Skip to content

[WASI] getpath.py does not handle "Capabilities insufficient" (ENOTCAPABLE) #96005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tiran opened this issue Aug 15, 2022 · 3 comments
Closed

[WASI] getpath.py does not handle "Capabilities insufficient" (ENOTCAPABLE) #96005

tiran opened this issue Aug 15, 2022 · 3 comments
Assignees
@brettcannon @zooba
Labels
3.11 only security fixes 3.12 only security fixes OS-wasi type-bug An unexpected behavior, bug, or error

Comments

@tiran
Copy link
Member

tiran commented Aug 15, 2022

Bug report

WASI has a capability-based security concept. A process must have a valid handle to open a resource. For example WASI runtimes let processes only open files that are inside a directory tree for which the process owns a file descriptor. wasmtime implements this with openat2(2) with flags RESOLVE_NO_MAGICLINKS | RESOLVE_BENEATH. Any attempt to open a file outside results in OSError: [Errno 76] Capabilities insufficient (ENOTCAPABLE / __WASI_ERRNO_NOTCAPABLE).

getpath.py runs into the capability issue in several places when the module attempts to read from landmark files VENV_LANDMARK and BUILDDIR_TXT. On wasmtime the WASI process starts with CWD=/ (root). By default the process does not have capability to access /. Our tests currently work around the problem by mapping on the host SRCDIR to / inside the WASI environment. Without the mapping, Python startup fails with

Exception ignored error evaluating path:
Traceback (most recent call last):
  File "<frozen getpath>", line 353, in <module>
OSError: [Errno 76] Capabilities insufficient
Fatal Python error: error evaluating path
Python runtime state: core initialized

Your environment

wasm32-wasi

Fix proposal

  • expose ENOTCAPABLE in errno module
  • map ENOTCAPABLE to PermissionError. Insufficient capabilities is a sort of permission problem.
  • catch PermissionError additionally to FileNotFoundError at places that read VENV_LANDMARK and BUILDDIR_TXT
@tiran tiran added type-bug An unexpected behavior, bug, or error 3.11 only security fixes 3.12 only security fixes labels Aug 15, 2022
tiran added a commit to tiran/cpython that referenced this issue Aug 15, 2022
@tiran
pythongh-96005: Handle WASI ENOTCAPABLE in getpath
86c6042 
- On WASI `ENOTCAPABLE` is now mapped to `PermissionError`.
- The `errno` modules exposes the new error number.
- `getpath.py` now ignores `PermissionError` when it cannot open landmark
  files `pybuilddir.txt` and `pyenv.cfg`.
@bedevere-bot bedevere-bot mentioned this issue Aug 15, 2022
Merged
@brettcannon
Copy link
Member

SGTM!

tiran added a commit that referenced this issue Aug 16, 2022
@tiran
gh-96005: Handle WASI ENOTCAPABLE in getpath (GH-96006)
48174fa 
- On WASI `ENOTCAPABLE` is now mapped to `PermissionError`.
- The `errno` modules exposes the new error number.
- `getpath.py` now ignores `PermissionError` when it cannot open landmark
  files `pybuilddir.txt` and `pyenv.cfg`.
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Aug 16, 2022
@tiran @miss-islington
pythongh-96005: Handle WASI ENOTCAPABLE in getpath (pythonGH-96006)
d4ff6ff 
- On WASI `ENOTCAPABLE` is now mapped to `PermissionError`.
- The `errno` modules exposes the new error number.
- `getpath.py` now ignores `PermissionError` when it cannot open landmark
  files `pybuilddir.txt` and `pyenv.cfg`.
(cherry picked from commit 48174fa)

Co-authored-by: Christian Heimes <[email protected]>
@bedevere-bot bedevere-bot mentioned this issue Aug 16, 2022
Closed
tiran added a commit to tiran/cpython that referenced this issue Aug 16, 2022
@tiran
pythongh-96005: FreeBSD has ENOTCAPABLE, too
0e36363
@bedevere-bot bedevere-bot mentioned this issue Aug 16, 2022
Merged
tiran added a commit that referenced this issue Aug 17, 2022
@tiran
gh-96005: FreeBSD has ENOTCAPABLE, too (GH-96034)
da0aa51
tiran added a commit to tiran/cpython that referenced this issue Aug 17, 2022
@tiran
pythongh-96005: FreeBSD has ENOTCAPABLE, too (pythonGH-96034)
5f4adff
@bedevere-bot bedevere-bot mentioned this issue Aug 17, 2022
Merged
tiran added a commit that referenced this issue Sep 13, 2022
@tiran
[3.11] gh-96005: Handle WASI ENOTCAPABLE in getpath (GH-96006) (GH-96034
bc337a7 
) (GH-96038)

- On WASI `ENOTCAPABLE` is now mapped to `PermissionError`.
- The `errno` modules exposes the new error number.
- `getpath.py` now ignores `PermissionError` when it cannot open landmark
  files `pybuilddir.txt` and `pyenv.cfg`.
@brettcannon
Copy link
Member

Can this issue be closed, or is there something still to do?

@brettcannon
Copy link
Member

@tiran all good to close this?

@tiran tiran closed this as completed Oct 22, 2022
@Yifei-yang7 Yifei-yang7 mentioned this issue Mar 5, 2023
Closed
@brettcannon brettcannon moved this from Todo to Done in WASI to tier 2 Jun 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brettcannon brettcannon

@zooba zooba

Labels
3.11 only security fixes 3.12 only security fixes OS-wasi type-bug An unexpected behavior, bug, or error
Projects
No open projects
WASI to tier 2
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brettcannon @tiran @zooba