Python multiprocessing sem_open blocked in strict mode

James-Carroll · July 19, 2022, 4:01pm

The current recommendations would be to avoid snapcraft-preload and make use of private shared memory.

lopezem · July 19, 2022, 4:38pm

When using the python multiprocessing package, the suggested link to use private shared memory did not work.

Python 3.10.4 (main, Apr  2 2022, 09:04:19) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import multiprocessing as mp
>>> mp_manager = mp.Manager()
Process SyncManager-1:
Traceback (most recent call last):
  File "/usr/lib/python3.10/multiprocessing/process.py", line 315, in _bootstrap
    self.run()
  File "/usr/lib/python3.10/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/lib/python3.10/multiprocessing/managers.py", line 591, in _run_server
    server = cls._Server(registry, address, authkey, serializer)
  File "/usr/lib/python3.10/multiprocessing/managers.py", line 156, in __init__
    self.listener = Listener(address=address, backlog=16)
  File "/usr/lib/python3.10/multiprocessing/connection.py", line 453, in __init__
    self._listener = SocketListener(address, family, backlog)
  File "/usr/lib/python3.10/multiprocessing/connection.py", line 596, in __init__
    self._socket.bind(address)
PermissionError: [Errno 13] Permission denied
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.10/multiprocessing/context.py", line 57, in Manager
    m.start()
  File "/usr/lib/python3.10/multiprocessing/managers.py", line 566, in start
    self._address = reader.recv()
  File "/usr/lib/python3.10/multiprocessing/connection.py", line 255, in recv
    buf = self._recv_bytes()
  File "/usr/lib/python3.10/multiprocessing/connection.py", line 419, in _recv_bytes
    buf = self._recv(4)
  File "/usr/lib/python3.10/multiprocessing/connection.py", line 388, in _recv
    raise EOFError
EOFError

Snappy Debug made the following suggestion:

= AppArmor =
Time: Jul 19 16:33:07
Log: apparmor="DENIED" operation="bind" profile="snap.my-custom-snap.snap-app" pid=22813 comm="python3" family="unix" sock_type="stream" protocol=0 requested_mask="bind" denied_mask="bind" addr="@listener-22813-0"
Suggestions:
* adjust '@listener-22813-0' to start with 'snap.my-custom-snap.' (eg, '@snap.my-custom-snap.listener-22813-0')
* use 'listen-stream: @snap.my-custom-snap.listener-22813-0' for a socket-activated daemon

I’m not sure of what overrides I can set in the multiprocessing module to make this functional

James-Carroll · July 19, 2022, 4:50pm

Ah, that looks like an abstract socket, which wouldn’t be fixed by private shared memory because an abstract socket doesn’t make use of a file path unlike the examples above that write to /dev/shm. Unfortunately then I’m unsure what to recommend in your situation, sorry.