[Python-checkins] bpo-34812: subprocess._args_from_interpreter_flags(): add isolated (GH-10675)
Miss Islington (bot)
webhook-mailer at python.org
Fri Nov 23 12:13:36 EST 2018
https://github.com/python/cpython/commit/01e579949ab546cd4cdd0d6d18e3ef41ce94f46e
commit: 01e579949ab546cd4cdd0d6d18e3ef41ce94f46e
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2018-11-23T09:13:32-08:00
summary:
bpo-34812: subprocess._args_from_interpreter_flags(): add isolated (GH-10675)
The "-I" command line option (run Python in isolated mode) is now
also copied by the multiprocessing and distutils modules when
spawning child processes. Previously, only -E and -s options (enabled
by -I) were copied.
subprocess._args_from_interpreter_flags() now copies the -I flag.
(cherry picked from commit 9de363271519e0616f4a7b59427057c4810d3acc)
Co-authored-by: Victor Stinner <vstinner at redhat.com>
files:
A Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst
M Lib/subprocess.py
M Lib/test/test_support.py
diff --git a/Lib/subprocess.py b/Lib/subprocess.py
index 00844bce229a..3c1abb74c26d 100644
--- a/Lib/subprocess.py
+++ b/Lib/subprocess.py
@@ -261,9 +261,7 @@ def _args_from_interpreter_flags():
# 'inspect': 'i',
# 'interactive': 'i',
'dont_write_bytecode': 'B',
- 'no_user_site': 's',
'no_site': 'S',
- 'ignore_environment': 'E',
'verbose': 'v',
'bytes_warning': 'b',
'quiet': 'q',
@@ -275,6 +273,14 @@ def _args_from_interpreter_flags():
if v > 0:
args.append('-' + opt * v)
+ if sys.flags.isolated:
+ args.append('-I')
+ else:
+ if sys.flags.ignore_environment:
+ args.append('-E')
+ if sys.flags.no_user_site:
+ args.append('-s')
+
# -W options
warnopts = sys.warnoptions[:]
bytes_warning = sys.flags.bytes_warning
diff --git a/Lib/test/test_support.py b/Lib/test/test_support.py
index 7870e940a46e..e29846efe554 100644
--- a/Lib/test/test_support.py
+++ b/Lib/test/test_support.py
@@ -456,7 +456,7 @@ def test_reap_children(self):
# pending child process
support.reap_children()
- def check_options(self, args, func):
+ def check_options(self, args, func, expected=None):
code = f'from test.support import {func}; print(repr({func}()))'
cmd = [sys.executable, *args, '-c', code]
env = {key: value for key, value in os.environ.items()
@@ -466,7 +466,9 @@ def check_options(self, args, func):
stderr=subprocess.DEVNULL,
universal_newlines=True,
env=env)
- self.assertEqual(proc.stdout.rstrip(), repr(args))
+ if expected is None:
+ expected = args
+ self.assertEqual(proc.stdout.rstrip(), repr(expected))
self.assertEqual(proc.returncode, 0)
def test_args_from_interpreter_flags(self):
@@ -482,6 +484,7 @@ def test_args_from_interpreter_flags(self):
['-v'],
['-b'],
['-q'],
+ ['-I'],
# same option multiple times
['-bb'],
['-vvv'],
@@ -500,6 +503,9 @@ def test_args_from_interpreter_flags(self):
with self.subTest(opts=opts):
self.check_options(opts, 'args_from_interpreter_flags')
+ self.check_options(['-I', '-E', '-s'], 'args_from_interpreter_flags',
+ ['-I'])
+
def test_optim_args_from_interpreter_flags(self):
# Test test.support.optim_args_from_interpreter_flags()
for opts in (
diff --git a/Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst b/Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst
new file mode 100644
index 000000000000..860404f019d2
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst
@@ -0,0 +1,4 @@
+The :option:`-I` command line option (run Python in isolated mode) is now
+also copied by the :mod:`multiprocessing` and :mod:`distutils` modules when
+spawning child processes. Previously, only :option:`-E` and :option:`-s` options
+(enabled by :option:`-I`) were copied.
More information about the Python-checkins
mailing list