~# semanage login -a -s user_u user
libsemanage.dbase_llist_query: could not query record value
No denials in AVC log
Seems to be related to Python-3 support; using Python 2.7 it functions properly.
Another day of trying to figure this out.
It seems like the error comes when semanage -> seobject.py -> semanage.py -> _semanage.semanage_user_query
The _semanage stuff comes from the SWIG-generated _semanage.so. Printing out the arguments shows that the input initially (to semanage_user_key_create) is correct (like "user_u") and the key returned is always the same value (so it is not a regression from before where a double-free is invoked).
I'm most likely going to insert some debugging statements in the semanage_user_key_create, semanage_user_exists & semanage_user_query functions in libsemanage to see where things might be going wrong. But the whole use of a key/record approach inside libsemanage/libsepol doesn't make it easy to debug...
Not fixed in the sense that it now works, but I marked policycoreutils to only support Python 2.7 (until upstream supports it).
In main tree, ~arch'ed
recent selinux userspace utilities are now stabilized