This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author neologix
Recipients Christophe.Devriese, gregory.p.smith, nadeem.vawda, neologix
Date 2011-05-19.22:55:47
SpamBayes Score 3.56558e-11
Marked as misclassified No
Message-id <>
Hello Christophe,

First and foremost, I think that the FD_CLOEXEC approach is terminally broken, as it should have been the default in Unix. Now, we're stuck with this bad design.
But we can't simply change the default to FD_CLOEXEC, for two reasons:
- we can't silently change the Unix semantics
- this is going to break some applications: for example, FD inherited across exec is used by super servers such as inetd, and there are others very legitimate uses

>  in the class TCPServer
>  add the following 2 lines in __init__ after self.socket = socket( ...:
>    flags = fcntl.fcntl(self.socket, fcntl.F_GETFD)
>    fcntl.fcntl(self.socket, fcntl.F_SETFD, flags | fcntl.FD_CLOEXEC)

There are at least two problems with this approach:
1) there's a race between the socket creation and the call to fcntl
2) accept doesn't necessarily inherit the FD_CLOEXEC flag

1) can be fixed on systems that support it through SOCK_CLOEXEC
2) can be fixed on systems that support it through accept4(), but it seems to break badly on some systems, see issue #10115

But I think this is a perfectly legitimate request, so one approach to tackle this problem could be:
- since accept4() seems to fail so badly in some configurations, the only portable and reliable choice left is probably to call accept() then fcntl(FD_CLOEXEC) (there's a race, but it's better than nothing). We might reconsider this syscall in a couple years when we're sure it's implemented correctly
- in the socketserver module, add a new set_socket_cloexec attribute to BaseServer, which would do the right thing (i.e. create the socket with SOCK_CLOEXEC if available, otherwise call fcntl(FD_CLOEXEC)), and in TCPServer, call fcntl(FD_CLOEXEC) after accept.

That way, this would at least fix the problem for people using the socketserver module. People using sockets directly of course have the option of using SOCK_CLOEXEC and fcntl(FD_CLOEXEC) explicitely in their code.

Gregory, any thoughts on this?
Date User Action Args
2011-05-19 22:55:48neologixsetrecipients: + neologix, gregory.p.smith, nadeem.vawda, Christophe.Devriese
2011-05-19 22:55:48neologixsetmessageid: <>
2011-05-19 22:55:48neologixlinkissue12107 messages
2011-05-19 22:55:47neologixcreate