amazon-linux-2023 icon indicating copy to clipboard operation
amazon-linux-2023 copied to clipboard
verified publisher icon amazonlinux

[Package Request] - SELinux bindings for Python 3.11

Open ps-jay opened this issue 2 years ago • 7 comments

What package is missing from Amazon Linux 2023? Please describe and include package name.

I'd like a package for the SELinux bindings for Python 3.11 in Amazon Linux 2023

In Amazon Linux 2023, both Python 3.9 and Python 3.11 are packaged. For example, today the versions available are:

  • python3-3.9.16-1.amzn2023.0.6.x86_64
  • python3.11-3.11.2-2.amzn2023.0.11.x86_64

But there is no Python 3.11 package for the SELinux bindings. The Python 3.9 package is:

  • python3-libselinux-3.4-5.amzn2023.0.2.x86_64

Ideally, python3.11-libselinux would exist

Is this an update to existing package or new package request?

New, but similar to python3-libselinux

Is this package available in Amazon Linux 2? If it is available via external sources such as EPEL, please specify.

No

Any additional information you'd like to include. (use-cases, etc)

Our use-case for this package is so that Ansible version 9.x can be used to manage files on AL2023 EC2's.

Ansible 9.x requires a minimum version of Python 3.10 (see: ansible-core support matrix)

If SELinux is turned on, and Ansible tries to manage files, then it encounters the following error:

Exception: Failed to detect selinux python bindings at ['/usr/local/lib64/python3.11/site-packages', '/usr/local/lib/python3.11/site-packages', '/usr/lib64/python3.11/site-packages', '/usr/lib/python3.11/site-packages']

We setup the Python 3.11 environment for Ansible like so:

# python3.11 -m venv /tmp/3.11
# source /tmp/3.11/bin/activate
# python --version
Python 3.11.2
# pip --version
pip 22.3.1 from /tmp/3.11/lib64/python3.11/site-packages/pip (python 3.11)
# pip install -U ansible boto3 pip requests selinux
# pip freeze | grep selinux
selinux==0.3.0

ps-jay avatar Nov 27 '23 02:11 ps-jay

We do ship Ansible 8.3 in AL2023 (as of AL2023.2), and this works with the system Python 3.9. As per https://docs.aws.amazon.com/linux/al2023/ug/python.html#python-modules we don't build all the possible python modules for each version of python, instead focusing on the system python (3.9).

stewartsmith avatar Nov 28 '23 16:11 stewartsmith

I understand the default stance of not building all possible Python modules, and that seems sensible

I wondered if the SELinux bindings might be an exception, since producing a 3.11 package requires compiling against the system libraries (e.g. libselinux isn't available as a wheel from PyPI)

ps-jay avatar Nov 28 '23 20:11 ps-jay

any update regarding this? still not working with python3.11

bitsky6 avatar Feb 27 '24 08:02 bitsky6

I have given in, and instead make use of the OS packaged Ansible

ps-jay avatar Aug 18 '24 04:08 ps-jay

At the moment, we are not producing python modules for python 3.11. Is there anything broken if simply pip installing selinux in a python3.11 venv ?

ozbenh avatar Aug 19 '24 08:08 ozbenh

Ah I see ... the selinux python module requires the libselinux python bindings ... and we don't ship these for p3.11

ozbenh avatar Aug 19 '24 08:08 ozbenh

It's tricky to generate lib bindings like this for multiple python versions due to the way the various python packaging macros work in Fedora/RedHat derivatives distro. I noticed RH9 doesn't ship this either. I cannot promise we will be able to.

ozbenh avatar Aug 19 '24 08:08 ozbenh