summary refs log tree commit diff
path: root/gnu/services/shepherd.scm
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2018-12-18 14:51:56 +0100
committerLudovic Courtès <ludo@gnu.org>2018-12-18 16:04:26 +0100
commit6ea6e1476ff4a18d4b4b864c3065d18ed99c69af (patch)
tree00cb5c5767ae74f8f6c5f22f4ba949206db81157 /gnu/services/shepherd.scm
parent65c8a043709e9e13f814211bba98c57eb00d9620 (diff)
downloadguix-6ea6e1476ff4a18d4b4b864c3065d18ed99c69af.tar.gz
file-systems: Spawn a REPL only when interaction is possible.
Fixes <https://bugs.gnu.org/23697>.
Reported by Jan Nieuwenhuizen <janneke@gnu.org>.

* gnu/build/file-systems.scm (check-file-system): Call 'start-repl' only
if current-input-port passes 'isatty?'.
* gnu/services/shepherd.scm (shepherd-configuration-file): After
'for-each' expression, call 'redirect-port'.
* gnu/tests/base.scm (run-basic-test)["stdin is /dev/null"]: New test.
Diffstat (limited to 'gnu/services/shepherd.scm')
-rw-r--r--gnu/services/shepherd.scm12
1 files changed, 11 insertions, 1 deletions
diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm
index 49d08cc30f..12d649f542 100644
--- a/gnu/services/shepherd.scm
+++ b/gnu/services/shepherd.scm
@@ -281,7 +281,17 @@ stored."
                             (start service)))
                         '#$(append-map shepherd-service-provision
                                        (filter shepherd-service-auto-start?
-                                               services)))))))
+                                               services)))
+
+              ;; Hang up stdin.  At this point, we assume that 'start' methods
+              ;; that required user interaction on the console (e.g.,
+              ;; 'cryptsetup open' invocations, post-fsck emergency REPL) have
+              ;; completed.  User interaction becomes impossible after this
+              ;; call; this avoids situations where services wrongfully lead
+              ;; PID 1 to read from stdin (the console), which users may not
+              ;; have access to (see <https://bugs.gnu.org/23697>).
+              (redirect-port (open-input-file "/dev/null")
+                             (current-input-port))))))
 
     (scheme-file "shepherd.conf" config)))