This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: chroot-ing breaks encodings.idna
Type: Stage:
Components: Library (Lib) Versions: Python 3.1
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: Nosy List: georg.brandl, ulidtko
Priority: normal Keywords:

Created on 2011-01-08 07:02 by ulidtko, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Messages (4)
msg125756 - (view) Author: (ulidtko) Date: 2011-01-08 07:02
Consider the following test script:

import os
import urllib.request

os.chroot("/tmp")

urllib.request.urlopen("http://localhost")


When executed with enough privileges, the script terminates with the following traceback:

Traceback (most recent call last):
  File "./test.py", line 8, in <module>
    urllib.request.urlopen("http://localhost")
  File "/usr/lib/python3.1/urllib/request.py", line 121, in urlopen
  File "/usr/lib/python3.1/urllib/request.py", line 350, in open
  File "/usr/lib/python3.1/urllib/request.py", line 368, in _open
  File "/usr/lib/python3.1/urllib/request.py", line 328, in _call_chain
  File "/usr/lib/python3.1/urllib/request.py", line 1110, in http_open
  File "/usr/lib/python3.1/urllib/request.py", line 1092, in do_open
  File "/usr/lib/python3.1/http/client.py", line 940, in request
  File "/usr/lib/python3.1/http/client.py", line 978, in _send_request
  File "/usr/lib/python3.1/http/client.py", line 936, in endheaders
  File "/usr/lib/python3.1/http/client.py", line 790, in _send_output
  File "/usr/lib/python3.1/http/client.py", line 731, in send
  File "/usr/lib/python3.1/http/client.py", line 713, in connect
  File "/usr/lib/python3.1/socket.py", line 320, in create_connection
LookupError: unknown encoding: idna

Without the os.chroot line it runs ok.


Furthermore, when importing encodings.idna explicitly and before chroot-ing, any hostname refuses to resolve at all.

Script:

import os
import urllib.request
import encodings.idna

os.chroot("/tmp")

urllib.request.urlopen("http://localhost")


now terminates with the following traceback:

Traceback (most recent call last):
  File "./test.py3", line 9, in <module>
    urllib.request.urlopen("http://localhost")
  File "/usr/lib/python3.1/urllib/request.py", line 121, in urlopen
  File "/usr/lib/python3.1/urllib/request.py", line 350, in open
  File "/usr/lib/python3.1/urllib/request.py", line 368, in _open
  File "/usr/lib/python3.1/urllib/request.py", line 328, in _call_chain
  File "/usr/lib/python3.1/urllib/request.py", line 1110, in http_open
  File "/usr/lib/python3.1/urllib/request.py", line 1095, in do_open
urllib.error.URLError: <urlopen error [Errno -2] Name or service not known>
msg125759 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2011-01-08 08:08
This is not a bug in Python: name resolution may not work in the chroot unless you add the libraries that are loaded on the fly by the libc.

It *may* also work if you make one name resolution (using socket.getaddressinfo for example) *before* chrooting.

To demonstrate that Python is not involved, you can reproduce the failure with the C program below.


#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <unistd.h>

int main() {
        int res;
        struct addrinfo *ai;

        if ((res = chroot("/tmp")) < 0) {
                printf("chroot failed with errno %d\n", -res);
        } else if ((res = getaddrinfo("google.de", "80", NULL, &ai)) < 0) {
                printf("getaddrinfo failed with errno %d: %s\n",
                       -res, gai_strerror(res));
        }
        return 0;
}
msg125762 - (view) Author: (ulidtko) Date: 2011-01-08 08:20
Can I perform a name resolution before chrooting, save the result and use it later for creating an instance of http.server.HTTPServer, as a workaround?
msg125764 - (view) Author: (ulidtko) Date: 2011-01-08 08:56
Ok, I can do it with socket.gethostbyname().

Thanks for clarifications.
History
Date User Action Args
2022-04-11 14:57:11adminsetgithub: 55074
2011-01-08 08:56:49ulidtkosetmessages: + msg125764
2011-01-08 08:20:44ulidtkosetmessages: + msg125762
2011-01-08 08:08:51georg.brandlsetstatus: open -> closed

nosy: + georg.brandl
messages: + msg125759

resolution: not a bug
2011-01-08 07:02:57ulidtkocreate