I want to forbid my application to access the filesystem. The easiest way seems to be chrooting and droping privileges. However, surprisingly, python loads the codecs from the filesystem on-demand, which makes my program crash:
>>> import os >>> os.getuid() 0 >>> os.chroot('/tmp') >>> ''.decode('raw-unicode-escape') Traceback (most recent call last): File "<stdin>", line 1, in <module> (Interestingly, Python goes looking for the literal file "<stdin>" in sys.path. Wonder what happens if I touch /usr/lib/python2.7/dist-packages/<stdin>). Is there a neat way to solve this problem, i.e. have access to all codecs in a chroot? If not, I'd love to have a function codecs.preload_all() that does what my workaround does: import codecs,glob,os.path encs = [os.path.splitext(os.path.basename(f))[0] for f in glob.glob('/usr/lib/python*/encodings/*.py')] for e in encs: try: codecs.lookup(e) except LookupError: pass # __init__.py or something enumerate /usr/lib/python.*/encodings/*.py and call codecs.lookup for every os.path.splitext(os.path.basename(filename))[0] Dou you see any problem with this design? - Philipp
signature.asc
Description: OpenPGP digital signature
-- http://mail.python.org/mailman/listinfo/python-list