Re: [gentoo-portage-dev] [PATCH] portage.process.spawn: default close_fds=False (bug 648432)

Wed, 21 Feb 2018 19:20:04 -0800 

On 02/21/2018 04:06 PM, Brian Dolbec wrote:
> On Wed, 21 Feb 2018 15:27:43 -0800
> Zac Medico <zmed...@gentoo.org> wrote:
> 
>> For python3.4 and later, default to close_fds=False, since file
>> descriptors are non-inheritable by default due to PEP 446. This solves
>> a performance problem on systems like FreeBSD, where our get_open_fds
>> function returns all possible file descriptor values (including those
>> that are not open).
>>
>> Bug: https://bugs.gentoo.org/648432
>> See: https://www.python.org/dev/peps/pep-0446/
>> ---
>>  pym/portage/process.py | 6 ++++--
>>  1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/pym/portage/process.py b/pym/portage/process.py
>> index bc4efb5fe..4d96f156e 100644
>> --- a/pym/portage/process.py
>> +++ b/pym/portage/process.py
>> @@ -196,7 +196,8 @@ def cleanup():
>>  
>>  def spawn(mycommand, env={}, opt_name=None, fd_pipes=None,
>> returnpid=False, uid=None, gid=None, groups=None, umask=None,
>> logfile=None,
>> -          path_lookup=True, pre_exec=None, close_fds=True,
>> unshare_net=False,
>> +          path_lookup=True, pre_exec=None,
>> +          close_fds=(sys.version_info < (3, 4)), unshare_net=False,
>>            unshare_ipc=False, cgroup=None):
>>      """
>>      Spawns a given command.
>> @@ -228,7 +229,8 @@ def spawn(mycommand, env={}, opt_name=None,
>> fd_pipes=None, returnpid=False, @param pre_exec: A function to be
>> called with no arguments just prior to the exec call. @type pre_exec:
>> callable @param close_fds: If True, then close all file descriptors
>> except those
>> -            referenced by fd_pipes (default is True).
>> +            referenced by fd_pipes (default is True for
>> python3.3 and earlier, and False for
>> +            python3.4 and later due to non-inheritable file
>> descriptor behavior from PEP 446). @type close_fds: Boolean
>>      @param unshare_net: If True, networking will be unshared
>> from the spawned process @type unshare_net: Boolean
> 
> 
> looks harmless enough ;)

Yeah, my only concern is that emerge/ebuild might inherit some
troublesome file descriptors from the parent process, so PATCH 2/2 adds
a sanitize_fds() function for protection.
-- 
Thanks,
Zac

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to