gh-113117: Support posix_spawn in subprocess.Popen with close_fds=True (#113118)

Add support for `os.POSIX_SPAWN_CLOSEFROM` and `posix_spawn_file_actions_addclosefrom_np` and have the `subprocess` module use them when available. This means `posix_spawn` can now be used in the default `close_fds=True` situation on many platforms. Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
2025-10-09 16:34:44 +00:00 · 2023-12-17 22:34:57 +01:00 · 2023-12-17 22:34:57 +01:00 · 2b93f52242
commit 2b93f52242
parent 32d87a8899
9 changed files with 91 additions and 5 deletions
--- a/Lib/subprocess.py
+++ b/Lib/subprocess.py
@ -748,6 +748,7 @@ def _use_posix_spawn():
 # guarantee the given libc/syscall API will be used.
 _USE_POSIX_SPAWN = _use_posix_spawn()
 _USE_VFORK = True
+_HAVE_POSIX_SPAWN_CLOSEFROM = hasattr(os, 'POSIX_SPAWN_CLOSEFROM')


 class Popen:
@ -1751,7 +1752,7 @@ class Popen:
                    errread, errwrite)


-        def _posix_spawn(self, args, executable, env, restore_signals,
+        def _posix_spawn(self, args, executable, env, restore_signals, close_fds,
                         p2cread, p2cwrite,
                         c2pread, c2pwrite,
                         errread, errwrite):
@ -1777,6 +1778,10 @@ class Popen:
            ):
                if fd != -1:
                    file_actions.append((os.POSIX_SPAWN_DUP2, fd, fd2))
+
+            if close_fds:
+                file_actions.append((os.POSIX_SPAWN_CLOSEFROM, 3))
+
            if file_actions:
                kwargs['file_actions'] = file_actions

@ -1824,7 +1829,7 @@ class Popen:
            if (_USE_POSIX_SPAWN
                    and os.path.dirname(executable)
                    and preexec_fn is None
-                    and not close_fds
+                    and (not close_fds or _HAVE_POSIX_SPAWN_CLOSEFROM)
                    and not pass_fds
                    and cwd is None
                    and (p2cread == -1 or p2cread > 2)
@ -1836,7 +1841,7 @@ class Popen:
                    and gids is None
                    and uid is None
                    and umask < 0):
-                self._posix_spawn(args, executable, env, restore_signals,
+                self._posix_spawn(args, executable, env, restore_signals, close_fds,
                                  p2cread, p2cwrite,
                                  c2pread, c2pwrite,
                                  errread, errwrite)