On 02/21/2018 04:06 PM, Brian Dolbec wrote: > On Wed, 21 Feb 2018 15:27:43 -0800 > Zac Medico <zmed...@gentoo.org> wrote: > >> For python3.4 and later, default to close_fds=False, since file >> descriptors are non-inheritable by default due to PEP 446. This solves >> a performance problem on systems like FreeBSD, where our get_open_fds >> function returns all possible file descriptor values (including those >> that are not open). >> >> Bug: https://bugs.gentoo.org/648432 >> See: https://www.python.org/dev/peps/pep-0446/ >> --- >> pym/portage/process.py | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/pym/portage/process.py b/pym/portage/process.py >> index bc4efb5fe..4d96f156e 100644 >> --- a/pym/portage/process.py >> +++ b/pym/portage/process.py >> @@ -196,7 +196,8 @@ def cleanup(): >> >> def spawn(mycommand, env={}, opt_name=None, fd_pipes=None, >> returnpid=False, uid=None, gid=None, groups=None, umask=None, >> logfile=None, >> - path_lookup=True, pre_exec=None, close_fds=True, >> unshare_net=False, >> + path_lookup=True, pre_exec=None, >> + close_fds=(sys.version_info < (3, 4)), unshare_net=False, >> unshare_ipc=False, cgroup=None): >> """ >> Spawns a given command. >> @@ -228,7 +229,8 @@ def spawn(mycommand, env={}, opt_name=None, >> fd_pipes=None, returnpid=False, @param pre_exec: A function to be >> called with no arguments just prior to the exec call. @type pre_exec: >> callable @param close_fds: If True, then close all file descriptors >> except those >> - referenced by fd_pipes (default is True). >> + referenced by fd_pipes (default is True for >> python3.3 and earlier, and False for >> + python3.4 and later due to non-inheritable file >> descriptor behavior from PEP 446). @type close_fds: Boolean >> @param unshare_net: If True, networking will be unshared >> from the spawned process @type unshare_net: Boolean > > > looks harmless enough ;)
Yeah, my only concern is that emerge/ebuild might inherit some troublesome file descriptors from the parent process, so PATCH 2/2 adds a sanitize_fds() function for protection. -- Thanks, Zac
signature.asc
Description: OpenPGP digital signature