mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2025-01-19 05:57:04 +01:00
services: shepherd: Install O_CLOEXEC variant of 'call-with-input-file' & co.
Fixes a bug introduced with the Shepherd 0.9.2 upgrade in commit
1ba0e38267
whereby files opened by, say,
the 'start' method of 'urandom-seed', could leak into the execution
environment of some other service--e.g., 'term-tty4'.
* gnu/services/shepherd.scm (shepherd-configuration-file)[config]:
Override 'call-with-input-file' and 'call-with-output-file'.
This commit is contained in:
parent
32583c8c20
commit
66fdaf3677
1 changed files with 25 additions and 0 deletions
|
@ -344,6 +344,31 @@ (define config
|
|||
(use-modules (srfi srfi-34)
|
||||
(system repl error-handling))
|
||||
|
||||
(define (call-with-file file flags proc)
|
||||
(let ((port #f))
|
||||
(dynamic-wind
|
||||
(lambda ()
|
||||
(set! port (open file flags)))
|
||||
(lambda ()
|
||||
(proc port))
|
||||
(lambda ()
|
||||
(close-port port)
|
||||
(set! port #f)))))
|
||||
|
||||
;; There's code run from shepherd that uses 'call-with-input-file' &
|
||||
;; co.--e.g., the 'urandom-seed' service. Starting from Shepherd
|
||||
;; 0.9.2, users need to make sure not to leak non-close-on-exec file
|
||||
;; descriptors to child processes. To address that, replace the
|
||||
;; standard bindings with O_CLOEXEC variants.
|
||||
(set! call-with-input-file
|
||||
(lambda (file proc)
|
||||
(call-with-file file (logior O_RDONLY O_CLOEXEC)
|
||||
proc)))
|
||||
(set! call-with-output-file
|
||||
(lambda (file proc)
|
||||
(call-with-file file (logior O_WRONLY O_CREAT O_CLOEXEC)
|
||||
proc)))
|
||||
|
||||
;; Specify the default environment visible to all the services.
|
||||
;; Without this statement, all the environment variables of PID 1
|
||||
;; are inherited by child services.
|
||||
|
|
Loading…
Reference in a new issue