Bug 301751 - libselinux-2.0.14-7 causes python tracebacks
Summary: libselinux-2.0.14-7 causes python tracebacks
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: libselinux
Version: 7
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-09-22 18:04 UTC by Kevin Fenzi
Modified: 2008-01-21 15:44 UTC (History)
1 user (show)

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-21 15:44:43 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Kevin Fenzi 2007-09-22 18:04:29 UTC 
Using the 2.0.14-7.x86_64 version from updates-testing, I get things like: 

# cat /var/log/audit/audit.log* | audit2allow -m local20070922
Traceback (most recent call last):
  File "/usr/bin/audit2allow", line 30, in <module>
    import sepolgen.module as module
  File "/usr/lib64/python2.5/site-packages/sepolgen/module.py", line 27, in <module>
    import selinux
  File "/usr/lib64/python2.5/site-packages/selinux.py", line 7, in <module>
    import _selinux
ImportError: /usr/lib64/python2.5/site-packages/_selinux.so: undefined symbol:
fsetfilecon_raw

Also, upgrading selinux-policy resulted in a similar traceback. 

Note that this is a pure x86_64 box, no i386 rpms installed. 
I wonder if there is some i386 dependency here thats not known to rpm?

Happy to test or provide more info.
Comment 1 Todd Zullinger 2007-09-25 18:39:39 UTC 
I don't think it's x86_64 specific.  I get the same traceback from anything that
tries to import selinux.  Reverting to 2.0.14-6.fc7 removes this particular
error.  It seems something is off in the swig patch with -7.  There is a
different swig patch in the devel branch, so maybe Dan already knows about the
problem and has a fix in the works.
Comment 2 Daniel Walsh 2007-09-25 21:54:22 UTC 
Could you check 2.0.14-8 in fedora-testing?
Comment 3 Kevin Fenzi 2007-09-25 22:21:49 UTC 
Seems to work fine here... :)
Comment 4 Todd Zullinger 2007-09-26 02:25:07 UTC 
Hmm, audit2allow and "import python" in the interactive interpreter work with
2.0.14-8, but setroubleshootd[1] still dies on startup:

# setroubleshootd -f
Traceback (most recent call last):
  File "/usr/sbin/setroubleshootd", line 71, in <module>
    from setroubleshoot.server import RunFaultServer
  File "/usr/lib/python2.5/site-packages/setroubleshoot/server.py", line 35, in
<module>
    from setroubleshoot.analyze import *
  File "/usr/lib/python2.5/site-packages/setroubleshoot/analyze.py", line 35, in
<module>
    from setroubleshoot.avc_audit import *
  File "/usr/lib/python2.5/site-packages/setroubleshoot/avc_audit.py", line 138,
in <module>
    my_context = AvcContext(selinux.getcon()[1])
TypeError: getcon() takes exactly 1 argument (0 given)

This doesn't happen with 2.0.14-6.  (With 2.0.14-7, setroubleshootd dies at the
import python stage, from the undefined symbol: fsetfilecon_raw problem.)

[1]  setroubleshoot 1.9.4-2, see bug #289371 for why 1.10.1-1 from
updates-testing is dieing -- it seems to require selinux-policy >= 3.0.7-10,
which isn't available for F7
Comment 5 Kevin Fenzi 2007-09-26 17:52:03 UTC 
Ah, I didn't have setroubleshoot setup here.. I do see that same thing here with
it.
Comment 6 Todd Zullinger 2007-09-27 15:43:07 UTC 
I just tested libselinux-2.0.14-9.fc7.i386 from koji and it seems to resolve the
problems with setroubleshoot (combined with the fixes in
selinux-policy-2.6.4-45).  audit2allow and "import selinux" both work as well.

Thanks for the quick fixes Dan!  I'll be sure to leave a comment in bodhi when
this update hits testing, with a positive karma (unless I run across any other
issues before then :).
Note You need to log in before you can comment on or make changes to this bug.