Fixes:
Detecting usr/lib64/python3.6/site-packages/selinux/audit2why.cpython-36m-x86_64-linux-gnu.so with not-hardened warnings '
Hardened: audit2why.cpython-36m-x86_64-linux-gnu.so: FAIL: Gaps were detected in the annobin coverage. Run with -v to list.
' on x86_64
SWIG-4.0 changed its behavior so that it uses: from . import _selinux which
looks for _selinux module in the same directory as where __init__.py is -
$(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into
$(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location
of _selinux.so").
In order to prevent such breakage in future use Python's distutils instead of
building and installing python bindings manually in Makefile.
Fixes:
>>> import selinux
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in <module>
from . import _selinux
ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py)
>>>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
There is a new feature in the Standard Test Roles which allows to
use an FMF filter instead of listing all tests manually. All tier
one selinux tests are selected as well, thus extending requires.
${__python} and /usr/bin/python is not available anymore.
Fixes:
make[1]: /usr/bin/python: Command not found
Please specify at least one package name on the command line.
cc -g -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -I../include -D_GNU_SOURCE -DDISABLE_RPM -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -fPIC -DSHARED -c -o audit2why.lo audit2why.c
audit2why.c:6:10: fatal error: Python.h: No such file or directory
#include <Python.h>
^~~~~~~~~~
compilation terminated.
The following steps are used to execute the tests using the standard test interface:
Docker
sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS=docker:docker.io/library/fedora:26 TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags container tests.yml
Classic
sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS="" TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags classic tests.yml
https://src.fedoraproject.org/rpms/libselinux/pull-request/1
