From 48174fa0b949d6b1d0c1f074e7d4e47793759a43 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 16 Aug 2022 20:20:15 +0200 Subject: [PATCH] gh-96005: Handle WASI ENOTCAPABLE in getpath (GH-96006) - On WASI `ENOTCAPABLE` is now mapped to `PermissionError`. - The `errno` modules exposes the new error number. - `getpath.py` now ignores `PermissionError` when it cannot open landmark files `pybuilddir.txt` and `pyenv.cfg`. --- Doc/library/errno.rst | 9 +++++++++ Doc/library/exceptions.rst | 7 ++++++- .../2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst | 4 ++++ Modules/errnomodule.c | 4 ++++ Modules/getpath.py | 6 +++--- Objects/exceptions.c | 5 +++++ 6 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst diff --git a/Doc/library/errno.rst b/Doc/library/errno.rst index 035340e256874f..da4e964ac3f0c9 100644 --- a/Doc/library/errno.rst +++ b/Doc/library/errno.rst @@ -657,3 +657,12 @@ defined by the module. The specific list of defined symbols is available as Interface output queue is full .. versionadded:: 3.11 + +.. data:: ENOTCAPABLE + + Capabilities insufficient. This error is mapped to the exception + :exc:`PermissionError`. + + .. availability:: WASI + + .. versionadded:: 3.11.1 diff --git a/Doc/library/exceptions.rst b/Doc/library/exceptions.rst index 2eccbd17c482c0..fc856277d67b2e 100644 --- a/Doc/library/exceptions.rst +++ b/Doc/library/exceptions.rst @@ -746,7 +746,12 @@ depending on the system error code. Raised when trying to run an operation without the adequate access rights - for example filesystem permissions. - Corresponds to :c:data:`errno` :py:data:`~errno.EACCES` and :py:data:`~errno.EPERM`. + Corresponds to :c:data:`errno` :py:data:`~errno.EACCES`, + :py:data:`~errno.EPERM`, and :py:data:`~errno.ENOTCAPABLE`. + + .. versionchanged:: 3.11.1 + WASI's :py:data:`~errno.ENOTCAPABLE` is now mapped to + :exc:`PermissionError`. .. exception:: ProcessLookupError diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst b/Misc/NEWS.d/next/Core and Builtins/2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst new file mode 100644 index 00000000000000..06e414bca0f9c0 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst @@ -0,0 +1,4 @@ +On WASI :data:`~errno.ENOTCAPABLE` is now mapped to :exc:`PermissionError`. +The :mod:`errno` modules exposes the new error number. ``getpath.py`` now +ignores :exc:`PermissionError` when it cannot open landmark files +``pybuilddir.txt`` and ``pyenv.cfg``. diff --git a/Modules/errnomodule.c b/Modules/errnomodule.c index 0516e7367050c2..4de4144520aa48 100644 --- a/Modules/errnomodule.c +++ b/Modules/errnomodule.c @@ -927,6 +927,10 @@ errno_exec(PyObject *module) #ifdef EQFULL add_errcode("EQFULL", EQFULL, "Interface output queue is full"); #endif +#ifdef ENOTCAPABLE + // WASI extension + add_errcode("ENOTCAPABLE", ENOTCAPABLE, "Capabilities insufficient"); +#endif Py_DECREF(error_dict); return 0; diff --git a/Modules/getpath.py b/Modules/getpath.py index a50313aea78b4f..e3558bc49e389f 100644 --- a/Modules/getpath.py +++ b/Modules/getpath.py @@ -351,11 +351,11 @@ def search_up(prefix, *landmarks, test=isfile): try: # Read pyvenv.cfg from one level above executable pyvenvcfg = readlines(joinpath(venv_prefix, VENV_LANDMARK)) - except FileNotFoundError: + except (FileNotFoundError, PermissionError): # Try the same directory as executable pyvenvcfg = readlines(joinpath(venv_prefix2, VENV_LANDMARK)) venv_prefix = venv_prefix2 - except FileNotFoundError: + except (FileNotFoundError, PermissionError): venv_prefix = None pyvenvcfg = [] @@ -475,7 +475,7 @@ def search_up(prefix, *landmarks, test=isfile): # File exists but is empty platstdlib_dir = real_executable_dir build_prefix = joinpath(real_executable_dir, VPATH) - except FileNotFoundError: + except (FileNotFoundError, PermissionError): if isfile(joinpath(real_executable_dir, BUILD_LANDMARK)): build_prefix = joinpath(real_executable_dir, VPATH) if os_name == 'nt': diff --git a/Objects/exceptions.c b/Objects/exceptions.c index c56886870d3c8d..3703fdcda4dbe9 100644 --- a/Objects/exceptions.c +++ b/Objects/exceptions.c @@ -3635,6 +3635,11 @@ _PyExc_InitState(PyInterpreterState *interp) ADD_ERRNO(InterruptedError, EINTR); ADD_ERRNO(PermissionError, EACCES); ADD_ERRNO(PermissionError, EPERM); +#ifdef ENOTCAPABLE + // Extension for WASI capability-based security. Process lacks + // capability to access a resource. + ADD_ERRNO(PermissionError, ENOTCAPABLE); +#endif ADD_ERRNO(ProcessLookupError, ESRCH); ADD_ERRNO(TimeoutError, ETIMEDOUT);