diff options
author | Ludovic Courtès <ludo@gnu.org> | 2018-12-18 14:51:56 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2018-12-18 16:04:26 +0100 |
commit | 6ea6e1476ff4a18d4b4b864c3065d18ed99c69af (patch) | |
tree | 00cb5c5767ae74f8f6c5f22f4ba949206db81157 | |
parent | 65c8a043709e9e13f814211bba98c57eb00d9620 (diff) | |
download | patches-6ea6e1476ff4a18d4b4b864c3065d18ed99c69af.tar patches-6ea6e1476ff4a18d4b4b864c3065d18ed99c69af.tar.gz |
file-systems: Spawn a REPL only when interaction is possible.
Fixes <https://bugs.gnu.org/23697>.
Reported by Jan Nieuwenhuizen <janneke@gnu.org>.
* gnu/build/file-systems.scm (check-file-system): Call 'start-repl' only
if current-input-port passes 'isatty?'.
* gnu/services/shepherd.scm (shepherd-configuration-file): After
'for-each' expression, call 'redirect-port'.
* gnu/tests/base.scm (run-basic-test)["stdin is /dev/null"]: New test.
-rw-r--r-- | gnu/build/file-systems.scm | 9 | ||||
-rw-r--r-- | gnu/services/shepherd.scm | 12 | ||||
-rw-r--r-- | gnu/tests/base.scm | 15 |
3 files changed, 32 insertions, 4 deletions
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index 3f97afeedd..efd744acc1 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -535,10 +535,13 @@ were found." (sleep 3) (reboot)) ('fatal-error - (format (current-error-port) - "File system check on ~a failed; spawning Bourne-like REPL~%" + (format (current-error-port) "File system check on ~a failed~%" device) - (start-repl %bournish-language))) + + ;; Spawn a REPL only if someone would be able to interact with it. + (when (isatty? (current-input-port)) + (format (current-error-port) "Spawning Bourne-like REPL.~%") + (start-repl %bournish-language)))) (format (current-error-port) "No file system check procedure for ~a; skipping~%" device))) diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm index 49d08cc30f..12d649f542 100644 --- a/gnu/services/shepherd.scm +++ b/gnu/services/shepherd.scm @@ -281,7 +281,17 @@ stored." (start service))) '#$(append-map shepherd-service-provision (filter shepherd-service-auto-start? - services))))))) + services))) + + ;; Hang up stdin. At this point, we assume that 'start' methods + ;; that required user interaction on the console (e.g., + ;; 'cryptsetup open' invocations, post-fsck emergency REPL) have + ;; completed. User interaction becomes impossible after this + ;; call; this avoids situations where services wrongfully lead + ;; PID 1 to read from stdin (the console), which users may not + ;; have access to (see <https://bugs.gnu.org/23697>). + (redirect-port (open-input-file "/dev/null") + (current-input-port)))))) (scheme-file "shepherd.conf" config))) diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm index 03392cef38..8d4e218a8f 100644 --- a/gnu/tests/base.scm +++ b/gnu/tests/base.scm @@ -123,6 +123,21 @@ initialization step, such as entering a LUKS passphrase." #f)))) marionette)) + (test-eq "stdin is /dev/null" + 'eof + ;; Make sure services can no longer read from stdin once the + ;; system has booted. + (marionette-eval + `(begin + (use-modules (gnu services herd)) + (start 'user-processes) + ((@@ (gnu services herd) eval-there) + '(let ((result (read (current-input-port)))) + (if (eof-object? result) + 'eof + result)))) + marionette)) + (test-assert "shell and user commands" ;; Is everything in $PATH? (zero? (marionette-eval '(system " |