[Distutils] easy_install runnable in a sandbox environment?
Rick van der Zwet
info at rickvanderzwet.nl
Thu May 10 00:42:07 CEST 2012
I am having issues in running easy_install in a sandbox environment
(chroot with python2.7 under FreeBSD 9.0-RELASE, without /dev mount).
easy_install is sourcing tempfile, which requires /dev/urandom to be
present, as seen in the backtrace:
brahm# sh -x setuptools-0.6c11-py2.7.egg
+ basename setuptools-0.6c11-py2.7.egg
+ [ setuptools-0.6c11-py2.7.egg = setuptools-0.6c11-py2.7.egg ]
+ exec python2.7 -c 'import sys, os; sys.path.insert(0,
setuptools.command.easy_install import bootstrap;
Traceback (most recent call last):
File "<string>", line 1, in <module>
line 12, in <module>
File "/usr/local/lib/python2.7/tempfile.py", line 34, in <module>
from random import Random as _Random
File "/usr/local/lib/python2.7/random.py", line 881, in <module>
_inst = Random()
File "/usr/local/lib/python2.7/random.py", line 97, in __init__
File "/usr/local/lib/python2.7/random.py", line 111, in seed
a = long(_hexlify(_urandom(16)), 16)
OSError: [Errno 2] No such file or directory: '/dev/urandom'
Quite some time ago, their has been comments in the changelog (06.c4)
stating that running easy_install without /dev/urandom should be
Fixed not allowing os.open() of paths outside the sandbox, even if
they are opened read-only (e.g. reading /dev/urandom for random
numbers, as is done by os.urandom() on some platforms).
While this was back in 2006, I was wondering what the current state of
affairs which regards of requiring the /dev/urandom as of today? Am I
looking at a feature request, bug report or design limitation?
More information about the Distutils-SIG