summary refs log tree commit diff
path: root/gnu/services
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-03-02 20:34:37 +0100
committerLudovic Courtès <ludo@gnu.org>2015-03-02 20:34:37 +0100
commit16c33bfb073d5fd0ba45c0db9daa386c482cc99e (patch)
treec306614386c33d250722dfd0bf7414e4e109b165 /gnu/services
parent1204c5100e1a5985a2e320ebe816137659053077 (diff)
downloadguix-16c33bfb073d5fd0ba45c0db9daa386c482cc99e.tar.gz
services: xorg: Fix file descriptor leak from SLiM/xinitrc.
This reverts commit 9515b745547cff08ad5b958bc54323dab19f29b9.

* gnu/services/xorg.scm (xinitrc)[builder](close-all-fdes): Start from
  file descriptor 3.
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/xorg.scm12
1 files changed, 12 insertions, 0 deletions
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 69a89584e0..562f57ffa0 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -155,6 +155,13 @@ which should be passed to this script as the first argument.  If not, the
     #~(begin
         (use-modules (ice-9 match))
 
+        (define (close-all-fdes)
+          ;; Close all the open file descriptors except 0 to 2.
+          (let loop ((fd 3))
+            (when (< fd 4096)               ;FIXME: use sysconf + _SC_OPEN_MAX
+              (false-if-exception (close-fdes fd))
+              (loop (+ 1 fd)))))
+
         (define (exec-from-login-shell command . args)
           ;; Run COMMAND from a login shell so that it gets to see the same
           ;; environment variables that one gets when logging in on a tty, for
@@ -163,6 +170,11 @@ which should be passed to this script as the first argument.  If not, the
                  (shell (passwd:shell pw))
                  (st    (stat command #f)))
             (when (and st (not (zero? (logand (stat:mode st) #o100))))
+              ;; Close any open file descriptors.  This is all the more
+              ;; important that SLiM itself exec's us directly without closing
+              ;; its own file descriptors!
+              (close-all-fdes)
+
               ;; The '--login' option is supported at least by Bash and zsh.
               (execl shell shell "--login" "-c"
                      (string-join (cons command args))))))