[Python-checkins] bpo-34812: subprocess._args_from_interpreter_flags(): add isolated (GH-10675)
Victor Stinner
webhook-mailer at python.org
Fri Nov 23 11:54:23 EST 2018
https://github.com/python/cpython/commit/9de363271519e0616f4a7b59427057c4810d3acc
commit: 9de363271519e0616f4a7b59427057c4810d3acc
branch: master
author: Victor Stinner <vstinner at redhat.com>
committer: GitHub <noreply at github.com>
date: 2018-11-23T17:54:20+01:00
summary:
bpo-34812: subprocess._args_from_interpreter_flags(): add isolated (GH-10675)
The "-I" command line option (run Python in isolated mode) is now
also copied by the multiprocessing and distutils modules when
spawning child processes. Previously, only -E and -s options (enabled
by -I) were copied.
subprocess._args_from_interpreter_flags() now copies the -I flag.
files:
A Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst
M Lib/subprocess.py
M Lib/test/test_support.py
diff --git a/Lib/subprocess.py b/Lib/subprocess.py
index 5db6f0cc24ba..696617697047 100644
--- a/Lib/subprocess.py
+++ b/Lib/subprocess.py
@@ -262,9 +262,7 @@ def _args_from_interpreter_flags():
# 'inspect': 'i',
# 'interactive': 'i',
'dont_write_bytecode': 'B',
- 'no_user_site': 's',
'no_site': 'S',
- 'ignore_environment': 'E',
'verbose': 'v',
'bytes_warning': 'b',
'quiet': 'q',
@@ -276,6 +274,14 @@ def _args_from_interpreter_flags():
if v > 0:
args.append('-' + opt * v)
+ if sys.flags.isolated:
+ args.append('-I')
+ else:
+ if sys.flags.ignore_environment:
+ args.append('-E')
+ if sys.flags.no_user_site:
+ args.append('-s')
+
# -W options
warnopts = sys.warnoptions[:]
bytes_warning = sys.flags.bytes_warning
diff --git a/Lib/test/test_support.py b/Lib/test/test_support.py
index 171e28aaa802..4a8f3c581872 100644
--- a/Lib/test/test_support.py
+++ b/Lib/test/test_support.py
@@ -456,7 +456,7 @@ def test_reap_children(self):
# pending child process
support.reap_children()
- def check_options(self, args, func):
+ def check_options(self, args, func, expected=None):
code = f'from test.support import {func}; print(repr({func}()))'
cmd = [sys.executable, *args, '-c', code]
env = {key: value for key, value in os.environ.items()
@@ -466,7 +466,9 @@ def check_options(self, args, func):
stderr=subprocess.DEVNULL,
universal_newlines=True,
env=env)
- self.assertEqual(proc.stdout.rstrip(), repr(args))
+ if expected is None:
+ expected = args
+ self.assertEqual(proc.stdout.rstrip(), repr(expected))
self.assertEqual(proc.returncode, 0)
def test_args_from_interpreter_flags(self):
@@ -482,6 +484,7 @@ def test_args_from_interpreter_flags(self):
['-v'],
['-b'],
['-q'],
+ ['-I'],
# same option multiple times
['-bb'],
['-vvv'],
@@ -500,6 +503,9 @@ def test_args_from_interpreter_flags(self):
with self.subTest(opts=opts):
self.check_options(opts, 'args_from_interpreter_flags')
+ self.check_options(['-I', '-E', '-s'], 'args_from_interpreter_flags',
+ ['-I'])
+
def test_optim_args_from_interpreter_flags(self):
# Test test.support.optim_args_from_interpreter_flags()
for opts in (
diff --git a/Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst b/Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst
new file mode 100644
index 000000000000..860404f019d2
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst
@@ -0,0 +1,4 @@
+The :option:`-I` command line option (run Python in isolated mode) is now
+also copied by the :mod:`multiprocessing` and :mod:`distutils` modules when
+spawning child processes. Previously, only :option:`-E` and :option:`-s` options
+(enabled by :option:`-I`) were copied.
More information about the Python-checkins
mailing list