When running the following simple test, the commands succeed when python2.7 is enabled, but fail with python3.2: """ ~# semanage fcontext -a -t swapfile_t /swapfile ~# semanage fcontext -d /swapfile """ With Python3.2, the following error occurs: """ /usr/sbin/semanage: File context for /swapfile is not defined """ If I switch back to Python2.7, the command succeeds. The definition of /swapfile is made and available in the file_contexts.local file. Also, all seemingly involved python scripts in /usr/lib/python<version>/site-packages, such as seobject.py and semanage.py are indifferent between the two versions. It seems that the calls to _semanage.so are the culprit (but I'm not certain). Reproducible: Always
Any particular reason you didn't CC the python team on this? There might be someone there who could help...
Seems like the problem is that the string, representing the file context (like "/swapfile") is freed even though it is still used. It might be because Python 2.7 doesn't free it as soon as Python 3.2 does, or perhaps it has nothing to do with Python itself but with the swig'ified code that has this change. In any case, strdup'ing the string seems to have fixed the issue (and still works in Python 2.7). Fix is now in hardened-dev overlay
In main tree, ~arch'ed
Stable in portage tree
