codecs in a chroot / without fs access

Philipp Hagemeister phihag at
Mon Jan 9 19:41:04 EST 2012

I want to forbid my application to access the filesystem. The easiest
way seems to be chrooting and droping privileges. However, surprisingly,
python loads the codecs from the filesystem on-demand, which makes my
program crash:

>>> import os
>>> os.getuid()
>>> os.chroot('/tmp')
>>> ''.decode('raw-unicode-escape')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>

(Interestingly, Python goes looking for the literal file "<stdin>" in
sys.path. Wonder what happens if I touch

Is there a neat way to solve this problem, i.e. have access to all
codecs in a chroot?

If not, I'd love to have a function codecs.preload_all() that does what
my workaround does:

import codecs,glob,os.path
encs = [os.path.splitext(os.path.basename(f))[0]
        for f in glob.glob('/usr/lib/python*/encodings/*.py')]
for e in encs:
  except LookupError:
    pass # or something

enumerate /usr/lib/python.*/encodings/*.py and call codecs.lookup for
every os.path.splitext(os.path.basename(filename))[0]

Dou you see any problem with this design?

- Philipp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Python-list mailing list