{"id":4759,"library":"selinux","title":"SELinux Python Bindings (Shim)","description":"The `selinux` library for Python provides a shim for interacting with the system's SELinux module. It allows Python applications to query SELinux status, manage security contexts, and perform other SELinux-related operations. It primarily acts as a wrapper around the system's native `_selinux` module, which is typically provided by the `libselinux-python` package on Linux distributions. The current version is 0.3.0, with an active release cadence driven by contributions.","status":"active","version":"0.3.0","language":"en","source_language":"en","source_url":"https://github.com/pycontribs/selinux","tags":["security","selinux","linux","system-management"],"install":[{"cmd":"pip install selinux","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"symbol":"selinux","correct":"import selinux"}],"quickstart":{"code":"import selinux\n\nif selinux.is_selinux_enabled():\n    print(f\"SELinux is enabled: {selinux.security_getenforce() == 1}\")\n    print(f\"Current SELinux mode: {'Enforcing' if selinux.security_getenforce() == 1 else 'Permissive'}\")\n    print(f\"SELinux policy version: {selinux.security_getpolicyvers()}\")\nelse:\n    print(\"SELinux is not enabled on this system or the module is not fully functional.\")","lang":"python","description":"This quickstart demonstrates how to import the `selinux` module and check if SELinux is enabled on the system, along with its current enforcement status and policy version. This code will gracefully handle systems where SELinux is not active."},"warnings":[{"fix":"Upgrade your Python environment to 3.9 or newer, or pin your `selinux` dependency to `<0.3.0` if maintaining an older Python version.","message":"Version 0.3.0 changed the minimum Python requirement to 3.9. Projects using Python 3.8 or older will encounter installation errors or runtime issues.","severity":"breaking","affected_versions":">=0.3.0"},{"fix":"Ensure your system has SELinux enabled and the `libselinux-python` (or equivalent) package installed via your OS package manager (e.g., `dnf install libselinux-python` on RHEL/CentOS, `apt install python3-selinux` on Debian/Ubuntu, though the latter might be for a different package).","message":"This `selinux` package from PyPI is a shim/wrapper for the system-level `_selinux` module. It does NOT install SELinux functionality or the necessary underlying C libraries (`libselinux`) or their Python bindings (`libselinux-python`). If these are not already present and configured on your operating system, the module's functionality will be severely limited or unavailable.","severity":"gotcha","affected_versions":"all"},{"fix":"Run your Python script with appropriate privileges if it needs to perform privileged SELinux operations. Always follow the principle of least privilege.","message":"Many SELinux operations, especially those that modify policy or contexts, require elevated privileges (e.g., root) or specific SELinux capabilities. Running such functions without the necessary permissions will result in `PermissionError` or other runtime exceptions.","severity":"gotcha","affected_versions":"all"},{"fix":"Always explicitly check `selinux.is_selinux_enabled()` before attempting core SELinux operations. Implement robust error handling for functions that interact with SELinux.","message":"While v0.2.0 introduced changes to 'Avoid errors on non-selinux platforms', some functions might still raise errors or return misleading values if SELinux is disabled or the system's `_selinux` module is not correctly loaded. Always check `selinux.is_selinux_enabled()` first.","severity":"gotcha","affected_versions":"<0.2.0 and potentially all"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}