader
File "/home/user1/ansible/lib/python3.8/site-packages/ansible/parsing/dataloader.py", line 17, in <module>
from ansible.module_utils.basic import is_executable
File "/home/user1/ansible/lib/python3.8/site-packages/ansible/module_utils/basic.py", line 77, in <module>
import selinux
File "/home/user1/ansible/lib/python3.8/site-packages/selinux/__init__.py", line 104, in <module>
check_system_sitepackages()
File "/home/user1/ansible/lib/python3.8/site-packages/selinux/__init__.py", line 100, in check_system_sitepackages
raise Exception(
Exception: Failed to detect selinux python bindings at ['/usr/local/lib/python3.8/site-packages']
(ansible) [user1@ztp ansible]$
Issue Type
Bug Report
Component Name
pip
Ansible Version
$ ansible --version 2.10.5 Running ansible --version output the same error above, it doesn't show the normal output.
Configuration
$ ansible-config dump --only-changed It doesn't work at all, the error appears and the dump doesn't shows.
OS / Environment
CentOS 7
Steps to Reproduce
tasks: - name: run command junipernetworks.junos.junos_command: commands: - show interfaces terse register: test - local_action: copy content={{ test.stdout_lines }} dest=/home/user/ansible/ansible/files/ttt.{{inventory_hostname}}.txt
Expected Results
The register value test copied to the destination.
Actual Results
ERROR! Unexpected Exception, this is probably a bug: Failed to detect selinux python bindings at ['/usr/local/lib/python3.8/site-packages'] the full traceback was: Traceback (most recent call last): File "/home/user1/ansible/bin/ansible-playbook", line 92, in <module> mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass) File "/home/user1/ansible/lib/python3.8/site-packages/ansible/cli/__init__.py", line 24, in <module> from ansible.parsing.dataloader import DataLoader File "/home/user1/ansible/lib/python3.8/site-packages/ansible/parsing/dataloader.py", line 17, in <module> from ansible.module_utils.basic import is_executable File "/home/user1/ansible/lib/python3.8/site-packages/ansible/module_utils/basic.py", line 77, in <module> import selinux File "/home/user1/ansible/lib/python3.8/site-packages/selinux/__init__.py", line 104, in <module> check_system_sitepackages() File "/home/user1/ansible/lib/python3.8/site-packages/selinux/__init__.py", line 100, in check_system_sitepackages raise Exception( Exception: Failed to detect selinux python bindings at ['/usr/local/lib/python3.8/site-packages'] (ansible) [user1@ztp ansible]$
Code of Conduct
- I agree to follow the Ansible Code of Conduct
Hey thanks for the shim, it worked great with Python 2.7 on centos 7 and not requiring site packages in my venv.
However, I was hoping to use Python 3.6 instead, but when Ansible (2.8.1) used my venv it couldn’t find the bindings:
Traceback (most recent call last):
File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 114, in <module>
_ansiballz_main()
File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 106, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 45, in invoke_module
from ansible.module_utils import basic
File "<frozen importlib._bootstrap>", line 971, in _find_and_load
File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 656, in _load_unlocked
File "<frozen importlib._bootstrap>", line 626, in _load_backward_compatible
File "/tmp/ansible_file_payload_pvahd0cu/ansible_file_payload.zip/ansible/module_utils/basic.py", line 74, in <module>
File "/usr/local/venv/lib/python3.6/site-packages/selinux/__init__.py", line 91, in <module>
check_system_sitepackages()
File "/usr/local/venv/lib/python3.6/site-packages/selinux/__init__.py", line 89, in check_system_sitepackages
system_sitepackages)
Exception: Failed to detect selinux python bindings at ['/usr/local/lib64/python3.6/site-packages', '/usr/local/lib/python3.6/site-packages', '/usr/lib64/python3.6/site-packages', '/usr/lib/python3.6/site-packages']
Not surprising since from what I understand its because libselinux-python only provides bindings for Python 2. Based on your comment it sounded like I couldn’t simply yum install the bindings, nor could I find a package to do so.
I tried building them from scratch based on what was described here for Fedora but after installing a few additional yum packages:
flex
pcre-devel
bzip2
bzip2-devel
I couldn’t get past the error below even though audit-libs was installed:
seusers_local.c:11:22: fatal error: libaudit.h: No such file or directory
#include <libaudit.h>
^
compilation terminated.
I noticed in your docs that you’ve only tested Python 3 on Fedora but not CentOS… is this why? Do you have an idea of when these bindings might make their way into a yum package?
Thanks for the help!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
pycontribs / selinux
Goto Github
PK
View Code? Open in Web Editor
NEW
5.0
18.0
90 KB
Pure-python selinux shim module for use in virtualenvs
License: MIT License
Shell 7.86%
Jinja 14.50%
python
selinux’s People
selinux’s Issues
Doesn’t work properly when Python is installed from source
This issue is related to #19.
Traceback (most recent call last):
File "/usr/local/bin/ansible-playbook", line 92, in <module>
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/usr/local/lib/python3.7/site-packages/ansible/cli/__init__.py", line 25, in <module>
from ansible.parsing.dataloader import DataLoader
File "/usr/local/lib/python3.7/site-packages/ansible/parsing/dataloader.py", line 17, in <module>
from ansible.module_utils.basic import is_executable
File "/usr/local/lib/python3.7/site-packages/ansible/module_utils/basic.py", line 74, in <module>
import selinux
File "/usr/local/lib/python3.7/site-packages/selinux/__init__.py", line 104, in <module>
check_system_sitepackages()
File "/usr/local/lib/python3.7/site-packages/selinux/__init__.py", line 93, in check_system_sitepackages
system_sitepackages = get_system_sitepackages()
File "/usr/local/lib/python3.7/site-packages/selinux/__init__.py", line 83, in get_system_sitepackages
"import json, site; print(json.dumps(site.getsitepackages()))",
File "/usr/local/lib/python3.7/subprocess.py", line 411, in check_output
**kwargs).stdout
File "/usr/local/lib/python3.7/subprocess.py", line 488, in run
with Popen(*popenargs, **kwargs) as process:
File "/usr/local/lib/python3.7/subprocess.py", line 800, in __init__
restore_signals, start_new_session)
File "/usr/local/lib/python3.7/subprocess.py", line 1551, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/python3': '/usr/bin/python3'
$ which python3
/usr/local/bin/python3
$ python3
Python 3.7.5 (default, Nov 5 2019, 12:24:42)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> sys.executable
'/usr/local/bin/python3'
Is setuptools really required during runtime?
is_selinux_enabled() always returns false
selinux shim does not seem to work with Fedora 29
These commands work outside a virtualenv (created with tox)
python3 -c "import selinux; print(selinux.is_selinux_enabled())"
python -c "import selinux; print(selinux.is_selinux_enabled())"
but they do not work inside with the selinux shim installed.
python -c "import selinux; print(selinux.is_selinux_enabled())"
Traceback (most recent call last):
File "<string>", line 1, in <module>
AttributeError: module 'selinux' has no attribute 'is_selinux_enabled'
Is there something special that needs to be done to get this working? I would like to run molecule inside a tox virtualenv but am hitting ansible-community/molecule#1724
selinux package does not support python < 2.7
I know that this is a corner case but in CentOS 6.10 (still supported till the end of this year or even longer with extended support) python is below 2.7 which means that site.getsitepackages() will not work:
>>> import site
>>> site.getsitepackages()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'getsitepackages'
support for python 3.7/3.8 dropped
Hi there,
I noticed that support for python 3.7/3.8 were dropped, however they are both still supported versions of python, according to https://devguide.python.org/versions/.
3.7 becomes EOL on 2023-06-27, which is ~7 months away.
3.8 becomes EOL on 2024-10, which is ~22 months away.
Any chance we can revert dropping support of python 3.7/3.8 until they are actually unsupported by the python project?
Return to system_python = sys.executable for virtualenv support
I want to revisit this issue, can we return to "system_python = sys.executable" We failed to run selinux package inside the virtualenv
Originally posted by @reihl in #17 (comment)
Can we change this to /usr/libexec/platform-python ?
| system_python = «/usr/bin/python%s» % platform.python_version_tuple()[0] |
this should work a long time ago with platform-python: https://fedoraproject.org/wiki/Changes/Platform_Python_Stack
problem:
if i use a venv which is using a newer python this implementation will raise an error, because this selinux should only find the platform-python bindings and not from a newer python3.8+ on many RedHat Family systems.
/usr/bin/python3 not found when using pyenv
[bean @ p-msfc-enms-cm ../run/ansible-playbook] [master] $ ansible-playbook --limit=p-msfc-ils-logagg3.cso.nasa.gov playbooks/openscap.yml
ERROR! Unexpected Exception, this is probably a bug: [Errno 2] No such file or directory: '/usr/bin/python3': '/usr/bin/python3'
the full traceback was:
Traceback (most recent call last):
File "/home/bean/.pyenv/versions/venv-3.6.9/bin/ansible-playbook", line 92, in <module>
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/ansible/cli/__init__.py", line 25, in <module>
from ansible.parsing.dataloader import DataLoader
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/ansible/parsing/dataloader.py", line 17, in <module>
from ansible.module_utils.basic import is_executable
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/ansible/module_utils/basic.py", line 74, in <module>
import selinux
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/selinux/__init__.py", line 104, in <module>
check_system_sitepackages()
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/selinux/__init__.py", line 93, in check_system_sitepackages
system_sitepackages = get_system_sitepackages()
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/selinux/__init__.py", line 83, in get_system_sitepackages
"import json, site; print(json.dumps(site.getsitepackages()))",
File "/home/bean/.pyenv/versions/3.6.9/lib/python3.6/subprocess.py", line 356, in check_output
**kwargs).stdout
File "/home/bean/.pyenv/versions/3.6.9/lib/python3.6/subprocess.py", line 423, in run
with Popen(*popenargs, **kwargs) as process:
File "/home/bean/.pyenv/versions/3.6.9/lib/python3.6/subprocess.py", line 729, in __init__
restore_signals, start_new_session)
File "/home/bean/.pyenv/versions/3.6.9/lib/python3.6/subprocess.py", line 1364, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/python3': '/usr/bin/python3'
I’m using pyenv. I did try to edit it to change the system python to /usr/bin/python, I got no errors but it just failed to work.
My python is: ~/.pyenv/versions/venv-3.6.9/bin/python3 version 3.6.9
I have selinux loaded in my virtual env:
[bean @ p-msfc-enms-cm ../versions/venv-3.6.9/bin] [master] $ pip list | grep selinux
selinux 0.2.1
Can’t find selinux bindings for Python3.6 on CentOS 7
Hey thanks for the shim, it worked great with Python 2.7 on centos 7 and not requiring site packages in my venv.
However, I was hoping to use Python 3.6 instead, but when Ansible (2.8.1) used my venv it couldn’t find the bindings:
Traceback (most recent call last):
File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 114, in <module>
_ansiballz_main()
File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 106, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 45, in invoke_module
from ansible.module_utils import basic
File "<frozen importlib._bootstrap>", line 971, in _find_and_load
File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 656, in _load_unlocked
File "<frozen importlib._bootstrap>", line 626, in _load_backward_compatible
File "/tmp/ansible_file_payload_pvahd0cu/ansible_file_payload.zip/ansible/module_utils/basic.py", line 74, in <module>
File "/usr/local/venv/lib/python3.6/site-packages/selinux/__init__.py", line 91, in <module>
check_system_sitepackages()
File "/usr/local/venv/lib/python3.6/site-packages/selinux/__init__.py", line 89, in check_system_sitepackages
system_sitepackages)
Exception: Failed to detect selinux python bindings at ['/usr/local/lib64/python3.6/site-packages', '/usr/local/lib/python3.6/site-packages', '/usr/lib64/python3.6/site-packages', '/usr/lib/python3.6/site-packages']
Not surprising since from what I understand its because libselinux-python only provides bindings for Python 2. Based on your comment it sounded like I couldn’t simply yum install the bindings, nor could I find a package to do so.
I tried building them from scratch based on what was described here for Fedora but after installing a few additional yum packages:
flex
pcre-devel
bzip2
bzip2-devel
I couldn’t get past the error below even though audit-libs was installed:
seusers_local.c:11:22: fatal error: libaudit.h: No such file or directory
#include <libaudit.h>
^
compilation terminated.
I noticed in your docs that you’ve only tested Python 3 on Fedora but not CentOS… is this why? Do you have an idea of when these bindings might make their way into a yum package?
Thanks for the help!
0.1.5 release was broken: deleted from PYPA
As last night release proved to break jobs, I removed it from PYPI and we will need to make a new one once we fix the breaking change that caused it.
Example: http://logs.rdoproject.org/19/21319/1/check/tox-py27/37a6c77/tox/reports.html
check_output raise CalledProcessError(retcode, cmd, output=output) CalledProcessError: Command '['/home/zuul/src/review.rdoproject.org/rdo-infra/ci-config/.tox/py27/bin/python', '-c', 'import json, site; print(json.dumps(site.getsitepackages()))']' returned non-zero exit status 1 ----------------------------- Captured stderr call -----------------------------
Traceback (most recent call last):
File "<string>", line 1, in <module> AttributeError: 'module' object has no attribute 'getsitepackages' ERROR! Unexpected Exception, this is probably a bug:
Command '['/home/zuul/src/review.rdoproject.org/rdo-infra/ci-config/.tox/py27/bin/python', '-c', 'import json, site; print(json.dumps(site.getsitepackages()))']' returned non-zero exit status 1 ERROR: Traceback (most recent call last):
File "<string>", line 1, in <module> AttributeError: 'module' object has no attribute 'getsitepackages'
ERROR! Unexpected Exception, this is probably a bug:
Command '['/home/zuul/src/review.rdoproject.org/rdo-infra/ci-config/.tox/py27/bin/python', '-c', 'import json, site; print(json.dumps(site.getsitepackages()))']' returned non-zero exit status 1
Same package name as official selinux python bindings
Hello,
it seems that this python module installs a selinux module just as the official selinux python bindings, causing package conflicts when using programs which depend on either one of the two.
Can something be done about this?
EDIT: I see from the README one has to install official bindings, so I am wondering, how could that be if this package overwrites them? More in general we have doubts about how this module works.
AttributeError: ‘SpecifierSet’ object has no attribute ‘split’
Obtaining file:///Users/ssbarnea/rdo/selinux
Installing build dependencies: started
Installing build dependencies: finished with status 'done'
Getting requirements to build wheel: started
Getting requirements to build wheel: finished with status 'done'
Preparing wheel metadata: started
Preparing wheel metadata: finished with status 'error'
ERROR: Command errored out with exit status 1:
command: /Users/ssbarnea/rdo/selinux/.tox/lint/bin/python /Users/ssbarnea/rdo/selinux/.tox/lint/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py prepare_metadata_for_build_wheel /var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/tmp7_8tsz33
cwd: /Users/ssbarnea/rdo/selinux
Complete output (28 lines):
Traceback (most recent call last):
File "/Users/ssbarnea/rdo/selinux/.tox/lint/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 207, in <module>
main()
File "/Users/ssbarnea/rdo/selinux/.tox/lint/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 197, in main
json_out['return_val'] = hook(**hook_input['kwargs'])
File "/Users/ssbarnea/rdo/selinux/.tox/lint/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 69, in prepare_metadata_for_build_wheel
return hook(metadata_directory, config_settings)
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/build_meta.py", line 156, in prepare_metadata_for_build_wheel
self.run_setup()
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/build_meta.py", line 142, in run_setup
exec(compile(code, __file__, 'exec'), locals())
File "setup.py", line 335, in <module>
__name__ == "__main__" and setuptools.setup(**setup_params)
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/__init__.py", line 145, in setup
return distutils.core.setup(**attrs)
File "/Users/ssbarnea/.pyenv/versions/3.7.4/lib/python3.7/distutils/core.py", line 108, in setup
_setup_distribution = dist = klass(attrs)
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/dist.py", line 447, in __init__
k: v for k, v in attrs.items()
File "/Users/ssbarnea/.pyenv/versions/3.7.4/lib/python3.7/distutils/dist.py", line 292, in __init__
self.finalize_options()
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/dist.py", line 735, in finalize_options
ep.load()(self, ep.name, value)
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/dist.py", line 291, in check_specifier
packaging.specifiers.SpecifierSet(value)
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/_vendor/packaging/specifiers.py", line 594, in __init__
specifiers = [s.strip() for s in specifiers.split(",") if s.strip()]
AttributeError: 'SpecifierSet' object has no attribute 'split'
----------------------------------------
ERROR: Command errored out with exit status 1: /Users/ssbarnea/rdo/selinux/.tox/lint/bin/python /Users/ssbarnea/rdo/selinux/.tox/lint/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py prepare_metadata_for_build_wheel /var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/tmp7_8tsz33 Check the logs for full command output.
Apparently this error is caused by the dirty magic we curently have in setup.py
Support cleanly catching the missing ‘real’ bindings.
If the shim’s been installed, but the system library is missing, then check_system_sitepackages currently raises Exception.
Since check_system_sitepackages() will only be called as a result of import selinux it would make more sense for this to raise an ImportError rather than the more generic Exception.
This can currently cause problems with things like a Python 3.9 virtual environment on RHEL8 where only the 3.6 bindings are shipped. If something pulls selinux into the venv as a dependency suddenly the usual practice of using except ImportError to catch the missing bindings won’t work.
enable travis integration
Recommend Projects
-
ReactA declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
TypescriptTypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlowAn Open Source Machine Learning Framework for Everyone
-
DjangoThe Web framework for perfectionists with deadlines.
-
LaravelA PHP framework for web artisans
-
D3Bring data to life with SVG, Canvas and HTML. 📊📈🎉
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
FacebookWe are working to build community through open source technology. NB: members must have two-factor auth.
-
MicrosoftOpen source projects and samples from Microsoft.
-
GoogleGoogle ❤️ Open Source for everyone.
-
AlibabaAlibaba Open Source for everyone
-
D3Data-Driven Documents codes.
-
TencentChina tencent open source team.
Hi there,
I noticed that support for python 3.7/3.8 were dropped, however they are both still supported versions of python, according to https://devguide.python.org/versions/.
3.7 becomes EOL on 2023-06-27, which is ~7 months away.
3.8 becomes EOL on 2024-10, which is ~22 months away.
Any chance we can revert dropping support of python 3.7/3.8 until they are actually unsupported by the python project?
If the shim’s been installed, but the system library is missing, then check_system_sitepackages currently raises Exception.
Since check_system_sitepackages() will only be called as a result of import selinux it would make more sense for this to raise an ImportError rather than the more generic Exception.
This can currently cause problems with things like a Python 3.9 virtual environment on RHEL8 where only the 3.6 bindings are shipped. If something pulls selinux into the venv as a dependency suddenly the usual practice of using except ImportError to catch the missing bindings won’t work.
| system_python = «/usr/bin/python%s» % platform.python_version_tuple()[0] |
this should work a long time ago with platform-python: https://fedoraproject.org/wiki/Changes/Platform_Python_Stack
problem:
if i use a venv which is using a newer python this implementation will raise an error, because this selinux should only find the platform-python bindings and not from a newer python3.8+ on many RedHat Family systems.
I want to revisit this issue, can we return to "system_python = sys.executable" We failed to run selinux package inside the virtualenv
Originally posted by @reihl in #17 (comment)
As last night release proved to break jobs, I removed it from PYPI and we will need to make a new one once we fix the breaking change that caused it.
Example: http://logs.rdoproject.org/19/21319/1/check/tox-py27/37a6c77/tox/reports.html
check_output raise CalledProcessError(retcode, cmd, output=output) CalledProcessError: Command '['/home/zuul/src/review.rdoproject.org/rdo-infra/ci-config/.tox/py27/bin/python', '-c', 'import json, site; print(json.dumps(site.getsitepackages()))']' returned non-zero exit status 1 ----------------------------- Captured stderr call -----------------------------
Traceback (most recent call last):
File "<string>", line 1, in <module> AttributeError: 'module' object has no attribute 'getsitepackages' ERROR! Unexpected Exception, this is probably a bug:
Command '['/home/zuul/src/review.rdoproject.org/rdo-infra/ci-config/.tox/py27/bin/python', '-c', 'import json, site; print(json.dumps(site.getsitepackages()))']' returned non-zero exit status 1 ERROR: Traceback (most recent call last):
File "<string>", line 1, in <module> AttributeError: 'module' object has no attribute 'getsitepackages'
ERROR! Unexpected Exception, this is probably a bug:
Command '['/home/zuul/src/review.rdoproject.org/rdo-infra/ci-config/.tox/py27/bin/python', '-c', 'import json, site; print(json.dumps(site.getsitepackages()))']' returned non-zero exit status 1
Hello,
it seems that this python module installs a selinux module just as the official selinux python bindings, causing package conflicts when using programs which depend on either one of the two.
Can something be done about this?
EDIT: I see from the README one has to install official bindings, so I am wondering, how could that be if this package overwrites them? More in general we have doubts about how this module works.
Hey thanks for the shim, it worked great with Python 2.7 on centos 7 and not requiring site packages in my venv.
However, I was hoping to use Python 3.6 instead, but when Ansible (2.8.1) used my venv it couldn’t find the bindings:
Traceback (most recent call last):
File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 114, in <module>
_ansiballz_main()
File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 106, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/centos/.ansible/tmp/ansible-tmp-1562860492.44-119184692614089/AnsiballZ_file.py", line 45, in invoke_module
from ansible.module_utils import basic
File "<frozen importlib._bootstrap>", line 971, in _find_and_load
File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 656, in _load_unlocked
File "<frozen importlib._bootstrap>", line 626, in _load_backward_compatible
File "/tmp/ansible_file_payload_pvahd0cu/ansible_file_payload.zip/ansible/module_utils/basic.py", line 74, in <module>
File "/usr/local/venv/lib/python3.6/site-packages/selinux/__init__.py", line 91, in <module>
check_system_sitepackages()
File "/usr/local/venv/lib/python3.6/site-packages/selinux/__init__.py", line 89, in check_system_sitepackages
system_sitepackages)
Exception: Failed to detect selinux python bindings at ['/usr/local/lib64/python3.6/site-packages', '/usr/local/lib/python3.6/site-packages', '/usr/lib64/python3.6/site-packages', '/usr/lib/python3.6/site-packages']
Not surprising since from what I understand its because libselinux-python only provides bindings for Python 2. Based on your comment it sounded like I couldn’t simply yum install the bindings, nor could I find a package to do so.
I tried building them from scratch based on what was described here for Fedora but after installing a few additional yum packages:
flex
pcre-devel
bzip2
bzip2-devel
I couldn’t get past the error below even though audit-libs was installed:
seusers_local.c:11:22: fatal error: libaudit.h: No such file or directory
#include <libaudit.h>
^
compilation terminated.
I noticed in your docs that you’ve only tested Python 3 on Fedora but not CentOS… is this why? Do you have an idea of when these bindings might make their way into a yum package?
Thanks for the help!
This issue is related to #19.
Traceback (most recent call last):
File "/usr/local/bin/ansible-playbook", line 92, in <module>
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/usr/local/lib/python3.7/site-packages/ansible/cli/__init__.py", line 25, in <module>
from ansible.parsing.dataloader import DataLoader
File "/usr/local/lib/python3.7/site-packages/ansible/parsing/dataloader.py", line 17, in <module>
from ansible.module_utils.basic import is_executable
File "/usr/local/lib/python3.7/site-packages/ansible/module_utils/basic.py", line 74, in <module>
import selinux
File "/usr/local/lib/python3.7/site-packages/selinux/__init__.py", line 104, in <module>
check_system_sitepackages()
File "/usr/local/lib/python3.7/site-packages/selinux/__init__.py", line 93, in check_system_sitepackages
system_sitepackages = get_system_sitepackages()
File "/usr/local/lib/python3.7/site-packages/selinux/__init__.py", line 83, in get_system_sitepackages
"import json, site; print(json.dumps(site.getsitepackages()))",
File "/usr/local/lib/python3.7/subprocess.py", line 411, in check_output
**kwargs).stdout
File "/usr/local/lib/python3.7/subprocess.py", line 488, in run
with Popen(*popenargs, **kwargs) as process:
File "/usr/local/lib/python3.7/subprocess.py", line 800, in __init__
restore_signals, start_new_session)
File "/usr/local/lib/python3.7/subprocess.py", line 1551, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/python3': '/usr/bin/python3'
$ which python3
/usr/local/bin/python3
$ python3
Python 3.7.5 (default, Nov 5 2019, 12:24:42)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> sys.executable
'/usr/local/bin/python3'
[bean @ p-msfc-enms-cm ../run/ansible-playbook] [master] $ ansible-playbook --limit=p-msfc-ils-logagg3.cso.nasa.gov playbooks/openscap.yml
ERROR! Unexpected Exception, this is probably a bug: [Errno 2] No such file or directory: '/usr/bin/python3': '/usr/bin/python3'
the full traceback was:
Traceback (most recent call last):
File "/home/bean/.pyenv/versions/venv-3.6.9/bin/ansible-playbook", line 92, in <module>
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/ansible/cli/__init__.py", line 25, in <module>
from ansible.parsing.dataloader import DataLoader
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/ansible/parsing/dataloader.py", line 17, in <module>
from ansible.module_utils.basic import is_executable
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/ansible/module_utils/basic.py", line 74, in <module>
import selinux
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/selinux/__init__.py", line 104, in <module>
check_system_sitepackages()
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/selinux/__init__.py", line 93, in check_system_sitepackages
system_sitepackages = get_system_sitepackages()
File "/home/bean/.pyenv/versions/3.6.9/envs/venv-3.6.9/lib/python3.6/site-packages/selinux/__init__.py", line 83, in get_system_sitepackages
"import json, site; print(json.dumps(site.getsitepackages()))",
File "/home/bean/.pyenv/versions/3.6.9/lib/python3.6/subprocess.py", line 356, in check_output
**kwargs).stdout
File "/home/bean/.pyenv/versions/3.6.9/lib/python3.6/subprocess.py", line 423, in run
with Popen(*popenargs, **kwargs) as process:
File "/home/bean/.pyenv/versions/3.6.9/lib/python3.6/subprocess.py", line 729, in __init__
restore_signals, start_new_session)
File "/home/bean/.pyenv/versions/3.6.9/lib/python3.6/subprocess.py", line 1364, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/python3': '/usr/bin/python3'
I’m using pyenv. I did try to edit it to change the system python to /usr/bin/python, I got no errors but it just failed to work.
My python is: ~/.pyenv/versions/venv-3.6.9/bin/python3 version 3.6.9
I have selinux loaded in my virtual env:
[bean @ p-msfc-enms-cm ../versions/venv-3.6.9/bin] [master] $ pip list | grep selinux
selinux 0.2.1
I know that this is a corner case but in CentOS 6.10 (still supported till the end of this year or even longer with extended support) python is below 2.7 which means that site.getsitepackages() will not work:
>>> import site
>>> site.getsitepackages()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'getsitepackages'
Obtaining file:///Users/ssbarnea/rdo/selinux
Installing build dependencies: started
Installing build dependencies: finished with status 'done'
Getting requirements to build wheel: started
Getting requirements to build wheel: finished with status 'done'
Preparing wheel metadata: started
Preparing wheel metadata: finished with status 'error'
ERROR: Command errored out with exit status 1:
command: /Users/ssbarnea/rdo/selinux/.tox/lint/bin/python /Users/ssbarnea/rdo/selinux/.tox/lint/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py prepare_metadata_for_build_wheel /var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/tmp7_8tsz33
cwd: /Users/ssbarnea/rdo/selinux
Complete output (28 lines):
Traceback (most recent call last):
File "/Users/ssbarnea/rdo/selinux/.tox/lint/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 207, in <module>
main()
File "/Users/ssbarnea/rdo/selinux/.tox/lint/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 197, in main
json_out['return_val'] = hook(**hook_input['kwargs'])
File "/Users/ssbarnea/rdo/selinux/.tox/lint/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 69, in prepare_metadata_for_build_wheel
return hook(metadata_directory, config_settings)
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/build_meta.py", line 156, in prepare_metadata_for_build_wheel
self.run_setup()
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/build_meta.py", line 142, in run_setup
exec(compile(code, __file__, 'exec'), locals())
File "setup.py", line 335, in <module>
__name__ == "__main__" and setuptools.setup(**setup_params)
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/__init__.py", line 145, in setup
return distutils.core.setup(**attrs)
File "/Users/ssbarnea/.pyenv/versions/3.7.4/lib/python3.7/distutils/core.py", line 108, in setup
_setup_distribution = dist = klass(attrs)
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/dist.py", line 447, in __init__
k: v for k, v in attrs.items()
File "/Users/ssbarnea/.pyenv/versions/3.7.4/lib/python3.7/distutils/dist.py", line 292, in __init__
self.finalize_options()
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/dist.py", line 735, in finalize_options
ep.load()(self, ep.name, value)
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/dist.py", line 291, in check_specifier
packaging.specifiers.SpecifierSet(value)
File "/private/var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/pip-build-env-xq43woqy/overlay/lib/python3.7/site-packages/setuptools/_vendor/packaging/specifiers.py", line 594, in __init__
specifiers = [s.strip() for s in specifiers.split(",") if s.strip()]
AttributeError: 'SpecifierSet' object has no attribute 'split'
----------------------------------------
ERROR: Command errored out with exit status 1: /Users/ssbarnea/rdo/selinux/.tox/lint/bin/python /Users/ssbarnea/rdo/selinux/.tox/lint/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py prepare_metadata_for_build_wheel /var/folders/3q/pc1jcyjj3qqbj6_x7n4kbtqw0000gn/T/tmp7_8tsz33 Check the logs for full command output.
Apparently this error is caused by the dirty magic we curently have in setup.py
These commands work outside a virtualenv (created with tox)
python3 -c "import selinux; print(selinux.is_selinux_enabled())"
python -c "import selinux; print(selinux.is_selinux_enabled())"
but they do not work inside with the selinux shim installed.
python -c "import selinux; print(selinux.is_selinux_enabled())"
Traceback (most recent call last):
File "<string>", line 1, in <module>
AttributeError: module 'selinux' has no attribute 'is_selinux_enabled'
Is there something special that needs to be done to get this working? I would like to run molecule inside a tox virtualenv but am hitting ansible-community/molecule#1724