Package: python3-openssl
Severity: normal
Dear Maintainer,
I cannot run any python utility that uses the openssl wrapper due to AVC denial.
----
time->Sun Nov 11 19:16:12 2018
type=PROCTITLE msg=audit(1541992572.485:6658):
proctitle=2F7573722F62696E2F707974686F6E33002F7573722F62696E2F636C69676800636F6E666967757265
type=SYSCALL msg=audit(1541992572.485:6658): arch=c000003e syscall=9 success=no
exit=-13 a0=0 a1=1000 a2=7 a3=22 items=0 ppid=14505 pid=15696 auid=10008
uid=10008 gid=10000 euid=10008 suid=10008 fsuid=10008 egid=10000 sgid=10000
fsgid=10000 tty=pts6 ses=2 comm="cligh" exe="/usr/bin/python3.6"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1541992572.485:6658): avc: denied { execmem } for
pid=15696 comm="cligh"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
permissive=0
traceback running cligh (github client):
Traceback (most recent call last):
File "/usr/bin/cligh", line 45, in <module>
main()
File "/usr/bin/cligh", line 37, in main
config.do_configcmd()
File "/usr/lib/python3/dist-packages/cligh/config.py", line 79, in
do_configcmd
note_url='https://github.com/CMB/cligh')
File "/usr/lib/python3/dist-packages/github/AuthenticatedUser.py",
line 456, in creat
e_authorization
headers=request_header,
File "/usr/lib/python3/dist-packages/github/Requester.py", line 260,
in requestJsonAn
dCheck
return self.__check(*self.requestJson(verb, url, parameters, headers,
input, self._
_customConnection(url)))
File "/usr/lib/python3/dist-packages/github/Requester.py", line 317, in
requestJson return self.__requestEncode(cnx, verb, url, parameters,
headers, input, encode)
File "/usr/lib/python3/dist-packages/github/Requester.py", line 370, in
__requestEnco
de
status, responseHeaders, output = self.__requestRaw(cnx, verb, url,
requestHeaders,
encoded_input)
File "/usr/lib/python3/dist-packages/github/Requester.py", line 394, in
__requestRaw
response = cnx.getresponse()
File "/usr/lib/python3/dist-packages/github/Requester.py", line 107, in
getresponse
r = verb(url, headers=self.headers, data=self.input, timeout=self.timeout,
verify=self.verify)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 572, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 524, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 637, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in
urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in
_make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in
_validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 332, in
connect
cert_reqs=resolve_cert_reqs(self.cert_reqs),
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 281, in
create_urllib3_context
context.verify_mode = cert_reqs
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 412,
in verify_mode
_verify_callback
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1108, in set_verify
self._verify_helper = _VerifyHelper(callback)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 333, in __init__
"int (*)(int, X509_STORE_CTX *)", wrapper)
SystemError: <built-in method callback of CompiledFFI object at 0x7fd538c74130>
returned NULL without setting an error
-- System Information:
Debian Release: 9.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages python3-openssl depends on:
ii python3 3.5.3-1
pn python3-cryptography <none>
ii python3-six 1.10.0-3
python3-openssl recommends no packages.
Versions of packages python3-openssl suggests:
pn python-openssl-doc <none>
pn python3-openssl-dbg <none>
