Bug 2207684 - Don't add user site directory to sys.path
Summary: Don't add user site directory to sys.path
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: blueman
Version: 37
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Artur Frenszek-Iwicki
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-05-16 14:05 UTC by Doncho Gunchev
Modified: 2023-06-17 02:07 UTC (History)
2 users (show)

Fixed In Version: blueman-2.3.5-3.fc38 blueman-2.3.5-2.fc37
Clone Of:
Environment:
Last Closed: 2023-06-17 01:22:29 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Doncho Gunchev 2023-05-16 14:05:23 UTC 
If the someone installs packages in his user site directory then Blueman may start using one of these instead of the system package. This can create problems with compatibility and SELinux ( https://bugzilla.redhat.com/show_bug.cgi?id=2179800 ).

To get rid of the SELinux messages I had to modify


$ rpm -ql blueman | grep '/usr/\(bin\|libexec\)/'
/usr/bin/blueman-adapters
/usr/bin/blueman-applet
/usr/bin/blueman-manager
/usr/bin/blueman-sendto
/usr/bin/blueman-services
/usr/bin/blueman-tray
/usr/libexec/blueman-mechanism
/usr/libexec/blueman-rfcomm-watcher

and add at least '-s'. Tuned uses similar approach:

$ head -n 1 /usr/sbin/tuned
#!/usr/libexec/platform-python -Es



Reproducible: Always

Steps to Reproduce:
1. Install Blueman
2. Login and try using it

Actual Results:  
SELinux error message from the SELinux Troubleshooter.

Expected Results:  
No SELinux errors and no python user site files being accessed.
Comment 1 Artur Frenszek-Iwicki 2023-05-16 21:30:59 UTC 
Ok, so it seems this can be fixed quite easily by running %py3_shebang_fix on the installed files.
This tool defaults to adding "-sP", but it's easy enough to change that to "-sPE".

Any downside to having all three of those, or should I just go ahead?
Comment 2 Doncho Gunchev 2023-06-07 08:57:35 UTC 
IDK, "-sPE" sounds even better to me. IMHO if the user wants to run the app with custom libraries it would be logical to also run custom main app, not use the system-wide one.
Comment 3 Fedora Update System 2023-06-08 10:02:27 UTC 
FEDORA-2023-6f71ab0049 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-6f71ab0049
Comment 4 Fedora Update System 2023-06-08 10:37:30 UTC 
FEDORA-2023-1e7501bfa3 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-1e7501bfa3
Comment 5 Fedora Update System 2023-06-09 01:39:47 UTC 
FEDORA-2023-6f71ab0049 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-6f71ab0049`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-6f71ab0049

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2023-06-09 03:01:43 UTC 
FEDORA-2023-1e7501bfa3 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-1e7501bfa3`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-1e7501bfa3

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2023-06-17 01:22:29 UTC 
FEDORA-2023-6f71ab0049 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 Fedora Update System 2023-06-17 02:07:26 UTC 
FEDORA-2023-1e7501bfa3 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.