summary refs log tree commit diff
path: root/tests
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2022-09-04 16:04:31 +0200
committerLudovic Courtès <ludo@gnu.org>2022-09-04 23:10:10 +0200
commit7a2acbdc5a9eed7c5dc3fe947f54fbebd89c0892 (patch)
tree76986fb2c92589dc53d21ddd73001d72af855774 /tests
parent2028419e30719e3f1f7aca3d4531f1686c3ebb62 (diff)
downloadguix-7a2acbdc5a9eed7c5dc3fe947f54fbebd89c0892.tar.gz
store: Open daemon connections with SOCK_CLOEXEC.
Previously, 'guix shell' for example would leak the socket that's
connected to the daemon.

* guix/store.scm (open-unix-domain-socket, open-inet-socket): Pass
SOCK_CLOEXEC to 'socket'.
* tests/guix-shell.sh: Add test.
Diffstat (limited to 'tests')
-rw-r--r--tests/guix-shell.sh10
1 files changed, 10 insertions, 0 deletions
diff --git a/tests/guix-shell.sh b/tests/guix-shell.sh
index 6340f90574..9a6b055264 100644
--- a/tests/guix-shell.sh
+++ b/tests/guix-shell.sh
@@ -38,6 +38,16 @@ guix shell --bootstrap --pure guile-bootstrap -- guile --version
 # Rejecting unsupported packages.
 ! guix shell -s armhf-linux intelmetool -n
 
+# Test approximately that the child process does not inherit extra file
+# descriptors.  Ideally we'd check there's nothing more than 0, 1, and 2, but
+# we cannot do that because (1) we might be inheriting additional FDs, for
+# example due to <https://issues.guix.gnu.org/57567>, and (2) Bash itself
+# opens a couple of extra FDs.
+initial_fd_list="$(echo /proc/$$/fd/*)"
+fd_list="$(guix shell --bootstrap guile-bootstrap -- \
+		 "$SHELL" -c 'echo /proc/$$/fd/*')"
+test "$(echo $fd_list | wc -w)" -le "$(echo $initial_fd_list | wc -w)"
+
 # Ignoring unauthorized files.
 cat > "$tmpdir/guix.scm" <<EOF
 This is a broken guix.scm file.