[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
04/27: store: Open daemon connections with SOCK_CLOEXEC.
|
From: |
guix-commits |
|
Subject: |
04/27: store: Open daemon connections with SOCK_CLOEXEC. |
|
Date: |
Sun, 4 Sep 2022 17:20:30 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 7a2acbdc5a9eed7c5dc3fe947f54fbebd89c0892
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Sun Sep 4 16:04:31 2022 +0200
store: Open daemon connections with SOCK_CLOEXEC.
Previously, 'guix shell' for example would leak the socket that's
connected to the daemon.
* guix/store.scm (open-unix-domain-socket, open-inet-socket): Pass
SOCK_CLOEXEC to 'socket'.
* tests/guix-shell.sh: Add test.
---
guix/store.scm | 4 ++--
tests/guix-shell.sh | 10 ++++++++++
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/guix/store.scm b/guix/store.scm
index e52aa420d9..4d21c5ff1a 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -457,7 +457,7 @@
'&store-connection-error' upon error."
(let ((s (with-fluids ((%default-port-encoding #f))
;; This trick allows use of the `scm_c_read' optimization.
- (socket PF_UNIX SOCK_STREAM 0)))
+ (socket PF_UNIX (logior SOCK_STREAM SOCK_CLOEXEC) 0)))
(a (make-socket-address PF_UNIX file)))
(system-error-to-connection-error file
@@ -485,7 +485,7 @@
((ai rest ...)
(let ((s (socket (addrinfo:fam ai)
;; TCP/IP only
- SOCK_STREAM IPPROTO_IP)))
+ (logior SOCK_STREAM SOCK_CLOEXEC) IPPROTO_IP)))
(catch 'system-error
(lambda ()
diff --git a/tests/guix-shell.sh b/tests/guix-shell.sh
index 6340f90574..9a6b055264 100644
--- a/tests/guix-shell.sh
+++ b/tests/guix-shell.sh
@@ -38,6 +38,16 @@ guix shell --bootstrap --pure guile-bootstrap -- guile
--version
# Rejecting unsupported packages.
! guix shell -s armhf-linux intelmetool -n
+# Test approximately that the child process does not inherit extra file
+# descriptors. Ideally we'd check there's nothing more than 0, 1, and 2, but
+# we cannot do that because (1) we might be inheriting additional FDs, for
+# example due to <https://issues.guix.gnu.org/57567>, and (2) Bash itself
+# opens a couple of extra FDs.
+initial_fd_list="$(echo /proc/$$/fd/*)"
+fd_list="$(guix shell --bootstrap guile-bootstrap -- \
+ "$SHELL" -c 'echo /proc/$$/fd/*')"
+test "$(echo $fd_list | wc -w)" -le "$(echo $initial_fd_list | wc -w)"
+
# Ignoring unauthorized files.
cat > "$tmpdir/guix.scm" <<EOF
This is a broken guix.scm file.
- 03/27: store: Remove unused variable and 'socket' call., (continued)
- 03/27: store: Remove unused variable and 'socket' call., guix-commits, 2022/09/04
- 05/27: guix describe: Adjust test to latest changes., guix-commits, 2022/09/04
- 12/27: gnu: chez-scheme: Fix use of "/bin/sh"., guix-commits, 2022/09/04
- 13/27: gnu: Add Zuo., guix-commits, 2022/09/04
- 16/27: gnu: chez-scheme-for-racket: Support cross-compilation., guix-commits, 2022/09/04
- 14/27: gnu: racket: Update to 8.6., guix-commits, 2022/09/04
- 21/27: gnu: hashcat: Don't embed timestamp, fixing reproducibility., guix-commits, 2022/09/04
- 20/27: gnu: racket: Use Racket CS on all systems., guix-commits, 2022/09/04
- 25/27: gnu: Add texlive-latex-hyphenat., guix-commits, 2022/09/04
- 02/27: services: upower: Default to a percentage-based policy., guix-commits, 2022/09/04
- 04/27: store: Open daemon connections with SOCK_CLOEXEC.,
guix-commits <=
- 06/27: guix system: Do not use 'vm-image.tmpl' in tests., guix-commits, 2022/09/04
- 07/27: gnu: stex: Update to 1.2.2-2.afa6075., guix-commits, 2022/09/04
- 09/27: etc: teams: Add racket team., guix-commits, 2022/09/04
- 10/27: etc: teams: Add entry for Philip McGrath., guix-commits, 2022/09/04
- 15/27: gnu: chez-scheme: Make bootfiles regular inputs., guix-commits, 2022/09/04
- 17/27: gnu: racket: Support cross-compiling the VM packages., guix-commits, 2022/09/04
- 18/27: gnu: chez-scheme-for-racket: Support all systems., guix-commits, 2022/09/04
- 19/27: gnu: racket-vm-bc: Add workaround for ppc64le., guix-commits, 2022/09/04
- 22/27: gnu: hashcat: Unbundle everything but LZMA-SDK., guix-commits, 2022/09/04
- 24/27: gnu: hashcat: Fix cross-compilation., guix-commits, 2022/09/04