On Mon, May 08, 2017 at 03:23:06PM -0400, Karl MacMillan wrote: > > > On May 7, 2017, at 5:39 AM, Dominick Grift <dac.override@xxxxxxxxx> wrote: > > > > On Sat, May 06, 2017 at 07:19:20PM +0200, Dominick Grift wrote: > >> On Sat, May 06, 2017 at 06:19:56PM +0200, Dominick Grift wrote: > >>> On Sat, May 06, 2017 at 04:03:58PM +0200, Dominick Grift wrote: > > [snip] > > >>>> > >>>> Nice! Unfornately i could not, which my limited capacity, get it to work. Here is what i tried: > >>>> > >>>> Fedora 26 (alpha): > >>>> sudo dnf install setools setools-console libselinux-python3 pandoc which > >>>> git clone https://github.com/quarcksecurity/span && cd span && pip3 install . --user > >>>> cd examples && jupyter-notebook > >>>> > >>>> As soon as i try to run any "cell" or do "restart kernel and run all cells" it throws stack traces about "ModuleNotFoundError" (import span as se" and "from sh import pandoc" > >>>> > >>>> All the stuff seems to be installed properly in ~/.local/lib/python3.6/site-packages, and the stack traces do refer to the proper paths suchs as for example: "/home/joe/.local/lib/python3.6/site-packages/span/domain_summary_to_word.py in <module> ()" > >>> > >>> I dont know exactly what the issue is but after installing the following from the fedora repository i seem to have it working: > >>> > >>> python3-pypandoc > >>> python3-pandocfilters > >>> python3-sh > >>> > >>> So i suspect the "from sh import pandoc" was the issue because sh was not in the python_requirements.txt, but even after adding it there it still did not work > >> > > I updated python_requirements.txt to include sh - thanks for that. > > >> The idea is nice, unfortunately its inflexible and it has hard-references to reference policy all-over. It has potential but it is still rough. > > > > > > Turns out that Fedora provides all the dependencies (some just have different names) > > > > I have created a Fedora SPAN.spec: > > > > https://github.com/DefenSec/selinux-rpm-spec/blob/master/SPAN.spec <https://github.com/DefenSec/selinux-rpm-spec/blob/master/SPAN.spec> > > > > > > Thanks for making the Fedora SPEC. > > I know it’s a topic of great debate, but there are some nice things about just sticking with the Python tools for dependency management for upstream. Mainly because it’s portable and helps get the latest versions (which is nice for fast moving projects like Jupyter notebook and Pandas). Yes it is pretty cool (pip) and this event actually prompted me to make pip work in my environment. However for me in this case it is really not an option. Its nice for simple python modules but python programs such as notebook need permissions that i do not associate will login users shells, and i dont support confining applications installed to $HOME. notebook needs permissions like execmem, needs network connectivity and a few other things that i do not allow my user login shells. So I have to make this work system-wide and I wanted the benefit of being able to manage/keep track off what i install system-wide > > Karl > > > >> > >>> > >>>> > >>>> -- > >>>> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > >>>> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 > >>>> Dominick Grift > >>> > >>> > >>> > >>> -- > >>> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > >>> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 > >>> Dominick Grift > >> > >> > >> > >> -- > >> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > >> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 > >> Dominick Grift > > > > > > > > -- > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 <https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02> > > Dominick Grift > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
