From f86414abc0217193108ddebb58d9c2c1a89ddb87 Mon Sep 17 00:00:00 2001
From: Victor Stinner <vstinner@python.org>
Date: Wed, 13 May 2026 12:17:05 +0200
Subject: [PATCH 1/2] gh-149473: Emit audit event on calling os.environ.clear()

---
 Doc/library/os.rst                                            | 4 ++++
 .../Library/2026-05-13-12-16-54.gh-issue-149473.nOQZqn.rst    | 2 ++
 Modules/posixmodule.c                                         | 4 ++++
 3 files changed, 10 insertions(+)
 create mode 100644 Misc/NEWS.d/next/Library/2026-05-13-12-16-54.gh-issue-149473.nOQZqn.rst

diff --git a/Doc/library/os.rst b/Doc/library/os.rst
index d2534b3e974f36..ca362c9bab64e9 100644
--- a/Doc/library/os.rst
+++ b/Doc/library/os.rst
@@ -219,6 +219,10 @@ process and user.
    :data:`os.environ`, and when one of the :meth:`~dict.pop` or
    :meth:`~dict.clear` methods is called.
 
+   .. audit-event:: os.unsetenv key os.unsetenv
+
+   .. audit-event:: os._clearenv "" os._clearenv
+
    .. seealso::
 
       The :func:`os.reload_environ` function.
diff --git a/Misc/NEWS.d/next/Library/2026-05-13-12-16-54.gh-issue-149473.nOQZqn.rst b/Misc/NEWS.d/next/Library/2026-05-13-12-16-54.gh-issue-149473.nOQZqn.rst
new file mode 100644
index 00000000000000..db624aba31a9de
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-05-13-12-16-54.gh-issue-149473.nOQZqn.rst
@@ -0,0 +1,2 @@
+Calling ``os.environ.clear()`` now emits ``os._clearenv`` auditing event.
+Patch by Victor Stinner.
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index 5bd53c2146a822..d03bc75f68b3ab 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -13663,6 +13663,10 @@ static PyObject *
 os__clearenv_impl(PyObject *module)
 /*[clinic end generated code: output=2d6705d62c014b51 input=47d2fa7f323c43ca]*/
 {
+    if (PySys_Audit("os._clearenv", NULL) < 0) {
+        return NULL;
+    }
+
     errno = 0;
     int err = clearenv();
     if (err) {

From 098ffe0b2a4ce988d953f2ee86707256f88e2570 Mon Sep 17 00:00:00 2001
From: Victor Stinner <vstinner@python.org>
Date: Fri, 15 May 2026 13:54:22 +0200
Subject: [PATCH 2/2] Clarify which audit event is emitted by
 os.environ.clear()

---
 Doc/library/os.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Doc/library/os.rst b/Doc/library/os.rst
index ca362c9bab64e9..07ddd4625e023f 100644
--- a/Doc/library/os.rst
+++ b/Doc/library/os.rst
@@ -219,6 +219,10 @@ process and user.
    :data:`os.environ`, and when one of the :meth:`~dict.pop` or
    :meth:`~dict.clear` methods is called.
 
+   If the ``clearenv()`` function is available, the :meth:`~dict.clear` method
+   uses it and emits a single ``os._clearenv`` audit event. Otherwise, it emits
+   an ``os.unsetenv`` event on each deleted variable.
+
    .. audit-event:: os.unsetenv key os.unsetenv
 
    .. audit-event:: os._clearenv "" os._clearenv