From 081bb6a7bd9642ee3d5bb9b697c24f89535416de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Sat, 10 Sep 2022 23:19:02 +0200
Subject: [PATCH] services: shepherd: Open /dev/null as O_CLOEXEC.

Failing to do that, that file descriptor could be inherited by child
processes as of Shepherd 0.9.2.

* gnu/services/shepherd.scm (shepherd-configuration-file): Open
/dev/null as O_CLOEXEC.
---
 gnu/services/shepherd.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm
index 4fd4b2a497..a8f6db9ce2 100644
--- a/gnu/services/shepherd.scm
+++ b/gnu/services/shepherd.scm
@@ -387,7 +387,7 @@ (define config
             ;; call; this avoids situations where services wrongfully lead
             ;; PID 1 to read from stdin (the console), which users may not
             ;; have access to (see <https://bugs.gnu.org/23697>).
-            (redirect-port (open-input-file "/dev/null")
+            (redirect-port (open "/dev/null" (logior O_RDONLY O_CLOEXEC))
                            (current-input-port)))))
 
     (scheme-file "shepherd.conf" config)))