Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1328882

Summary: [cli] pcs command should launch Python interpreter with "sane" options
Product: Red Hat Enterprise Linux 7 Reporter: Jan Pokorný [poki] <jpokorny>
Component: pcsAssignee: Tomas Jelinek <tojeline>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: unspecified Docs Contact:
Priority: high    
Version: 7.2CC: cfeist, cluster-maint, idevat, omular, rsteiger, tojeline
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pcs-0.9.157-1.el7 Doc Type: Bug Fix
Doc Text:
Cause: The user runs a pcs command. Consequence: Pcs crashes, because it loads a user code instead of pcs code, based on user's custom settings. Fix: Prevent pcs to load user specified code instead of its own. Result: Pcs works even if user has custom python modules matching pcs modules.
 Story Points: ---
Clone Of:
: 1600893 (view as bug list) Environment:
Last Closed: 2017-08-01 18:22:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
proposed fix none

Description Jan Pokorný [poki] 2016-04-20 13:22:08 UTC 
Demonstration why this is strongly desired:

$ LOCAL_PYLIB=~/.local/lib/python$(rpm -E '%{python_version}')
$ mkdir -p "${LOCAL_PYLIB}/site-packages"
$ touch "${LOCAL_PYLIB}/site-packages/commands.py"
$ > "${LOCAL_PYLIB}/site-packages/commands_override.pth" cat <EOF
import sys; sys.__plen = len(sys.path)
.
import sys; new=sys.path[sys.__plen:]; del sys.path[sys.__plen:]; p=getattr(sys,'__egginsert',0); sys.path[p:p]=new; sys.__egginsert = p+len(new)
EOF
$ pcs help
> Traceback (most recent call last):
>   File "/usr/sbin/pcs", line 13, in <module>
>     import cluster
>   File "/usr/lib/python2.6/site-packages/pcs/cluster.py", line 21, in <module>
>     from subprocess import getstatusoutput
> ImportError: cannot import name getstatusoutput

This can be prevented with "-s" option to Python interpreter.

Something similar can be achieved with PYTHONPATH et al. environment
variable manipulation.

This can be prevented with "-E" option to Python interpreter.


Modified bits, regardless if on filesystem or in runtime (this case) are
not supportable in principle, whether the modification is noticable or
completely hidden (this case) --> make "pcs" run Python with "-Es" flags

For inspiration see:
https://pagure.io/clufter/91a2bd5d87952eabe767bb464c43ed2d40d80e33
Comment 3 Tomas Jelinek 2017-03-22 11:58:38 UTC 
Created attachment 1265359 [details]
proposed fix

Test:
Added -Es flags to shebang in pcs executable:
#!/usr/bin/python -Es
Comment 4 Jan Pokorný [poki] 2017-03-24 19:17:33 UTC 
If I may suggest something, it's perhaps more forward-looking
to use:

> %{__python*} setup.py build --executable='%{__python*} -Es'

unlike as with clufter which already uses setup.cfg heavily anyway.

Note that this is also what Fedora's %py*_build packaging macros
(also coming to RHEL 7.4, but it's likely not possible to use
them, yet: [bug 1297522]) for Python utilize.

(I would personally be interested in whether using this new
form actually helps to overcome [bug 1353934] issue, see also
[bug 1297522 comment 11].)
Comment 5 Ivan Devat 2017-04-10 16:02:20 UTC 
After Fix:

[vm-rhel72-1 ~] $ rpm -q pcs
pcs-0.9.157-1.el7.x86_64

[vm-rhel72-3 ~] $ which pcs
/usr/sbin/pcs
[vm-rhel72-3 ~] $ head -n1 $(which pcs)
#!/usr/bin/python -Es
Comment 6 Ivan Devat 2017-04-10 16:14:03 UTC 
This change requires a test that the original reproducer does not cause the misbehavior and everything other works.
Comment 10 errata-xmlrpc 2017-08-01 18:22:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1958