store: Open daemon connections with SOCK_CLOEXEC.
Previously, 'guix shell' for example would leak the socket that's connected to the daemon. * guix/store.scm (open-unix-domain-socket, open-inet-socket): Pass SOCK_CLOEXEC to 'socket'. * tests/guix-shell.sh: Add test.
This commit is contained in:
Ludovic Courtès
parent
2028419e30
commit
7a2acbdc5a
|
|
@ -457,7 +457,7 @@
|
|||
'&store-connection-error' upon error."
|
||||
(let ((s (with-fluids ((%default-port-encoding #f))
|
||||
;; This trick allows use of the `scm_c_read' optimization.
|
||||
(socket PF_UNIX SOCK_STREAM 0)))
|
||||
(socket PF_UNIX (logior SOCK_STREAM SOCK_CLOEXEC) 0)))
|
||||
(a (make-socket-address PF_UNIX file)))
|
||||
|
||||
(system-error-to-connection-error file
|
||||
|
|
@ -485,7 +485,7 @@
|
|||
((ai rest ...)
|
||||
(let ((s (socket (addrinfo:fam ai)
|
||||
;; TCP/IP only
|
||||
SOCK_STREAM IPPROTO_IP)))
|
||||
(logior SOCK_STREAM SOCK_CLOEXEC) IPPROTO_IP)))
|
||||
|
||||
(catch 'system-error
|
||||
(lambda ()
|
||||
|
|
|
|||
|
|
@ -38,6 +38,16 @@ guix shell --bootstrap --pure guile-bootstrap -- guile --version
|
|||
# Rejecting unsupported packages.
|
||||
! guix shell -s armhf-linux intelmetool -n
|
||||
|
||||
# Test approximately that the child process does not inherit extra file
|
||||
# descriptors. Ideally we'd check there's nothing more than 0, 1, and 2, but
|
||||
# we cannot do that because (1) we might be inheriting additional FDs, for
|
||||
# example due to <https://issues.guix.gnu.org/57567>, and (2) Bash itself
|
||||
# opens a couple of extra FDs.
|
||||
initial_fd_list="$(echo /proc/$$/fd/*)"
|
||||
fd_list="$(guix shell --bootstrap guile-bootstrap -- \
|
||||
"$SHELL" -c 'echo /proc/$$/fd/*')"
|
||||
test "$(echo $fd_list | wc -w)" -le "$(echo $initial_fd_list | wc -w)"
|
||||
|
||||
# Ignoring unauthorized files.
|
||||
cat > "$tmpdir/guix.scm" <<EOF
|
||||
This is a broken guix.scm file.
|
||||
|
|
|
|||
Loading…
Reference in New Issue