diff options
author | Ludovic Courtès <ludo@gnu.org> | 2022-09-08 14:30:19 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2022-09-08 16:22:21 +0200 |
commit | e05f7c55d78b90062aad26d8badc689ea72fe88b (patch) | |
tree | 0957e51f72037f1928877517355f5013efe96f14 /nix/libutil/serialise.cc | |
parent | 8f53630f2f11a77e2b6ec2058d0626651286bf95 (diff) | |
download | guix-e05f7c55d78b90062aad26d8badc689ea72fe88b.tar guix-e05f7c55d78b90062aad26d8badc689ea72fe88b.tar.gz |
file-systems: Open files with O_CLOEXEC.
Since this code is run from PID 1, this ensures file descriptors to
sensitive files and devices are not accidentally leaked to
sub-processes.
* gnu/build/file-systems.scm (call-with-input-file): New procedure.
(mount-file-system): Use 'close-fdes' + 'open-fdes'.
Diffstat (limited to 'nix/libutil/serialise.cc')
0 files changed, 0 insertions, 0 deletions