selinux context in the system -> selinux context for this path
понеділок, 12 лютого 2024 р. о 07:44:06 UTC+1 Sergey Glazyrin пише:
> No, it works in another system. The problem is that I don't have selinux
> context on the system..... I don't remember that I set it up explicitly but
> maybe something changed after I updated gentoo
>
> понеділок, 12 лютого 2024 р. о 01:58:00 UTC+1 Rilindo Foster пише:
>
>> I am not able to reproduce the error, at least with ansible core 2.15.3:
>>
>> [rilindo@podman01 ~]$ getenforce
>>
>> Enforcing
>>
>> [rilindo@podman01 ~]$ ANSIBLE_KEEP_REMOTE_FILES=1 ansible localhost -m
>> tempfile -a "path=/tmp/ prefix=buildproject state=directory" -vvv
>>
>> ansible [core 2.15.3]
>>
>> config file = /etc/ansible/ansible.cfg
>>
>> configured module search path =
>> ['/home/rilindo/.ansible/plugins/modules',
>> '/usr/share/ansible/plugins/modules']
>>
>> ansible python module location =
>> /usr/lib/python3.11/site-packages/ansible
>>
>> ansible collection location =
>> /home/rilindo/.ansible/collections:/usr/share/ansible/collections
>>
>> executable location = /usr/bin/ansible
>>
>> python version = 3.11.5 (main, Oct 25 2023, 16:19:59) [GCC 8.5.0
>> 20210514 (Red Hat 8.5.0-20)] (/usr/bin/python3.11)
>>
>> jinja version = 3.1.2
>>
>> libyaml = True
>>
>> Using /etc/ansible/ansible.cfg as config file
>>
>> host_list declined parsing /etc/ansible/hosts as it did not pass its
>> verify_file() method
>>
>> script declined parsing /etc/ansible/hosts as it did not pass its
>> verify_file() method
>>
>> auto declined parsing /etc/ansible/hosts as it did not pass its
>> verify_file() method
>>
>> Parsed /etc/ansible/hosts inventory source with ini plugin
>>
>> Skipping callback 'default', as we already have a stdout callback.
>>
>> Skipping callback 'minimal', as we already have a stdout callback.
>>
>> Skipping callback 'oneline', as we already have a stdout callback.
>>
>> <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: rilindo
>>
>> <127.0.0.1> EXEC /bin/sh -c 'echo ~rilindo && sleep 0'
>>
>> <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo
>> /home/rilindo/.ansible/tmp `"&& mkdir "` echo
>> /home/rilindo/.ansible/tmp/ansible-tmp-1707699264.9183002-64356-88319939050553
>>
>> `" && echo ansible-tmp-1707699264.9183002-64356-88319939050553="` echo
>> /home/rilindo/.ansible/tmp/ansible-tmp-1707699264.9183002-64356-88319939050553
>>
>> `" ) && sleep 0'
>>
>> Using module file
>> /usr/lib/python3.11/site-packages/ansible/modules/tempfile.py
>>
>> <127.0.0.1> PUT
>> /home/rilindo/.ansible/tmp/ansible-local-62330a2uwxtzt/tmp001liao1 TO
>> /home/rilindo/.ansible/tmp/ansible-tmp-1707699264.9183002-64356-88319939050553/AnsiballZ_tempfile.py
>>
>> <127.0.0.1> EXEC /bin/sh -c 'chmod u+x
>> /home/rilindo/.ansible/tmp/ansible-tmp-1707699264.9183002-64356-88319939050553/
>>
>> /home/rilindo/.ansible/tmp/ansible-tmp-1707699264.9183002-64356-88319939050553/AnsiballZ_tempfile.py
>>
>> && sleep 0'
>>
>> <127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3.11
>> /home/rilindo/.ansible/tmp/ansible-tmp-1707699264.9183002-64356-88319939050553/AnsiballZ_tempfile.py
>>
>> && sleep 0'
>>
>> localhost | CHANGED => {
>>
>> "changed": true,
>>
>> "gid": 1000,
>>
>> "group": "rilindo",
>>
>> "invocation": {
>>
>> "module_args": {
>>
>> "path": "/tmp/",
>>
>> "prefix": "buildproject",
>>
>> "state": "directory",
>>
>> "suffix": ""
>>
>> }
>>
>> },
>>
>> "mode": "0700",
>>
>> "owner": "rilindo",
>>
>> "path": "/tmp/buildproject_zi01c58",
>>
>> "secontext": "unconfined_u:object_r:user_tmp_t:s0",
>>
>> "size": 6,
>>
>> "state": "directory",
>>
>> "uid": 1000
>>
>> }
>>
>> Perhaps it is something that is unique to your local system. Have you
>> been able to reproduce in any other system?
>>
>> - Rilindo
>>
>> On Feb 11, 2024, at 5:48 PM, Sergey Glazyrin <[email protected]>
>> wrote:
>>
>> Here it is
>> ANSIBLE_KEEP_REMOTE_FILES=1 ansible localhost -m tempfile -a "path=/tmp/
>> prefix=buildproject state=directory" -vvv
>> And I debugged it, it's not able to get data about selinux context
>> because it's not set, it's triggering OSError with code 61.
>> and then it's trying to build up json about failure and it's simply get
>> to the recursion....
>>
>>
>> понеділок, 12 лютого 2024 р. о 00:36:59 UTC+1 Rilindo Foster пише:
>>
>>> That is gnarly.
>>>
>>> Can you provide the play code that attempted to perform this operation?
>>>
>>> Rilindo
>>>
>>> On Feb 11, 2024, at 5:30 PM, Sergey Glazyrin <[email protected]>
>>> wrote:
>>>
>>> Hello guys
>>> I do use linux on local pc and selinux enabled, though there's no
>>> context for the folders/files/etc
>>> And I am getting following issue:
>>> Recursion error when ansible trying to build the json it failed with.
>>> I am getting it when I am trying to create directory using tempfile
>>> module, with parameters:
>>> "invocation": {
>>> "module_args": {
>>> "path": "/tmp/",
>>> "prefix":
>>> "buildproject-Bk4mnluds1J6XoC28KyR0QzUgSVVpgSJBxQ7JlWf",
>>> "state": "directory",
>>> "suffix": ""
>>> }
>>> },
>>> Traceback:
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 679, in selinux_context
>>> self.fail_json(path=path, msg='failed to retrieve selinux context')
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 1531, in fail_json
>>> self._return_formatted(kwargs)
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 1459, in _return_formatted
>>> self.add_path_info(kwargs)
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 1212, in add_path_info
>>> kwargs['secontext'] = ':'.join(self.selinux_context(path))
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 679, in selinux_context
>>> self.fail_json(path=path, msg='failed to retrieve selinux context')
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 1531, in fail_json
>>> self._return_formatted(kwargs)
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 1459, in _return_formatted
>>> self.add_path_info(kwargs)
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 1212, in add_path_info
>>> kwargs['secontext'] = ':'.join(self.selinux_context(path))
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 679, in selinux_context
>>> self.fail_json(path=path, msg='failed to retrieve selinux context')
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 1531, in fail_json
>>> self._return_formatted(kwargs)
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 1459, in _return_formatted
>>> self.add_path_info(kwargs)
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 1212, in add_path_info
>>> kwargs['secontext'] = ':'.join(self.selinux_context(path))
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/basic.py",
>>>
>>> line 674, in selinux_context
>>> ret = selinux.lgetfilecon_raw(to_native(path,
>>> errors='surrogate_or_strict'))
>>>
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>
>>> File
>>> "/tmp/ansible_tempfile_payload_qfnjn5co/ansible_tempfile_payload.zip/ansible/module_utils/compat/selinux.py",
>>>
>>> line 95, in lgetfilecon_raw
>>> rc = _selinux_lib.lgetfilecon_raw(path, byref(con))
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> ctypes.ArgumentError: argument 1: RecursionError: maximum recursion
>>> depth exceeded
>>> fatal: [127.0.0.1]: FAILED! => {
>>> "changed": false,
>>> "invocation": {
>>> "module_args": {
>>> "path": "/tmp/",
>>> "prefix":
>>> "buildproject-Bk4mnluds1J6XoC28KyR0QzUgSVVpgSJBxQ7JlWf",
>>> "state": "directory",
>>> "suffix": ""
>>> }
>>> },
>>> "msg": "argument 1: RecursionError: maximum recursion depth exceeded"
>>> }
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/67c6896e-8cd1-455b-af11-280f666d2bfbn%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/ansible-project/67c6896e-8cd1-455b-af11-280f666d2bfbn%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>>
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>>
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/14d47271-0e41-4499-919c-47667b87cd9dn%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/14d47271-0e41-4499-919c-47667b87cd9dn%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/27d776cd-70d3-42fa-96f1-93ed7497c88dn%40googlegroups.com.
