diff options
author | Ludovic Courtès <ludo@gnu.org> | 2022-09-10 23:19:02 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2022-09-11 00:16:57 +0200 |
commit | 081bb6a7bd9642ee3d5bb9b697c24f89535416de (patch) | |
tree | d26efecb5a983ee095518811badd9784227bb840 | |
parent | 6ee40c3d9970cbedfbaf078e93ac2440cc3416f1 (diff) | |
download | guix-081bb6a7bd9642ee3d5bb9b697c24f89535416de.tar guix-081bb6a7bd9642ee3d5bb9b697c24f89535416de.tar.gz |
services: shepherd: Open /dev/null as O_CLOEXEC.
Failing to do that, that file descriptor could be inherited by child
processes as of Shepherd 0.9.2.
* gnu/services/shepherd.scm (shepherd-configuration-file): Open
/dev/null as O_CLOEXEC.
-rw-r--r-- | gnu/services/shepherd.scm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm index 4fd4b2a497..a8f6db9ce2 100644 --- a/gnu/services/shepherd.scm +++ b/gnu/services/shepherd.scm @@ -387,7 +387,7 @@ as shepherd package." ;; call; this avoids situations where services wrongfully lead ;; PID 1 to read from stdin (the console), which users may not ;; have access to (see <https://bugs.gnu.org/23697>). - (redirect-port (open-input-file "/dev/null") + (redirect-port (open "/dev/null" (logior O_RDONLY O_CLOEXEC)) (current-input-port))))) (scheme-file "shepherd.conf" config))) |