Skip to content

PyPy 3.8 virtualenvs lost system isolation on Debian #2309

Closed
#2310
Closed
PyPy 3.8 virtualenvs lost system isolation on Debian#2309
#2310
Labels
bug
@stefanor

Description

@stefanor
stefanor
opened on Mar 5, 2022

Issue

Virtualenvs created with (Debian) PyPy 3.8 on Debian have lost system isolation.

root@evident-guppy:/tmp# testve/bin/python -c 'import sys; print(sys.path)'
['', '/usr/lib/pypy3.8', '/tmp/testve/lib/pypy3.8/site-packages', '/tmp/testve/lib/python3/dist-packages']
root@evident-guppy:/tmp# ls /tmp/testve/lib/python3/dist-packages
__pycache__		 pip-22.0.2.dist-info	       six.py
_distutils_hack		 pkg_resources		       virtualenv
distlib			 platformdirs		       virtualenv-20.13.0+ds.dist-info
distlib-0.3.4.egg-info	 platformdirs-2.5.1.dist-info  wheel
filelock		 setuptools		       wheel-0.37.1.egg-info
filelock-3.6.0.egg-info  setuptools-59.6.0.egg-info
pip			 six-1.16.0.egg-info
root@evident-guppy:/tmp# ls -l /tmp/testve/lib/python3
lrwxrwxrwx 1 root root 16 Mar  5 00:58 /tmp/testve/lib/python3 -> /usr/lib/python3
root@evident-guppy:/tmp# ls -l /tmp/testve/lib
total 148
lrwxrwxrwx 1 root root 12 Mar  5 00:58 apt -> /usr/lib/apt
lrwxrwxrwx 1 root root 20 Mar  5 00:58 bfd-plugins -> /usr/lib/bfd-plugins
lrwxrwxrwx 1 root root 17 Mar  5 00:58 binfmt.d -> /usr/lib/binfmt.d
lrwxrwxrwx 1 root root 18 Mar  5 00:58 compat-ld -> /usr/lib/compat-ld
lrwxrwxrwx 1 root root 12 Mar  5 00:58 cpp -> /usr/lib/cpp
lrwxrwxrwx 1 root root 17 Mar  5 00:58 dbus-1.0 -> /usr/lib/dbus-1.0
lrwxrwxrwx 1 root root 13 Mar  5 00:58 dpkg -> /usr/lib/dpkg
lrwxrwxrwx 1 root root 22 Mar  5 00:58 environment.d -> /usr/lib/environment.d
lrwxrwxrwx 1 root root 12 Mar  5 00:58 gcc -> /usr/lib/gcc
lrwxrwxrwx 1 root root 14 Mar  5 00:58 gnupg -> /usr/lib/gnupg
lrwxrwxrwx 1 root root 15 Mar  5 00:58 gnupg2 -> /usr/lib/gnupg2
lrwxrwxrwx 1 root root 16 Mar  5 00:58 gold-ld -> /usr/lib/gold-ld
lrwxrwxrwx 1 root root 17 Mar  5 00:58 ifupdown -> /usr/lib/ifupdown
lrwxrwxrwx 1 root root 13 Mar  5 00:58 init -> /usr/lib/init
lrwxrwxrwx 1 root root 15 Mar  5 00:58 kernel -> /usr/lib/kernel
lrwxrwxrwx 1 root root 15 Mar  5 00:58 locale -> /usr/lib/locale
lrwxrwxrwx 1 root root 12 Mar  5 00:58 lsb -> /usr/lib/lsb
lrwxrwxrwx 1 root root 13 Mar  5 00:58 mime -> /usr/lib/mime
lrwxrwxrwx 1 root root 19 Mar  5 00:58 modprobe.d -> /usr/lib/modprobe.d
lrwxrwxrwx 1 root root 23 Mar  5 00:58 modules-load.d -> /usr/lib/modules-load.d
lrwxrwxrwx 1 root root 16 Mar  5 00:58 openssh -> /usr/lib/openssh
lrwxrwxrwx 1 root root 19 Mar  5 00:58 os-release -> /usr/lib/os-release
lrwxrwxrwx 1 root root 14 Mar  5 00:58 pam.d -> /usr/lib/pam.d
lrwxrwxrwx 1 root root 14 Mar  5 00:58 pypy3 -> /usr/lib/pypy3
drwxr-xr-x 1 root root 26 Mar  5 00:58 pypy3.8
lrwxrwxrwx 1 root root 16 Mar  5 00:58 python3 -> /usr/lib/python3
lrwxrwxrwx 1 root root 19 Mar  5 00:58 python3.10 -> /usr/lib/python3.10
lrwxrwxrwx 1 root root 18 Mar  5 00:58 python3.9 -> /usr/lib/python3.9
lrwxrwxrwx 1 root root 14 Mar  5 00:58 sasl2 -> /usr/lib/sasl2
lrwxrwxrwx 1 root root 12 Mar  5 00:58 ssl -> /usr/lib/ssl
lrwxrwxrwx 1 root root 17 Mar  5 00:58 sysctl.d -> /usr/lib/sysctl.d
lrwxrwxrwx 1 root root 16 Mar  5 00:58 systemd -> /usr/lib/systemd
lrwxrwxrwx 1 root root 19 Mar  5 00:58 sysusers.d -> /usr/lib/sysusers.d
lrwxrwxrwx 1 root root 17 Mar  5 00:58 terminfo -> /usr/lib/terminfo
lrwxrwxrwx 1 root root 19 Mar  5 00:58 tmpfiles.d -> /usr/lib/tmpfiles.d
lrwxrwxrwx 1 root root 13 Mar  5 00:58 udev -> /usr/lib/udev
lrwxrwxrwx 1 root root 17 Mar  5 00:58 valgrind -> /usr/lib/valgrind
lrwxrwxrwx 1 root root 25 Mar  5 00:58 x86_64-linux-gnu -> /usr/lib/x86_64-linux-gnu

Debian patches site.py to add $PREFIX/lib/python3/dist-packages to the module path. Usually in a virtualenv this doesn't exist, giving us the isolation we desire. But by symlinking everything from /usr/* into lib in the virtualenv, we're making it exist.

Environment

Provide at least:

  • OS: Debian
  • pip list of the host python where virtualenv is installed:
Package      Version
------------ ----------
distlib      0.3.4
filelock     3.6.0
pip          22.0.2
platformdirs 2.5.1
setuptools   59.6.0
six          1.16.0
virtualenv   20.13.0+ds
wheel        0.37.1

Output of the virtual environment creation

Make sure to run the creation with -vvv --with-traceback:

# virtualenv -p pypy3 -vvv --with-traceback testve
120 setup logging to NOTSET [DEBUG report:39]
127 find interpreter for spec PythonSpec(implementation=pypy, major=3) [INFO builtin:62]
127 proposed PythonInfo(spec=CPython3.9.10.final.0-64, exe=/usr/bin/python3, platform=linux, version='3.9.10 (main, Feb 22 2022, 13:54:07) \n[GCC 11.2.0]', encoding_fs_io=utf-8-utf-8) [INFO builtin:69]
127 discover PATH[0]=/usr/local/sbin [DEBUG builtin:114]
128 filesystem is case-sensitive [DEBUG info:29]
128 discover PATH[1]=/usr/local/bin [DEBUG builtin:114]
128 discover PATH[2]=/usr/sbin [DEBUG builtin:114]
128 discover PATH[3]=/usr/bin [DEBUG builtin:114]
128 Attempting to acquire lock 139763564173584 on /root/.local/share/virtualenv/py_info/1/6492f50af86946bbd22a525338648088136db79bea86b549d61d5a1dea31d343.lock [DEBUG _api:169]
128 Lock 139763564173584 acquired on /root/.local/share/virtualenv/py_info/1/6492f50af86946bbd22a525338648088136db79bea86b549d61d5a1dea31d343.lock [DEBUG _api:173]
129 got python info of /usr/bin/pypy3 from /root/.local/share/virtualenv/py_info/1/6492f50af86946bbd22a525338648088136db79bea86b549d61d5a1dea31d343.json [DEBUG via_disk_folder:135]
130 Attempting to release lock 139763564173584 on /root/.local/share/virtualenv/py_info/1/6492f50af86946bbd22a525338648088136db79bea86b549d61d5a1dea31d343.lock [DEBUG _api:203]
130 Lock 139763564173584 released on /root/.local/share/virtualenv/py_info/1/6492f50af86946bbd22a525338648088136db79bea86b549d61d5a1dea31d343.lock [DEBUG _api:206]
130 proposed PathPythonInfo(spec=PyPy3.8.12.final.0-64, exe=/usr/bin/pypy3, platform=linux, version='3.8.12 (7.3.8+dfsg-2, Mar 03 2022, 01:25:50)\n[PyPy 7.3.8 with GCC 11.2.0]', encoding_fs_io=utf-8-UTF-8) [INFO builtin:69]
130 accepted PathPythonInfo(spec=PyPy3.8.12.final.0-64, exe=/usr/bin/pypy3, platform=linux, version='3.8.12 (7.3.8+dfsg-2, Mar 03 2022, 01:25:50)\n[PyPy 7.3.8 with GCC 11.2.0]', encoding_fs_io=utf-8-UTF-8) [DEBUG builtin:71]
166 create virtual environment via PyPy3Posix(dest=/tmp/testve, clear=False, no_vcs_ignore=False, global=False) [INFO session:52]
166 create folder /tmp/testve/bin [DEBUG _sync:24]
166 create folder /tmp/testve/lib/pypy3.8/site-packages [DEBUG _sync:24]
167 write /tmp/testve/pyvenv.cfg [DEBUG pyenv_cfg:34]
167 	home = /usr [DEBUG pyenv_cfg:38]
167 	implementation = PyPy [DEBUG pyenv_cfg:38]
167 	version_info = 3.8.12.final.0 [DEBUG pyenv_cfg:38]
167 	virtualenv = 20.13.0+ds [DEBUG pyenv_cfg:38]
167 	include-system-site-packages = false [DEBUG pyenv_cfg:38]
167 	base-prefix = /usr [DEBUG pyenv_cfg:38]
167 	base-exec-prefix = /usr [DEBUG pyenv_cfg:38]
167 	base-executable = /usr/bin/pypy3 [DEBUG pyenv_cfg:38]
167 symlink /usr/bin/pypy3 to /tmp/testve/bin/pypy [DEBUG _sync:43]
167 symlink directory /usr/lib/apt to /tmp/testve/lib/apt [DEBUG _sync:43]
168 symlink directory /usr/lib/binfmt.d to /tmp/testve/lib/binfmt.d [DEBUG _sync:43]
168 symlink directory /usr/lib/compat-ld to /tmp/testve/lib/compat-ld [DEBUG _sync:43]
168 symlink directory /usr/lib/dbus-1.0 to /tmp/testve/lib/dbus-1.0 [DEBUG _sync:43]
168 symlink directory /usr/lib/dpkg to /tmp/testve/lib/dpkg [DEBUG _sync:43]
168 symlink directory /usr/lib/environment.d to /tmp/testve/lib/environment.d [DEBUG _sync:43]
168 symlink directory /usr/lib/gnupg to /tmp/testve/lib/gnupg [DEBUG _sync:43]
168 symlink directory /usr/lib/gnupg2 to /tmp/testve/lib/gnupg2 [DEBUG _sync:43]
168 symlink directory /usr/lib/gold-ld to /tmp/testve/lib/gold-ld [DEBUG _sync:43]
168 symlink directory /usr/lib/ifupdown to /tmp/testve/lib/ifupdown [DEBUG _sync:43]
169 symlink directory /usr/lib/init to /tmp/testve/lib/init [DEBUG _sync:43]
169 symlink directory /usr/lib/kernel to /tmp/testve/lib/kernel [DEBUG _sync:43]
169 symlink directory /usr/lib/locale to /tmp/testve/lib/locale [DEBUG _sync:43]
169 symlink directory /usr/lib/lsb to /tmp/testve/lib/lsb [DEBUG _sync:43]
169 symlink directory /usr/lib/mime to /tmp/testve/lib/mime [DEBUG _sync:43]
169 symlink directory /usr/lib/modprobe.d to /tmp/testve/lib/modprobe.d [DEBUG _sync:43]
169 symlink directory /usr/lib/modules-load.d to /tmp/testve/lib/modules-load.d [DEBUG _sync:43]
169 symlink directory /usr/lib/openssh to /tmp/testve/lib/openssh [DEBUG _sync:43]
169 symlink /usr/lib/os-release to /tmp/testve/lib/os-release [DEBUG _sync:43]
169 symlink directory /usr/lib/pam.d to /tmp/testve/lib/pam.d [DEBUG _sync:43]
170 symlink directory /usr/lib/python3.9 to /tmp/testve/lib/python3.9 [DEBUG _sync:43]
170 symlink directory /usr/lib/sasl2 to /tmp/testve/lib/sasl2 [DEBUG _sync:43]
170 symlink directory /usr/lib/sysctl.d to /tmp/testve/lib/sysctl.d [DEBUG _sync:43]
170 symlink directory /usr/lib/systemd to /tmp/testve/lib/systemd [DEBUG _sync:43]
170 symlink directory /usr/lib/sysusers.d to /tmp/testve/lib/sysusers.d [DEBUG _sync:43]
170 symlink directory /usr/lib/terminfo to /tmp/testve/lib/terminfo [DEBUG _sync:43]
170 symlink directory /usr/lib/tmpfiles.d to /tmp/testve/lib/tmpfiles.d [DEBUG _sync:43]
170 symlink directory /usr/lib/udev to /tmp/testve/lib/udev [DEBUG _sync:43]
170 symlink directory /usr/lib/x86_64-linux-gnu to /tmp/testve/lib/x86_64-linux-gnu [DEBUG _sync:43]
170 symlink directory /usr/lib/pypy3 to /tmp/testve/lib/pypy3 [DEBUG _sync:43]
171 symlink directory /usr/lib/python3 to /tmp/testve/lib/python3 [DEBUG _sync:43]
171 symlink directory /usr/lib/valgrind to /tmp/testve/lib/valgrind [DEBUG _sync:43]
171 symlink directory /usr/lib/ssl to /tmp/testve/lib/ssl [DEBUG _sync:43]
171 symlink directory /usr/lib/gcc to /tmp/testve/lib/gcc [DEBUG _sync:43]
171 symlink directory /usr/lib/bfd-plugins to /tmp/testve/lib/bfd-plugins [DEBUG _sync:43]
171 symlink directory /usr/lib/python3.10 to /tmp/testve/lib/python3.10 [DEBUG _sync:43]
171 symlink /usr/lib/cpp to /tmp/testve/lib/cpp [DEBUG _sync:43]
172 create virtualenv import hook file /tmp/testve/lib/pypy3.8/site-packages/_virtualenv.pth [DEBUG api:95]
172 create /tmp/testve/lib/pypy3.8/site-packages/_virtualenv.py [DEBUG api:98]
172 ============================== target debug ============================== [DEBUG session:54]
172 debug via /tmp/testve/bin/pypy3 /usr/lib/python3/dist-packages/virtualenv/create/debug.py [DEBUG creator:224]
172 {
  "sys": {
    "executable": "/tmp/testve/bin/pypy3",
    "_base_executable": "/tmp/testve/bin/pypy3",
    "prefix": "/tmp/testve",
    "base_prefix": "/usr",
    "real_prefix": null,
    "exec_prefix": "/tmp/testve",
    "base_exec_prefix": "/usr",
    "path": [
      "/usr/lib/pypy3.8",
      "/tmp/testve/lib/pypy3.8/site-packages",
      "/tmp/testve/lib/python3/dist-packages"
    ],
    "meta_path": [
      "<class '_virtualenv._Finder'>",
      "<class '_frozen_importlib.BuiltinImporter'>",
      "<class '_frozen_importlib.FrozenImporter'>",
      "<class '_frozen_importlib_external.PathFinder'>"
    ],
    "fs_encoding": "utf-8",
    "io_encoding": "UTF-8"
  },
  "version": "3.8.12 (7.3.8+dfsg-2, Mar 03 2022, 01:25:50)\n[PyPy 7.3.8 with GCC 11.2.0]",
  "makefile_filename": "/usr/lib/pypy3.8/config-3.8-x86_64-linux-gnu/Makefile",
  "os": "<module 'os' from '/usr/lib/pypy3.8/os.py'>",
  "site": "<module 'site' from '/usr/lib/pypy3.8/site.py'>",
  "datetime": "<module 'datetime' from '/usr/lib/pypy3.8/datetime.py'>",
  "math": "<module 'math' (built-in)>",
  "json": "<module 'json' from '/usr/lib/pypy3.8/json/__init__.py'>"
} [DEBUG session:55]
337 add seed packages via FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/root/.local/share/virtualenv) [INFO session:59]
342 install setuptools from wheel /usr/share/python-wheels/setuptools-59.6.0-py3-none-any.whl via CopyPipInstall [DEBUG via_app_data:49]
343 install pip from wheel /usr/share/python-wheels/pip-22.0.2-py3-none-any.whl via CopyPipInstall [DEBUG via_app_data:49]
344 install wheel from wheel /usr/share/python-wheels/wheel-0.37.1-py2.py3-none-any.whl via CopyPipInstall [DEBUG via_app_data:49]
344 Attempting to acquire lock 139763561822768 on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any.lock [DEBUG _api:169]
345 Attempting to acquire lock 139763561822432 on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/pip-22.0.2-py3-none-any.lock [DEBUG _api:169]
345 Attempting to acquire lock 139763561822720 on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/wheel-0.37.1-py2.py3-none-any.lock [DEBUG _api:169]
345 Lock 139763561822768 acquired on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any.lock [DEBUG _api:173]
345 Lock 139763561822432 acquired on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/pip-22.0.2-py3-none-any.lock [DEBUG _api:173]
345 Lock 139763561822720 acquired on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/wheel-0.37.1-py2.py3-none-any.lock [DEBUG _api:173]
346 Attempting to release lock 139763561822720 on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/wheel-0.37.1-py2.py3-none-any.lock [DEBUG _api:203]
346 Attempting to release lock 139763561822768 on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any.lock [DEBUG _api:203]
346 Attempting to release lock 139763561822432 on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/pip-22.0.2-py3-none-any.lock [DEBUG _api:203]
346 Lock 139763561822432 released on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/pip-22.0.2-py3-none-any.lock [DEBUG _api:206]
346 Lock 139763561822720 released on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/wheel-0.37.1-py2.py3-none-any.lock [DEBUG _api:206]
347 Lock 139763561822768 released on /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any.lock [DEBUG _api:206]
348 copy directory /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/pip-22.0.2-py3-none-any/pip-22.0.2.dist-info to /tmp/testve/lib/pypy3.8/site-packages/pip-22.0.2.dist-info [DEBUG _sync:51]
348 copy directory /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/wheel-0.37.1-py2.py3-none-any/wheel-0.37.1.dist-info to /tmp/testve/lib/pypy3.8/site-packages/wheel-0.37.1.dist-info [DEBUG _sync:51]
349 copy directory /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/_distutils_hack to /tmp/testve/lib/pypy3.8/site-packages/_distutils_hack [DEBUG _sync:51]
352 copy /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/distutils-precedence.pth to /tmp/testve/lib/pypy3.8/site-packages/distutils-precedence.pth [DEBUG _sync:51]
354 copy directory /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/pkg_resources to /tmp/testve/lib/pypy3.8/site-packages/pkg_resources [DEBUG _sync:51]
357 copy directory /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/pip-22.0.2-py3-none-any/pip to /tmp/testve/lib/pypy3.8/site-packages/pip [DEBUG _sync:51]
358 copy directory /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/wheel-0.37.1-py2.py3-none-any/wheel to /tmp/testve/lib/pypy3.8/site-packages/wheel [DEBUG _sync:51]
367 copy directory /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools-59.6.0.dist-info to /tmp/testve/lib/pypy3.8/site-packages/setuptools-59.6.0.dist-info [DEBUG _sync:51]
372 copy directory /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools to /tmp/testve/lib/pypy3.8/site-packages/setuptools [DEBUG _sync:51]
379 copy /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/wheel-0.37.1-py2.py3-none-any/wheel-0.37.1.virtualenv to /tmp/testve/lib/pypy3.8/site-packages/wheel-0.37.1.virtualenv [DEBUG _sync:51]
386 generated console scripts wheel3.8 wheel-3.8 wheel wheel3 [DEBUG base:45]
415 copy /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools-59.6.0.virtualenv to /tmp/testve/lib/pypy3.8/site-packages/setuptools-59.6.0.virtualenv [DEBUG _sync:51]
416 generated console scripts  [DEBUG base:45]
470 copy /root/.local/share/virtualenv/wheel/3.8/image/1/CopyPipInstall/pip-22.0.2-py3-none-any/pip-22.0.2.virtualenv to /tmp/testve/lib/pypy3.8/site-packages/pip-22.0.2.virtualenv [DEBUG _sync:51]
471 generated console scripts pip pip-3.8 pip3 pip3.8 [DEBUG base:45]
471 add activators for Bash, CShell, Fish, Nushell, PowerShell, Python [INFO session:64]
473 write /tmp/testve/pyvenv.cfg [DEBUG pyenv_cfg:34]
473 	home = /usr [DEBUG pyenv_cfg:38]
473 	implementation = PyPy [DEBUG pyenv_cfg:38]
473 	version_info = 3.8.12.final.0 [DEBUG pyenv_cfg:38]
473 	virtualenv = 20.13.0+ds [DEBUG pyenv_cfg:38]
473 	include-system-site-packages = false [DEBUG pyenv_cfg:38]
473 	base-prefix = /usr [DEBUG pyenv_cfg:38]
473 	base-exec-prefix = /usr [DEBUG pyenv_cfg:38]
473 	base-executable = /usr/bin/pypy3 [DEBUG pyenv_cfg:38]
473 created virtual environment PyPy3.8.12.final.0-64 in 354ms
  creator PyPy3Posix(dest=/tmp/testve, clear=False, no_vcs_ignore=False, global=False)
  seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/root/.local/share/virtualenv)
    added seed packages: pip==22.0.2, setuptools==59.6.0, wheel==0.37.1
  activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator [WARNING __main__:19]

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions