Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 416301

Summary: "semanage fcontext" with python 3 fails in removing local contexts
Product: Gentoo Linux Reporter: Sven Vermeulen (RETIRED) <swift>
Component: HardenedAssignee: Sven Vermeulen (RETIRED) <swift>
Status: VERIFIED FIXED    
Severity: normal CC: selinux
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Sven Vermeulen (RETIRED) gentoo-dev 2012-05-16 18:12:47 UTC 
When running the following simple test, the commands succeed when python2.7 is enabled, but fail with python3.2:

"""
~# semanage fcontext -a -t swapfile_t /swapfile
~# semanage fcontext -d /swapfile
"""

With Python3.2, the following error occurs:

"""
/usr/sbin/semanage: File context for /swapfile is not defined
"""

If I switch back to Python2.7, the command succeeds. The definition of /swapfile is made and available in the file_contexts.local file. Also, all seemingly involved python scripts in /usr/lib/python<version>/site-packages, such as seobject.py and semanage.py are indifferent between the two versions.

It seems that the calls to _semanage.so are the culprit (but I'm not certain).

Reproducible: Always
Comment 1 Dirkjan Ochtman (RETIRED) gentoo-dev 2012-05-25 06:55:00 UTC 
Any particular reason you didn't CC the python team on this? There might be someone there who could help...
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2012-05-27 08:49:27 UTC 
Seems like the problem is that the string, representing the file context (like "/swapfile") is freed even though it is still used. It might be because Python 2.7 doesn't free it as soon as Python 3.2 does, or perhaps it has nothing to do with Python itself but with the swig'ified code that has this change.

In any case, strdup'ing the string seems to have fixed the issue (and still works in Python 2.7).

Fix is now in hardened-dev overlay
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2012-06-25 20:11:04 UTC 
In main tree, ~arch'ed
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-10 20:13:31 UTC 
Stable in portage tree