Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 416301 - "semanage fcontext" with python 3 fails in removing local contexts
Summary: "semanage fcontext" with python 3 fails in removing local contexts
Status: VERIFIED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Vermeulen (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-16 18:12 UTC by Sven Vermeulen (RETIRED)
Modified: 2012-07-10 20:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Vermeulen (RETIRED) gentoo-dev 2012-05-16 18:12:47 UTC
When running the following simple test, the commands succeed when python2.7 is enabled, but fail with python3.2:

"""
~# semanage fcontext -a -t swapfile_t /swapfile
~# semanage fcontext -d /swapfile
"""

With Python3.2, the following error occurs:

"""
/usr/sbin/semanage: File context for /swapfile is not defined
"""

If I switch back to Python2.7, the command succeeds. The definition of /swapfile is made and available in the file_contexts.local file. Also, all seemingly involved python scripts in /usr/lib/python<version>/site-packages, such as seobject.py and semanage.py are indifferent between the two versions.

It seems that the calls to _semanage.so are the culprit (but I'm not certain).

Reproducible: Always
Comment 1 Dirkjan Ochtman (RETIRED) gentoo-dev 2012-05-25 06:55:00 UTC
Any particular reason you didn't CC the python team on this? There might be someone there who could help...
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2012-05-27 08:49:27 UTC
Seems like the problem is that the string, representing the file context (like "/swapfile") is freed even though it is still used. It might be because Python 2.7 doesn't free it as soon as Python 3.2 does, or perhaps it has nothing to do with Python itself but with the swig'ified code that has this change.

In any case, strdup'ing the string seems to have fixed the issue (and still works in Python 2.7).

Fix is now in hardened-dev overlay
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2012-06-25 20:11:04 UTC
In main tree, ~arch'ed
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-10 20:13:31 UTC
Stable in portage tree