This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Leif Middelschulte, christian.heimes
Date 2019-11-22.07:53:54
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1574409235.2.0.675993242198.issue38893@roundup.psfhosted.org>
In-reply-to
Content 
From the Github bug:

copy2() fails while copying extended attributes.

# python3
Python 3.7.4 (default, Aug 12 2019, 14:45:07) 
[GCC 9.1.1 20190605 (Red Hat 9.1.1-2)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import shutil
>>> shutil.copy2('/tmp/some_file', '/relabel_bug/failure')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python3.7/shutil.py", line 267, in copy2
    copystat(src, dst, follow_symlinks=follow_symlinks)
  File "/usr/lib64/python3.7/shutil.py", line 209, in copystat
    _copyxattr(src, dst, follow_symlinks=follow)
  File "/usr/lib64/python3.7/shutil.py", line 165, in _copyxattr
    os.setxattr(dst, name, value, follow_symlinks=follow_symlinks)
PermissionError: [Errno 13] Permission denied: '/relabel_bug/failure'

The setxattr() fail is blocked SELinux:
type=AVC msg=audit(1573815617.682:1332): avc:  denied  { relabelto } for  pid=3157530 comm="python3" name="failure" dev="loop1" ino=12 scontext=system_u:system_r:container_t:s0:c552,c859 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=0


Could you please provide name and value of the setxattr() call? I bet it's trying to setxattr 'security.selinux' extended file attribute.
History
Date User Action Args
2019-11-22 07:53:55christian.heimessetrecipients: + christian.heimes, Leif Middelschulte
2019-11-22 07:53:55christian.heimessetmessageid: <1574409235.2.0.675993242198.issue38893@roundup.psfhosted.org>
2019-11-22 07:53:55christian.heimeslinkissue38893 messages
2019-11-22 07:53:54christian.heimescreate