-
-
Notifications
You must be signed in to change notification settings - Fork 636
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix filesystem sandbox leaks in Python bootstrapping #16800
Comments
@tdyas raised the point that the latter approach (a docker-aware intrinsic), adds the requirement that there is a docker image which corresponds to any remote execution environment, and some environments might not use docker. Additionally the |
I'm working on this. |
Having got to the point where I'm actually looking at the code in |
(to be clear: I think pyenv and asdf should be local-only, and we should work on making the rules cacheable based on the contents of the relevant config files if possible.) |
Related: @chrisjrn and I decided that @chrisjrn, I think it is reasonable to not support But, we still would want code to detect when
I don't know the right behavior here. Note that we include |
@stuhood thoughts? |
Yea, fine with this. |
…hs (#17030) Previously, `PythonBootstrap` had a method that would calculate the expanded interpreter paths when they are first consumed. This change moves the calculation of those expanded interpreter paths to the initial creation of `PythonBootstrap`. Relatedly, a bunch of static methods defined on `PythonBootstrap` are now private functions at module scope. This is prework that will significantly improve the clarity of my next piece of work on `PythonBootstrap`, namely converting all of the various filesystem-dependent functions to `@rule`s. **None of the helper methods have been changed** Addresses #16800.
…valid settings (#17041) Per discussion in #16800, we're OK with using direct filesystem access to support pyenv support (and separately, asdf support) for local runtime environments only. This adds a preprocessing function that supports: * no-opping for local/undefined environments * handling the case where the search paths are unaltered from the default, by stripping out unsupported search paths * raising an exception with fixing instructions if unsupported search paths are requested for remote/docker environments n.b. `PythonBootstrap` is still incorrectly cached for pyenv users, and that will be addressed in one (hopefully) final PR.
This moves the path-specific options for `GolangSubsystem` into an `EnvironmentAware` block, and factors `cgo_tool_search_paths` into a property based on the new `depends_on_env_vars` functionality. Further, the `GoBootstrap` code is refactored to pre-compute the go search paths, saving a request to the uncacheable `asdf` rules if they are not necessary. Still todo -- erroring if `asdf` is used in a non-local environment. Unblocks work on #16800
Following discussion with @stuhood, it emerged that none of the filesystem-sensitive code in `python_bootstrap` is cache-correct, in that the functions that hit the filesystem were not marked `uncacheable`. This PR refactors `_expand_interpreter_search_paths` and `_get_pyenv_paths` into rules, marking `_get_pyenv_paths` as uncacheable. This reduces the footprint of the sandbox-unsafe code to just `_get_pyenv_paths`. It also reduces the scope of `AsdfToolPathsRequest`, and moves the point where it is requested to inside the path expansion rule, and only if `asdf` is actually requested. Closes #16800.
(blocked by #16754)
python_bootstrap.py
andasdf.py
are the two (known?) filesystem sandbox leaks due to using direct filesystem access (PATH
checks, essentially) to discover Python interpreters:pants/src/python/pants/core/util_rules/asdf.py
Lines 166 to 168 in 1fa5975
To resolve this, we might need to port the discovery of those paths to a
Process
(which could run inside of an image). And unfortunately, because they execute before we are sure that we have a python-interpreter available, possibly to either bash or native code (see some discussion here: #10769 (comment)).Alternatively, we might be able to implement and use #10842: the implication would be that unlike
Snapshots
/PathGlobs
in general, an "absolute path" based implementation would be environment specific, and could be implemented such that it did lookups inside a docker container.The text was updated successfully, but these errors were encountered: