Merge branch 'master' into staging

With resolved conflicts in: gnu/local.mk gnu/packages/freedesktop.scm gnu/packages/gnuzilla.scm
author: Maxim Cournoyer <maxim.cournoyer@gmail.com> 2022-09-15 10:20:32 -0400
committer: Maxim Cournoyer <maxim.cournoyer@gmail.com> 2022-09-15 10:20:32 -0400
commit: 3d297a0017210f1dd135592efb10846840a8af88 (patch)
tree: 8868c35a558a6288b5097d65bee42dda291178e4 /gnu/services/shepherd.scm
parent: 279349209e44aaae6ca2aba328fe2a4d2da99f12 (diff)
parent: 6737d8d3248301e65bc24291b1a776e4aa8c3648 (diff)
download: guix-3d297a0017210f1dd135592efb10846840a8af88.tar
guix-3d297a0017210f1dd135592efb10846840a8af88.tar.gz
1 files changed, 26 insertions, 1 deletions
diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm
index 4fd4b2a497..61f759a19d 100644
--- a/gnu/services/shepherd.scm
+++ b/gnu/services/shepherd.scm
@@ -344,6 +344,31 @@ as shepherd package."
           (use-modules (srfi srfi-34)
                        (system repl error-handling))
 
+          (define (call-with-file file flags proc)
+            (let ((port #f))
+              (dynamic-wind
+                (lambda ()
+                  (set! port (open file flags)))
+                (lambda ()
+                  (proc port))
+                (lambda ()
+                  (close-port port)
+                  (set! port #f)))))
+
+          ;; There's code run from shepherd that uses 'call-with-input-file' &
+          ;; co.--e.g., the 'urandom-seed' service.  Starting from Shepherd
+          ;; 0.9.2, users need to make sure not to leak non-close-on-exec file
+          ;; descriptors to child processes.  To address that, replace the
+          ;; standard bindings with O_CLOEXEC variants.
+          (set! call-with-input-file
+                (lambda (file proc)
+                  (call-with-file file (logior O_RDONLY O_CLOEXEC)
+                                  proc)))
+          (set! call-with-output-file
+                (lambda (file proc)
+                  (call-with-file file (logior O_WRONLY O_CREAT O_CLOEXEC)
+                                  proc)))
+
           ;; Specify the default environment visible to all the services.
           ;; Without this statement, all the environment variables of PID 1
           ;; are inherited by child services.
@@ -387,7 +412,7 @@ as shepherd package."
             ;; call; this avoids situations where services wrongfully lead
             ;; PID 1 to read from stdin (the console), which users may not
             ;; have access to (see <https://bugs.gnu.org/23697>).
-            (redirect-port (open-input-file "/dev/null")
+            (redirect-port (open "/dev/null" (logior O_RDONLY O_CLOEXEC))
                            (current-input-port)))))
 
     (scheme-file "shepherd.conf" config)))
author	Maxim Cournoyer <maxim.cournoyer@gmail.com>	2022-09-15 10:20:32 -0400
committer	Maxim Cournoyer <maxim.cournoyer@gmail.com>	2022-09-15 10:20:32 -0400
commit	3d297a0017210f1dd135592efb10846840a8af88 (patch)
tree	8868c35a558a6288b5097d65bee42dda291178e4 /gnu/services/shepherd.scm
parent	279349209e44aaae6ca2aba328fe2a4d2da99f12 (diff)
parent	6737d8d3248301e65bc24291b1a776e4aa8c3648 (diff)
download	guix-3d297a0017210f1dd135592efb10846840a8af88.tar guix-3d297a0017210f1dd135592efb10846840a8af88.tar.gz