plugins/python: use separate python interpreter for each plugin
On each plugin initialization we create a separate python interpreter which gets stored in the plugin_ctx. The main interpreter is stored in py_ctx and is used for creating more interpreters (if more plugins get loaded) and final python deinitialization. The "traceback" module import and the ImportBlocker initialization was moved, because it has to happen inside the plugin specific interpreters.
This commit is contained in:
Robert Manner
committed by
Todd C. Miller
Todd C. Miller
parent
99f8394182
commit
22c64f58c0
@@ -242,15 +242,9 @@ _python_plugin_register_plugin_in_py_ctx(void)
|
||||
|
||||
PyImport_AppendInittab("sudo", sudo_module_init);
|
||||
Py_InitializeEx(0);
|
||||
|
||||
if (!sudo_conf_developer_mode() && sudo_module_register_importblocker() < 0) {
|
||||
py_log_last_error(NULL);
|
||||
debug_return_int(SUDO_RC_ERROR);
|
||||
}
|
||||
|
||||
py_ctx.py_traceback_module = PyImport_ImportModule("traceback");
|
||||
// if getting the traceback module fails, we just don't show tracebacks
|
||||
PyErr_Clear();
|
||||
py_ctx.py_main_interpreter = PyThreadState_Get();
|
||||
} else {
|
||||
PyThreadState_Swap(py_ctx.py_main_interpreter);
|
||||
}
|
||||
|
||||
++py_ctx.open_plugin_count;
|
||||
@@ -267,6 +261,17 @@ python_plugin_init(struct PluginContext *plugin_ctx, char * const plugin_options
|
||||
if (_python_plugin_register_plugin_in_py_ctx() != SUDO_RC_OK)
|
||||
goto cleanup;
|
||||
|
||||
plugin_ctx->py_interpreter = Py_NewInterpreter();
|
||||
if (plugin_ctx->py_interpreter == NULL) {
|
||||
goto cleanup;
|
||||
}
|
||||
PyThreadState_Swap(plugin_ctx->py_interpreter);
|
||||
|
||||
if (!sudo_conf_developer_mode() && sudo_module_register_importblocker() < 0) {
|
||||
py_log_last_error(NULL);
|
||||
debug_return_int(SUDO_RC_ERROR);
|
||||
}
|
||||
|
||||
const char *module_path = _lookup_value(plugin_options, "ModulePath");
|
||||
if (module_path == NULL) {
|
||||
py_sudo_log(SUDO_CONV_ERROR_MSG, "No python module path is specified. "
|
||||
@@ -321,13 +326,21 @@ python_plugin_deinit(struct PluginContext *plugin_ctx)
|
||||
Py_CLEAR(plugin_ctx->py_instance);
|
||||
Py_CLEAR(plugin_ctx->py_class);
|
||||
Py_CLEAR(plugin_ctx->py_module);
|
||||
|
||||
if (plugin_ctx->py_interpreter != NULL) {
|
||||
sudo_debug_printf(SUDO_DEBUG_TRACE, "deinit python interpreter for plugin\n");
|
||||
Py_EndInterpreter(plugin_ctx->py_interpreter);
|
||||
}
|
||||
|
||||
memset(plugin_ctx, 0, sizeof(*plugin_ctx));
|
||||
|
||||
if (py_ctx.open_plugin_count <= 0) {
|
||||
Py_CLEAR(py_ctx.py_traceback_module);
|
||||
|
||||
if (Py_IsInitialized()) {
|
||||
sudo_debug_printf(SUDO_DEBUG_NOTICE, "Closing: deinit python interpreter\n");
|
||||
|
||||
// we need to call finalize from the main interpreter
|
||||
PyThreadState_Swap(py_ctx.py_main_interpreter);
|
||||
|
||||
Py_Finalize();
|
||||
}
|
||||
|
||||
@@ -413,6 +426,8 @@ python_plugin_close(struct PluginContext *plugin_ctx, const char *python_callbac
|
||||
{
|
||||
debug_decl(python_plugin_close, PYTHON_DEBUG_CALLBACKS);
|
||||
|
||||
PyThreadState_Swap(plugin_ctx->py_interpreter);
|
||||
|
||||
if (!plugin_ctx->call_close) {
|
||||
sudo_debug_printf(SUDO_DEBUG_INFO, "Skipping close call, because there was no command run\n");
|
||||
|
||||
|
||||
Reference in New Issue
Block a user