Expose python libselinux bindings to tox envs

PR #1823 by @ssbarnea * Ensure python libselinux python bindings are installed Avoid awkward error during templating of Dockerfile which happens on SELinux enabled machines when Ansible template module fails due to missing SELinux bindings. By using sitepackages=true in tox.ini we inherit the libselinux bindings from the system when tox creates virtualenvs if they are installed system-wide. Work around ansible/ansible#34340 which happens even if SELinux is set to permissive. Document SELinux issues in the install documentation in order to inform users about what they could encounter. Fixes: #1724 Signed-off-by: Sorin Sbarnea <[email protected]>
ansible · Mar 14, 2019 · 12f925e · 12f925e
1 parent aa33f02
commit 12f925e
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 0 deletions.
diff --git a/bindep.txt b/bindep.txt
@@ -0,0 +1,2 @@
+libselinux-python [platform:redhat]
+python3-libselinux [platform:fedora]
diff --git a/doc/source/installation.rst b/doc/source/installation.rst
@@ -37,6 +37,13 @@ Pip
 
 :std:doc:`pip <pip:usage>` is the only supported installation method.
 
+Keep in mind that on selinux supporting systems, if you install into a virtual
+environment, you may face :gh:`issue <ansible/ansible/issues/34340>` even
+if selinux is not enabled or is configured to be permissive.
+
+It is your reponsability to assure that soft dependencies of Ansible are
+available on your controller or host machines.
+
 Requirements
 ------------
 

diff --git a/tox.ini b/tox.ini
@@ -41,6 +41,11 @@ commands =
     lint: yamllint -s test/ molecule/
 whitelist_externals =
     find
+# Enabling sitepackages is needed in order to avoid encountering exceptions
+# caused by missing selinux python bindinds in ansible modules like template.
+# Selinux python bindings are binary and they cannot be installed using pip
+# in virtualenvs. Details: https://github.com/ansible/molecule/issues/1724
+sitepackages = true
 
 [testenv:lint]
 deps =