"Sandbox prevented access to" INFO messages
431 views
Skip to first unread message
PK
Aug 11, 2017, 11:37:37 AM8/11/17
to Google App Engine
There seems to be a change in the latest SDK that causes many messages of this kind. Does anybody know more?
INFO 2017-08-11 08:29:51,921 stubs.py:50] Sandbox prevented access to file …
INFO 2017-08-11 08:29:51,921 stubs.py:51] If it is a static file, check that `application_readable: true` is set in your app.yaml
INFO 2017-08-11 08:29:51,921 stubs.py:50] Sandbox prevented access to file …
INFO 2017-08-11 08:29:51,921 stubs.py:51] If it is a static file, check that `application_readable: true` is set in your app.yaml
Kenworth (Google Cloud Platform)
Aug 11, 2017, 8:00:17 PM8/11/17
to Google App Engine
You get this message when your sandbox is blocking static files and you don't give the option that allows you to access static files. Setting app.yaml `application_readable: true` should mitigate the issue.
global networld
Aug 12, 2017, 12:02:23 PM8/12/17
to Google App Engine
apakah ini bermanfaat untuk grup
Attila-Mihaly Balazs
Aug 14, 2017, 4:38:36 AM8/14/17
to Google App Engine
@Kenworth: I know that this has always been the case (the sandbox blocking access to files not explicitly given access to), but I think @PK is right - something has changed (maybe it's just that extra logging has been added?). I too noted that now my GAE Python application (using AppEngine starndard) generates a lot of these messages during startup. This change has been done some time between versions 1.9.52 and 1.9.57 of the development server.
I modified "devappserver2/python/stubs.py" the following way:
def log_access_check_fail(filename):
# This gets the sandboxed version of the logging module
logging = __import__('logging')
logging.info('Sandbox prevented access to file "%s"', filename)
frame = inspect.currentframe() # <-- line added by me
logging.info(''.join(traceback.format_stack(frame))) # <-- line added by me
logging.info('If it is a static file, check that '
'`application_readable: true` is set in your app.yaml')
So that I can track down where these "disallowed" files where accessed from (what I found was that the Django initialization code was trying to access a lot of translation and time zone files - still have to look into if/how I could cut down on these accesses).
Attila
I modified "devappserver2/python/stubs.py" the following way:
def log_access_check_fail(filename):
# This gets the sandboxed version of the logging module
logging = __import__('logging')
logging.info('Sandbox prevented access to file "%s"', filename)
frame = inspect.currentframe() # <-- line added by me
logging.info(''.join(traceback.format_stack(frame))) # <-- line added by me
logging.info('If it is a static file, check that '
'`application_readable: true` is set in your app.yaml')
So that I can track down where these "disallowed" files where accessed from (what I found was that the Django initialization code was trying to access a lot of translation and time zone files - still have to look into if/how I could cut down on these accesses).
Attila
Kenworth (Google Cloud Platform)
Aug 14, 2017, 7:05:25 PM8/14/17
to Google App Engine
All disallowed files were previously blocked silently. Users got confused because they thought they should be able to access static files in their app from their python code. Then INFO-logged messages were introduced when your sandbox was blocking a file, but users complained it was spamming them. Now it is changed to only give you a message when your sandbox is blocking static files when you don't give the option that allows you to access it.
Reply all
Reply to author
Forward
0 new messages