[subinterpreters] Add PyConfig._isolated_interpreter: isolated subinterpreters #84633

vstinner · 2020-04-30T20:00:57Z

BPO	40453
Nosy	@warsaw, @vstinner, @ericsnowcurrently, @corona10
PRs	bpo-40453: Add PyConfig._isolated_subinterpreter #19820

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2021-09-21.20:05:07.654>
created_at = <Date 2020-04-30.20:00:57.100>
labels = ['expert-subinterpreters', '3.9']
title = '[subinterpreters] Add PyConfig._isolated_interpreter: isolated subinterpreters'
updated_at = <Date 2021-09-21.20:05:07.653>
user = 'https://github.com/vstinner'

bugs.python.org fields:

activity = <Date 2021-09-21.20:05:07.653>
actor = 'vstinner'
assignee = 'none'
closed = True
closed_date = <Date 2021-09-21.20:05:07.654>
closer = 'vstinner'
components = ['Subinterpreters']
creation = <Date 2020-04-30.20:00:57.100>
creator = 'vstinner'
dependencies = []
files = []
hgrepos = []
issue_num = 40453
keywords = ['patch']
message_count = 3.0
messages = ['367778', '367830', '367831']
nosy_count = 4.0
nosy_names = ['barry', 'vstinner', 'eric.snow', 'corona10']
pr_nums = ['19820']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue40453'
versions = ['Python 3.9']

vstinner · 2020-04-30T20:00:57Z

I propose to add PyConfig._isolated_interpreter configuration parameter to disallow threads, subprocesses and fork in a subinterpreter.

_xxsubinterpreter.create() gets a new keyword-only isolated=True parameter to opt-in for not isolated mode, which is the current behavior of Py_NewInterpreter(). For example, mod_wsgi would continue to run in "non isolated" mode.

Attached PR implements this change. With the change, os.fork() is allowed again in "non isolated" subinterpreters (like mod_wsgi). os.fork() was disallowed in subinterpreters in Python 3.8, but subprocess was still allowed.

vstinner · 2020-05-01T09:33:52Z

New changeset 252346a by Victor Stinner in branch 'master':
bpo-40453: Add PyConfig._isolated_subinterpreter (GH-19820)
252346a

vstinner · 2020-05-01T09:34:44Z

TODO

check that spawning a thread is blocked in isolated subinterpreter
block loading C extensions which don't implement PEP-489 in isolated subinterpreter

(see #19820 comments)

vstinner added interpreter-core (Objects, Python, Grammar, and Parser dirs) 3.9 only security fixes labels Apr 30, 2020

vstinner added topic-subinterpreters and removed interpreter-core (Objects, Python, Grammar, and Parser dirs) labels May 15, 2020

vstinner changed the title ~~Add PyConfig._isolated_interpreter: isolated subinterpreters~~ [subinterpreters] Add PyConfig._isolated_interpreter: isolated subinterpreters May 15, 2020

vstinner added topic-subinterpreters and removed interpreter-core (Objects, Python, Grammar, and Parser dirs) labels May 15, 2020

vstinner changed the title ~~Add PyConfig._isolated_interpreter: isolated subinterpreters~~ [subinterpreters] Add PyConfig._isolated_interpreter: isolated subinterpreters May 15, 2020

vstinner closed this as completed Sep 21, 2021

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[subinterpreters] Add PyConfig._isolated_interpreter: isolated subinterpreters #84633

[subinterpreters] Add PyConfig._isolated_interpreter: isolated subinterpreters #84633

vstinner commented Apr 30, 2020

vstinner commented Apr 30, 2020

vstinner commented May 1, 2020

vstinner commented May 1, 2020

[subinterpreters] Add PyConfig._isolated_interpreter: isolated subinterpreters #84633

[subinterpreters] Add PyConfig._isolated_interpreter: isolated subinterpreters #84633

Comments

vstinner commented Apr 30, 2020

vstinner commented Apr 30, 2020

vstinner commented May 1, 2020

vstinner commented May 1, 2020