Bug 26693 - selinux python3 module fails to load using appliance-tools
Summary: selinux python3 module fails to load using appliance-tools
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: x86_64 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Neal Gompa
QA Contact:
URL: https://github.com/SELinuxProject/sel...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-27 17:43 CEST by Mark Verlinde
Modified: 2021-01-06 23:33 CET (History)
1 user (show)

See Also:
Source RPM: libselinux-2.5-10.mga7.src.rpm, appliance-tools-009.0-6.mga7.src.rpm, selinux-policy-3.13.1-9.mga7.src.rpm
CVE:
Status comment:


Attachments

Description Mark Verlinde 2020-05-27 17:43:53 CEST
Description of problem:

Creating a (bootable) raw- or qcow2-image using appliance-tools fails with:

ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.8/site-packages/selinux/__init__.py)



Root cause is pretty much described in commit (see url)to upstream.
(Patch) 0001-libselinux-Change-the-location-of-_selinux.so.patch
in the mageia source package of libselinux tries to mitigate the "new" behavior of SWIG 4.0 but it seems to break appliance-tools.


Workaround in place is a sim-link in /usr/lib64/python3.8/site-packages/selinux/_selinux.so -> ../_selinux.so*



Version-Release number of selected component (if applicable):

appliance-tools-009.0-8.mga8
libselinux-python3-2.5-12.mga8.aarch64.rpm


Steps to Reproduce:
1. install appliance-tools
2. (try to) create an image with:
    appliance-creator --config=<path to ks> --name="test" --debug --no-compress


grts, mark
Comment 1 Lewis Smith 2020-05-27 21:44:16 CEST
Thank you for reporting this, and your diagnosis.

Treating this initially as a libselinux problem, because this looks very relevant:-
 Modified Sun Dec 2 2018
 - move _selinux.so to /usr/lib(64)/python*/site-packages
  * this should fix selinux-policy build failure

Assigning to DavidG who did that update, CC'ing NealG registered maintainer.
Luckily both packagers are relevant for 'appliance-tools' if that happens to be the culprit.

CC: (none) => ngompa13
Source RPM: (none) => libselinux-2.5-10.mga7.src.rpm, appliance-tools-009.0-6.mga7.src.rpm
Assignee: bugsquad => geiger.david68210

Comment 2 Mark Verlinde 2020-06-18 12:41:08 CEST
Any news on this?

I wonder why Mageia-Cauldron is (still) on libselinux 2.5. It is fairly old, how ever I'm not a selinux specialist so cannot oversee the consequences of moving to a newer version of selinux in which this issue is fixed.

If there are compelling reasons to stay on libselinux 2.5 I'm willing to try to back-port the  distutils-install fix for python3.8.

Do not want to go though the this trouble if a version-update is due date. 

grtz Mark
Comment 3 Neal Gompa 2020-06-18 17:10:09 CEST
(In reply to Mark Verlinde from comment #2)
> Any news on this?
> 
> I wonder why Mageia-Cauldron is (still) on libselinux 2.5. It is fairly old,
> how ever I'm not a selinux specialist so cannot oversee the consequences of
> moving to a newer version of selinux in which this issue is fixed.
> 
> If there are compelling reasons to stay on libselinux 2.5 I'm willing to try
> to back-port the  distutils-install fix for python3.8.
> 
> Do not want to go though the this trouble if a version-update is due date. 
> 
> grtz Mark

There are no compelling reasons to stay on version 2.5. It's just I haven't yet had enough time to get everything bumped to the latest version.
Comment 4 David GEIGER 2021-01-06 17:10:21 CET
Assigning to the real maintainer!

Assignee: geiger.david68210 => ngompa13

Comment 5 David Walser 2021-01-06 23:33:22 CET
selinux-policy will need to be updated to make it buildable and to support Python 3.  Neal already was working on this.

Source RPM: libselinux-2.5-10.mga7.src.rpm, appliance-tools-009.0-6.mga7.src.rpm => libselinux-2.5-10.mga7.src.rpm, appliance-tools-009.0-6.mga7.src.rpm, selinux-policy-3.13.1-9.mga7.src.rpm


Note You need to log in before you can comment on or make changes to this bug.