aboutsummaryrefslogtreecommitdiff
path: root/nix/libutil/serialise.cc
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2022-09-08 14:30:19 +0200
committerLudovic Courtès <ludo@gnu.org>2022-09-08 16:22:21 +0200
commite05f7c55d78b90062aad26d8badc689ea72fe88b (patch)
tree0957e51f72037f1928877517355f5013efe96f14 /nix/libutil/serialise.cc
parent8f53630f2f11a77e2b6ec2058d0626651286bf95 (diff)
downloadguix-e05f7c55d78b90062aad26d8badc689ea72fe88b.tar
guix-e05f7c55d78b90062aad26d8badc689ea72fe88b.tar.gz
file-systems: Open files with O_CLOEXEC.
Since this code is run from PID 1, this ensures file descriptors to sensitive files and devices are not accidentally leaked to sub-processes. * gnu/build/file-systems.scm (call-with-input-file): New procedure. (mount-file-system): Use 'close-fdes' + 'open-fdes'.
Diffstat (limited to 'nix/libutil/serialise.cc')
0 files changed, 0 insertions, 0 deletions