diff options
author | Ludovic Courtès <ludo@gnu.org> | 2022-09-04 16:04:31 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2022-09-04 23:10:10 +0200 |
commit | 7a2acbdc5a9eed7c5dc3fe947f54fbebd89c0892 (patch) | |
tree | 76986fb2c92589dc53d21ddd73001d72af855774 /tests | |
parent | 2028419e30719e3f1f7aca3d4531f1686c3ebb62 (diff) | |
download | guix-7a2acbdc5a9eed7c5dc3fe947f54fbebd89c0892.tar guix-7a2acbdc5a9eed7c5dc3fe947f54fbebd89c0892.tar.gz |
store: Open daemon connections with SOCK_CLOEXEC.
Previously, 'guix shell' for example would leak the socket that's
connected to the daemon.
* guix/store.scm (open-unix-domain-socket, open-inet-socket): Pass
SOCK_CLOEXEC to 'socket'.
* tests/guix-shell.sh: Add test.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/guix-shell.sh | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/tests/guix-shell.sh b/tests/guix-shell.sh index 6340f90574..9a6b055264 100644 --- a/tests/guix-shell.sh +++ b/tests/guix-shell.sh @@ -38,6 +38,16 @@ guix shell --bootstrap --pure guile-bootstrap -- guile --version # Rejecting unsupported packages. ! guix shell -s armhf-linux intelmetool -n +# Test approximately that the child process does not inherit extra file +# descriptors. Ideally we'd check there's nothing more than 0, 1, and 2, but +# we cannot do that because (1) we might be inheriting additional FDs, for +# example due to <https://issues.guix.gnu.org/57567>, and (2) Bash itself +# opens a couple of extra FDs. +initial_fd_list="$(echo /proc/$$/fd/*)" +fd_list="$(guix shell --bootstrap guile-bootstrap -- \ + "$SHELL" -c 'echo /proc/$$/fd/*')" +test "$(echo $fd_list | wc -w)" -le "$(echo $initial_fd_list | wc -w)" + # Ignoring unauthorized files. cat > "$tmpdir/guix.scm" <<EOF This is a broken guix.scm file. |