[Ironpython-users] Issue with restricted AppDomain
Frank Schusdziarra
see_toronto at web.de
Tue Mar 6 11:54:48 CET 2012
Hi all,
I'm having trouble to run Python scripts from a C# app with IP 2.7.1
embedded in a restricted AppDomain. I have checked all the advice I
could find on the net, but I must be missing something.
This is the requirement:
C# app creates a restricted app domain for the scripts to execute. The
scripts however are allowed to access e.g. the lib folder and it's modules.
If running in "unrestricted" mode, all works fine, but thats clearly not
what I would like to achieve.
Among other exceptions thrown (e.g. regarding Environment) there is one
that seams to really cause the trouble:
[System.Security.SecurityException] = {"Request failed."}
at Microsoft.Scripting.Utils.WeakHandle..ctor(Object target, Boolean
trackResurrection)
at IronPython.Runtime.WeakRefTracker.CallbackInfo..ctor(Object
callback, Object weakRef)
at IronPython.Runtime.WeakRefTracker.ChainCallback(Object callback,
Object weakRef)
at IronPython.Runtime.WeakRefTracker..ctor(Object callback, Object
weakRef)
at
IronPython.Modules.PythonWeakRef.WeakRefHelpers.InitializeWeakRef(Object
self, Object target, Object callback)
at IronPython.Modules.PythonWeakRef.ref..ctor(Object object, Object
callback)
at IronPython.Modules.PythonWeakRef.ref..ctor(Object object)
at IronPython.Modules.PythonWeakRef.ref.__new__(CodeContext context,
PythonType cls, Object object)
at System.Func`4.Invoke(T1 arg1, T2 arg2, T3 arg3)
at
Microsoft.Scripting.Interpreter.FuncCallInstruction`4.Run(InterpretedFrame
frame)
at Microsoft.Scripting.Interpreter.Interpreter.Run(InterpretedFrame
frame)
This exception is however not "visible" in the calling app domain. I
understand that there is an outstanding bug regarding serialization of
exception information. However a breakpoint on the WeakHandle ctor call
allowed me to get the above exception information.
But I can't figure out which permission is actually missing or if there
is anything else I'm doing wrong. Any advice is greatly appreciated.
Here's a stripped down sample (C# 4.0 console app) to reproduce the issue:
using System;
using System.Collections.Generic;
using System.IO;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Reflection;
using Microsoft.Scripting.Hosting;
using IronPython.Hosting;
namespace SimpleAD
{
class Program
{
static void Main(string[] args)
{
string pyLibPath = @"<PathToIPLibFolder>";
string code = @"
print 'Importing sys and addding lib path'
import sys
sys.path.append('"+pyLibPath+@"')
print 'Importing os'
import os
print 'OS Name',os.name
print 'Done'
";
StrongName fullTrustAssembly =
typeof(Program).Assembly.Evidence.GetHostEvidence<StrongName>();
Evidence evi = AppDomain.CurrentDomain.Evidence;
AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase =
Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
/* THIS IS WORKING !
PermissionSet permSet = new
PermissionSet(PermissionState.Unrestricted);
*/
PermissionSet permSet = new
PermissionSet(PermissionState.None);
permSet.AddPermission(new
SecurityPermission(SecurityPermissionFlag.Execution));
permSet.AddPermission(new
ReflectionPermission(PermissionState.Unrestricted));
FileIOPermission libPerm = new
FileIOPermission(PermissionState.None);
libPerm.AddPathList(FileIOPermissionAccess.PathDiscovery |
FileIOPermissionAccess.Read, adSetup.ApplicationBase); // Assembly Path
libPerm.AddPathList(FileIOPermissionAccess.PathDiscovery |
FileIOPermissionAccess.Read, pyLibPath); // Iron-Python
Lib Path
permSet.AddPermission(libPerm);
AppDomain restricted =
AppDomain.CreateDomain("Sandbox",evi,adSetup,permSet,fullTrustAssembly);
Dictionary<string, object> options = new Dictionary<string,
object>();
ScriptRuntimeSetup setup = Python.CreateRuntimeSetup(options);
ScriptRuntime runtime =
ScriptRuntime.CreateRemote(restricted, setup);
ScriptEngine engine = runtime.GetEngine("Python");
try
{
engine.Execute(code);
}
catch (Exception e)
{
(new PermissionSet(PermissionState.Unrestricted)).Assert();
Console.WriteLine("Error:" + e.ToString());
CodeAccessPermission.RevertAssert();
}
Console.ReadLine();
}
}
}
Regards,
Frank
More information about the Ironpython-users
mailing list