gh-96005: Handle WASI ENOTCAPABLE in getpath (GH-96006)

- On WASI `ENOTCAPABLE` is now mapped to `PermissionError`. - The `errno` modules exposes the new error number. - `getpath.py` now ignores `PermissionError` when it cannot open landmark files `pybuilddir.txt` and `pyenv.cfg`.
2024-09-05 08:17:45 +00:00 · 2022-08-16 20:20:15 +02:00 · 2022-08-16 20:20:15 +02:00 · 48174fa0b9
parent f215d7cac9
commit 48174fa0b9
6 changed files with 31 additions and 4 deletions
--- a/Doc/library/errno.rst
+++ b/Doc/library/errno.rst
@ -657,3 +657,12 @@ defined by the module.  The specific list of defined symbols is available as
   Interface output queue is full

   .. versionadded:: 3.11
+
+.. data:: ENOTCAPABLE
+
+   Capabilities insufficient. This error is mapped to the exception
+   :exc:`PermissionError`.
+
+   .. availability:: WASI
+
+   .. versionadded:: 3.11.1
--- a/Doc/library/exceptions.rst
+++ b/Doc/library/exceptions.rst
@ -746,7 +746,12 @@ depending on the system error code.

   Raised when trying to run an operation without the adequate access
   rights - for example filesystem permissions.
-   Corresponds to :c:data:`errno` :py:data:`~errno.EACCES` and :py:data:`~errno.EPERM`.
+   Corresponds to :c:data:`errno` :py:data:`~errno.EACCES`,
+   :py:data:`~errno.EPERM`, and :py:data:`~errno.ENOTCAPABLE`.
+
+   .. versionchanged:: 3.11.1
+      WASI's :py:data:`~errno.ENOTCAPABLE` is now mapped to
+      :exc:`PermissionError`.

 .. exception:: ProcessLookupError

--- a/Builtins/2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst
+++ b/Builtins/2022-08-15-21-08-11.gh-issue-96005.6eoc8k.rst
@ -0,0 +1,4 @@
+On WASI :data:`~errno.ENOTCAPABLE` is now mapped to :exc:`PermissionError`.
+The :mod:`errno` modules exposes the new error number. ``getpath.py`` now
+ignores :exc:`PermissionError` when it cannot open landmark files
+``pybuilddir.txt`` and ``pyenv.cfg``.
--- a/Modules/errnomodule.c
+++ b/Modules/errnomodule.c
@ -927,6 +927,10 @@ errno_exec(PyObject *module)
 #ifdef EQFULL
    add_errcode("EQFULL", EQFULL, "Interface output queue is full");
 #endif
+#ifdef ENOTCAPABLE
+    // WASI extension
+    add_errcode("ENOTCAPABLE", ENOTCAPABLE, "Capabilities insufficient");
+#endif

    Py_DECREF(error_dict);
    return 0;
--- a/Modules/getpath.py
+++ b/Modules/getpath.py
@ -351,11 +351,11 @@ def search_up(prefix, *landmarks, test=isfile):
        try:
            # Read pyvenv.cfg from one level above executable
            pyvenvcfg = readlines(joinpath(venv_prefix, VENV_LANDMARK))
-        except FileNotFoundError:
+        except (FileNotFoundError, PermissionError):
            # Try the same directory as executable
            pyvenvcfg = readlines(joinpath(venv_prefix2, VENV_LANDMARK))
            venv_prefix = venv_prefix2
-    except FileNotFoundError:
+    except (FileNotFoundError, PermissionError):
        venv_prefix = None
        pyvenvcfg = []

@ -475,7 +475,7 @@ def search_up(prefix, *landmarks, test=isfile):
        # File exists but is empty
        platstdlib_dir = real_executable_dir
        build_prefix = joinpath(real_executable_dir, VPATH)
-    except FileNotFoundError:
+    except (FileNotFoundError, PermissionError):
        if isfile(joinpath(real_executable_dir, BUILD_LANDMARK)):
            build_prefix = joinpath(real_executable_dir, VPATH)
            if os_name == 'nt':
--- a/Objects/exceptions.c
+++ b/Objects/exceptions.c
@ -3635,6 +3635,11 @@ _PyExc_InitState(PyInterpreterState *interp)
    ADD_ERRNO(InterruptedError, EINTR);
    ADD_ERRNO(PermissionError, EACCES);
    ADD_ERRNO(PermissionError, EPERM);
+#ifdef ENOTCAPABLE
+    // Extension for WASI capability-based security. Process lacks
+    // capability to access a resource.
+    ADD_ERRNO(PermissionError, ENOTCAPABLE);
+#endif
    ADD_ERRNO(ProcessLookupError, ESRCH);
    ADD_ERRNO(TimeoutError, ETIMEDOUT);