Mailing List Archive

gh-96005: Handle WASI ENOTCAPABLE in getpath (GH-96006)
https://github.com/python/cpython/commit/48174fa0b949d6b1d0c1f074e7d4e47793759a43
commit: 48174fa0b949d6b1d0c1f074e7d4e47793759a43
branch: main
author: Christian Heimes <christian@python.org>
committer: tiran <christian@python.org>
date: 2022-08-16T20:20:15+02:00
summary:

gh-96005: Handle WASI ENOTCAPABLE in getpath (GH-96006)

- On WASI `ENOTCAPABLE` is now mapped to `PermissionError`.
- The `errno` modules exposes the new error number.
- `getpath.py` now ignores `PermissionError` when it cannot open landmark
files `pybuilddir.txt` and `pyenv.cfg`.

files:
A Misc/NEWS.d/next/Core and Builtins/2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst
M Doc/library/errno.rst
M Doc/library/exceptions.rst
M Modules/errnomodule.c
M Modules/getpath.py
M Objects/exceptions.c

diff --git a/Doc/library/errno.rst b/Doc/library/errno.rst
index 035340e25687..da4e964ac3f0 100644
--- a/Doc/library/errno.rst
+++ b/Doc/library/errno.rst
@@ -657,3 +657,12 @@ defined by the module. The specific list of defined symbols is available as
Interface output queue is full

.. versionadded:: 3.11
+
+.. data:: ENOTCAPABLE
+
+ Capabilities insufficient. This error is mapped to the exception
+ :exc:`PermissionError`.
+
+ .. availability:: WASI
+
+ .. versionadded:: 3.11.1
diff --git a/Doc/library/exceptions.rst b/Doc/library/exceptions.rst
index 2eccbd17c482..fc856277d67b 100644
--- a/Doc/library/exceptions.rst
+++ b/Doc/library/exceptions.rst
@@ -746,7 +746,12 @@ depending on the system error code.

Raised when trying to run an operation without the adequate access
rights - for example filesystem permissions.
- Corresponds to :c:data:`errno` :py:data:`~errno.EACCES` and :py:data:`~errno.EPERM`.
+ Corresponds to :c:data:`errno` :py:data:`~errno.EACCES`,
+ :py:data:`~errno.EPERM`, and :py:data:`~errno.ENOTCAPABLE`.
+
+ .. versionchanged:: 3.11.1
+ WASI's :py:data:`~errno.ENOTCAPABLE` is now mapped to
+ :exc:`PermissionError`.

.. exception:: ProcessLookupError

diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst b/Misc/NEWS.d/next/Core and Builtins/2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst
new file mode 100644
index 000000000000..06e414bca0f9
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst
@@ -0,0 +1,4 @@
+On WASI :data:`~errno.ENOTCAPABLE` is now mapped to :exc:`PermissionError`.
+The :mod:`errno` modules exposes the new error number. ``getpath.py`` now
+ignores :exc:`PermissionError` when it cannot open landmark files
+``pybuilddir.txt`` and ``pyenv.cfg``.
diff --git a/Modules/errnomodule.c b/Modules/errnomodule.c
index 0516e7367050..4de4144520aa 100644
--- a/Modules/errnomodule.c
+++ b/Modules/errnomodule.c
@@ -927,6 +927,10 @@ errno_exec(PyObject *module)
#ifdef EQFULL
add_errcode("EQFULL", EQFULL, "Interface output queue is full");
#endif
+#ifdef ENOTCAPABLE
+ // WASI extension
+ add_errcode("ENOTCAPABLE", ENOTCAPABLE, "Capabilities insufficient");
+#endif

Py_DECREF(error_dict);
return 0;
diff --git a/Modules/getpath.py b/Modules/getpath.py
index a50313aea78b..e3558bc49e38 100644
--- a/Modules/getpath.py
+++ b/Modules/getpath.py
@@ -351,11 +351,11 @@ def search_up(prefix, *landmarks, test=isfile):
try:
# Read pyvenv.cfg from one level above executable
pyvenvcfg = readlines(joinpath(venv_prefix, VENV_LANDMARK))
- except FileNotFoundError:
+ except (FileNotFoundError, PermissionError):
# Try the same directory as executable
pyvenvcfg = readlines(joinpath(venv_prefix2, VENV_LANDMARK))
venv_prefix = venv_prefix2
- except FileNotFoundError:
+ except (FileNotFoundError, PermissionError):
venv_prefix = None
pyvenvcfg = []

@@ -475,7 +475,7 @@ def search_up(prefix, *landmarks, test=isfile):
# File exists but is empty
platstdlib_dir = real_executable_dir
build_prefix = joinpath(real_executable_dir, VPATH)
- except FileNotFoundError:
+ except (FileNotFoundError, PermissionError):
if isfile(joinpath(real_executable_dir, BUILD_LANDMARK)):
build_prefix = joinpath(real_executable_dir, VPATH)
if os_name == 'nt':
diff --git a/Objects/exceptions.c b/Objects/exceptions.c
index c56886870d3c..3703fdcda4db 100644
--- a/Objects/exceptions.c
+++ b/Objects/exceptions.c
@@ -3635,6 +3635,11 @@ _PyExc_InitState(PyInterpreterState *interp)
ADD_ERRNO(InterruptedError, EINTR);
ADD_ERRNO(PermissionError, EACCES);
ADD_ERRNO(PermissionError, EPERM);
+#ifdef ENOTCAPABLE
+ // Extension for WASI capability-based security. Process lacks
+ // capability to access a resource.
+ ADD_ERRNO(PermissionError, ENOTCAPABLE);
+#endif
ADD_ERRNO(ProcessLookupError, ESRCH);
ADD_ERRNO(TimeoutError, ETIMEDOUT);


_______________________________________________
Python-checkins mailing list
Python-checkins@python.org
https://mail.python.org/mailman/listinfo/python-checkins