diff options
author | Ludovic Courtès <ludo@gnu.org> | 2022-09-04 16:04:31 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2022-09-04 23:10:10 +0200 |
commit | 7a2acbdc5a9eed7c5dc3fe947f54fbebd89c0892 (patch) | |
tree | 76986fb2c92589dc53d21ddd73001d72af855774 /guix | |
parent | 2028419e30719e3f1f7aca3d4531f1686c3ebb62 (diff) |
store: Open daemon connections with SOCK_CLOEXEC.
Previously, 'guix shell' for example would leak the socket that's
connected to the daemon.
* guix/store.scm (open-unix-domain-socket, open-inet-socket): Pass
SOCK_CLOEXEC to 'socket'.
* tests/guix-shell.sh: Add test.
Diffstat (limited to 'guix')
-rw-r--r-- | guix/store.scm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/guix/store.scm b/guix/store.scm index e52aa420d9..4d21c5ff1a 100644 --- a/guix/store.scm +++ b/guix/store.scm @@ -457,7 +457,7 @@ '&store-connection-error' upon error." (let ((s (with-fluids ((%default-port-encoding #f)) ;; This trick allows use of the `scm_c_read' optimization. - (socket PF_UNIX SOCK_STREAM 0))) + (socket PF_UNIX (logior SOCK_STREAM SOCK_CLOEXEC) 0))) (a (make-socket-address PF_UNIX file))) (system-error-to-connection-error file @@ -485,7 +485,7 @@ ((ai rest ...) (let ((s (socket (addrinfo:fam ai) ;; TCP/IP only - SOCK_STREAM IPPROTO_IP))) + (logior SOCK_STREAM SOCK_CLOEXEC) IPPROTO_IP))) (catch 'system-error (lambda () |