View Issue Details

IDProjectCategoryView StatusLast Update
0016389CentOS-7pythonpublic2020-05-13 11:06
Reporterssbarnea Assigned To 
Status assignedResolutionopen 
PlatformLinuxOSCentOSOS Version7.7
Product Version7.6.1810 
Summary0016389: python3-libselinux package is missing
DescriptionAs 7.7 introduced native python3.6 support, it seems that libselinux python bindins are missing and these are essential for lots of module, most notably ansible is pretty much useless without python-libselinux extensions.

What is worse is that there is no way to install these with pip, these need to be compiled on the same system they will be used as they depends on local libselinux verison. They are so important that I would propose including them with python3 package itself
Steps To Reproduceyum-config-manager --enable cr
yum update
yum install python36
python3 -c "import selinux"
# python3 -c "import selinux"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'selinux'

Additional Informationroot@n0:~ # yum search libselinux
libselinux-python.x86_64 : SELinux python bindings for libselinux

Clearly we need a python3-libselinux package.
Tagspython, selinux




2019-09-05 11:59

administrator   ~0035069

Ansible is supposed to use the default python on EL7, which *is* still python2, so libselinux-python is the one that would be used.
AFAIK, there is no python3-libselinux pkg in EL7.
So can you provide more informations about the issue you have ?


2019-09-05 12:31

reporter   ~0035070

* "selinux" python module is needed by ansible (jinja2 templating) and this special module cannot be installed using pip.
* the whole point of having python36 on centos7 was to prepare code to migrate, if we don't have selinux we cannot test it.
* yes for python2 there is the "libselinux-python" package, but we need the same for python3.

RHEL8/CentOS8/Fedora28+ do all have the python3-libselinux package, we just need to recompile it on CentOS7-with-python36 so we can use this interpreter for testing.

I will say it again, python-libselinux is special because opposed to other python modules which even if they are binary can be compiled via a pip-installed. This one cannot and worse, its binary is binary dependent on both selinux/kernel and python version. We do need to provide it.

I should mention that it may prove to be more convenient to build and include selinux with python distribution itself instead of creating a new rpm, the module itself is extremely small and is not loaded implicitlely.

Regarding your question related to "ansible is supposed to use system python": yes this is true unless you use Ansible for testing and your testing requires python3. Ansible itself perfectly supports using python3. Anyone can create a virtualenv and install ansible in it and use it from there, but if they lack a selinux module for that python version, they are mainly blocked.


2019-09-05 12:32

manager   ~0035071

The package is not in RHEL. CentOS is a rebuild of RHEL. You need to ask them.


2019-09-11 10:00

reporter   ~0035088

That's real unlucky, since it makes python3 real useless in terms of running ansible since even very simple things fail


2019-09-11 10:18

reporter   ~0035089

I also raised a bug against RHEL7 at but this bug should not be an excuse for not building a rpm.

There is a big difference between CentOS7 and RHEL7: Centos7 is latest supported CentOS version, which is not the case for RHEL7.

Also CentOS7 is used as a base for preparing other products to work with Red Hat platforms, example OpenStack so is in our interest to allow developers to test their code as soon as possible, so they would work better with our platforms.


2019-09-11 11:40

reporter   ~0035090

Tracking bug should be


2019-09-11 12:32

administrator   ~0035092

But that bug is private so don't know what it says .. :)


2019-09-11 12:51

reporter   ~0035093

@arrfab I was not the one that made it private but I added you to it which should give your access. Hopefully we can find a way to address it.


2019-09-11 13:11

developer   ~0035094

Hey y'all, original reporter of here. I think it's worth emphasizing that libselinux-python3 is a disabled subpackage of libselinux. All that would be required for CentOS to ship it in CentOS 7.7.1908 would be to remove the fedora conditional around the with_python3 macro.

Yes, this would be CentOS diverging from RHEL. But it's not like it's a request to add a completely new package. I think in this case it's worth consideration.


2019-09-25 18:31

reporter   ~0035215

To add more fun to the game, it seems that python2-libselinux is missing from CentOS 8, raised as

This means no version of CentOS can be used to test both python2 and python3 code. I guess that does make it unlikely to be preferred development OS for python developers.


2019-09-25 20:39

administrator   ~0035220

would you step forward to maintain it for the remaining lifetime of CentOS-7?


2019-10-14 09:24

reporter   ~0035459

libselinux-python3 was already approved to be build for centos-7 as stated on so this should reach centos soon.


2019-11-01 15:57

reporter   ~0035627

I'm hoping that libselinux-python3 (when it is finally available) will work for all versions of CentOS-7. In SELinux enforcing mode, Python3 is not allowed to write PYC files to folder "__pycache__" in lower priv areas like the cgi-bin directory of Apache. We currently fixed this by moving SELinux into permissive mode but that always makes me nervous. Anyway, since Python2 is effectively dead in 2020 (according to Guido) let's hope that all Linux distros begin to pay more attention their Python3 implementations.


2019-11-13 14:28

reporter   ~0035685

According to RPM find, another distro has already produced a solution*python3*&submit=Search+...&system=&arch=


2019-12-05 15:59

reporter   ~0035804

> Python2 is effectively dead in 2020

To clarify, python2 in RHEL 7 is supported for the lifetime of RHEL 7


2019-12-10 20:35

reporter   ~0035813

I am not sure how long RHEL 7 will be supported but problems are on the horizon which remind me of y2k (a looming problem but many continue to sleep-walk). So here's my sermon: many admin tools (yum and firewall-cmd are the first two which spring to mind) are written in python2 but the authors of Python2 have stated that there will be no security updates provided to python2 after 2020-01-01. Everyone knows that security is a constantly changing game of cat-and-mouse which means that some day soon, the Python2-based yum tool which is used to update both CentOS and RHEL, will not be secure. So we have two big issues here: customer code written in Python2 should be repaired so that it will work properly under Python3, and the Linux admin tools need to be upgraded ASAP just to protect future Linux updates.


2019-12-10 20:49

manager   ~0035814

Everything in the distro is supported by Red Hat until the demise of the distro 10 years after it it was first released. There is no looming python2 problem as it's supported by Red Hat until 2024


2019-12-10 20:54

reporter   ~0035815

FYI RHEL support policy is published at


2020-01-27 13:35

reporter   ~0036135

We are currently blocked by this issue.
I am wondering if there is any update on this issue?


2020-01-27 15:07

developer   ~0036138


2020-05-13 11:06

reporter   ~0036926

It seems that there is a package that might be fixing the issue:
# rpm -qa | grep libselinux-python

Issue History

Date Modified Username Field Change
2019-09-05 11:45 ssbarnea New Issue
2019-09-05 11:59 arrfab Status new => feedback
2019-09-05 11:59 arrfab Note Added: 0035069
2019-09-05 12:31 ssbarnea Note Added: 0035070
2019-09-05 12:31 ssbarnea Status feedback => assigned
2019-09-05 12:32 TrevorH Note Added: 0035071
2019-09-11 10:00 noonedeadpunk Note Added: 0035088
2019-09-11 10:18 ssbarnea Note Added: 0035089
2019-09-11 11:40 ssbarnea Note Added: 0035090
2019-09-11 12:32 arrfab Note Added: 0035092
2019-09-11 12:34 arrfab Status assigned => feedback
2019-09-11 12:51 ssbarnea Note Added: 0035093
2019-09-11 12:51 ssbarnea Status feedback => assigned
2019-09-11 13:11 carlwgeorge Note Added: 0035094
2019-09-25 18:25 ssbarnea Tag Attached: selinux
2019-09-25 18:25 ssbarnea Tag Attached: python
2019-09-25 18:31 ssbarnea Note Added: 0035215
2019-09-25 20:39 tru Note Added: 0035220
2019-10-14 09:24 ssbarnea Note Added: 0035459
2019-11-01 15:57 neilrieck Note Added: 0035627
2019-11-13 14:28 neilrieck Note Added: 0035685
2019-12-05 15:59 apevec Note Added: 0035804
2019-12-10 20:35 neilrieck Note Added: 0035813
2019-12-10 20:49 TrevorH Note Added: 0035814
2019-12-10 20:54 apevec Note Added: 0035815
2020-01-27 13:35 srallaba Note Added: 0036135
2020-01-27 15:07 carlwgeorge Note Added: 0036138
2020-05-13 11:06 hunter86_bg Note Added: 0036926