Using the 2.0.14-7.x86_64 version from updates-testing, I get things like: # cat /var/log/audit/audit.log* | audit2allow -m local20070922 Traceback (most recent call last): File "/usr/bin/audit2allow", line 30, in <module> import sepolgen.module as module File "/usr/lib64/python2.5/site-packages/sepolgen/module.py", line 27, in <module> import selinux File "/usr/lib64/python2.5/site-packages/selinux.py", line 7, in <module> import _selinux ImportError: /usr/lib64/python2.5/site-packages/_selinux.so: undefined symbol: fsetfilecon_raw Also, upgrading selinux-policy resulted in a similar traceback. Note that this is a pure x86_64 box, no i386 rpms installed. I wonder if there is some i386 dependency here thats not known to rpm? Happy to test or provide more info.
I don't think it's x86_64 specific. I get the same traceback from anything that tries to import selinux. Reverting to 2.0.14-6.fc7 removes this particular error. It seems something is off in the swig patch with -7. There is a different swig patch in the devel branch, so maybe Dan already knows about the problem and has a fix in the works.
Could you check 2.0.14-8 in fedora-testing?
Seems to work fine here... :)
Hmm, audit2allow and "import python" in the interactive interpreter work with 2.0.14-8, but setroubleshootd[1] still dies on startup: # setroubleshootd -f Traceback (most recent call last): File "/usr/sbin/setroubleshootd", line 71, in <module> from setroubleshoot.server import RunFaultServer File "/usr/lib/python2.5/site-packages/setroubleshoot/server.py", line 35, in <module> from setroubleshoot.analyze import * File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 35, in <module> from setroubleshoot.avc_audit import * File "/usr/lib/python2.5/site-packages/setroubleshoot/avc_audit.py", line 138, in <module> my_context = AvcContext(selinux.getcon()[1]) TypeError: getcon() takes exactly 1 argument (0 given) This doesn't happen with 2.0.14-6. (With 2.0.14-7, setroubleshootd dies at the import python stage, from the undefined symbol: fsetfilecon_raw problem.) [1] setroubleshoot 1.9.4-2, see bug #289371 for why 1.10.1-1 from updates-testing is dieing -- it seems to require selinux-policy >= 3.0.7-10, which isn't available for F7
Ah, I didn't have setroubleshoot setup here.. I do see that same thing here with it.
I just tested libselinux-2.0.14-9.fc7.i386 from koji and it seems to resolve the problems with setroubleshoot (combined with the fixes in selinux-policy-2.6.4-45). audit2allow and "import selinux" both work as well. Thanks for the quick fixes Dan! I'll be sure to leave a comment in bodhi when this update hits testing, with a positive karma (unless I run across any other issues before then :).