Issue #101 resolved

SandboxViolation when opening os.devnull

Anonymous created an issue

Using Distribute 0.6.8, I get this error: {{{ ender:~ habnabit$ easy_install oursql Searching for oursql Reading http://pypi.python.org/simple/oursql/ Reading http://launchpad.net/oursql Best match: oursql 0.1 Downloading http://launchpad.net/oursql/trunk/0.1/+download/oursql-0.1.zip Processing oursql-0.1.zip Running oursql-0.1/setup.py -q bdist_egg --dist-dir /var/folders/vt/vtsTQLkkFNCqREdN+o2BqE+++TI/-Tmp-/easy_install-A9gfTI/oursql-0.1/egg-dist-tmp-CwfjXP error: Setup script exited with error: SandboxViolation: open('/dev/null', 'w') {}

The package setup script has attempted to modify files on your system that are not within the EasyInstall build area, and has been aborted.

This package cannot be safely installed by EasyInstall, and may not support alternate installation locations even if you run its setup script by hand. Please inform the package's author and the EasyInstall maintainers to find out if a fix or workaround is available. }}}

The setup.py script runs some subprocess calls and tries to set stdin and stderr to os.devnull. I would think that it would be fine to open os.devnull and not violate the sandbox.

Comments (6)

  1. Tarek Ziadé repo owner

    The setup.py script runs some subprocess calls and tries to set stdin and stderr to os.devnull. I would think that it would be fine to open os.devnull and not violate the sandbox.

    Looking at the code, this software uses "/dev/null" just to silent the output of the subprocess commands. I think it simpler to replace "open(os.devnull, 'w')" by a StringIO() instance in that case, to avoid any I/O.

  2. Anonymous

    subprocess.Popen can't take StringIO instances; it uses os.dup2 internally, which requires a fileno.

  3. Anonymous

    Yeah, ultimately I did change it to use PIPE, but the issue with doing that is it's possible to deadlock the entire process if the pipe's buffer fills up.

  4. Log in to comment