diff options
-rw-r--r-- | guix/store.scm | 4 | ||||
-rw-r--r-- | tests/guix-shell.sh | 10 |
2 files changed, 12 insertions, 2 deletions
diff --git a/guix/store.scm b/guix/store.scm index e52aa420d9..4d21c5ff1a 100644 --- a/guix/store.scm +++ b/guix/store.scm @@ -457,7 +457,7 @@ '&store-connection-error' upon error." (let ((s (with-fluids ((%default-port-encoding #f)) ;; This trick allows use of the `scm_c_read' optimization. - (socket PF_UNIX SOCK_STREAM 0))) + (socket PF_UNIX (logior SOCK_STREAM SOCK_CLOEXEC) 0))) (a (make-socket-address PF_UNIX file))) (system-error-to-connection-error file @@ -485,7 +485,7 @@ ((ai rest ...) (let ((s (socket (addrinfo:fam ai) ;; TCP/IP only - SOCK_STREAM IPPROTO_IP))) + (logior SOCK_STREAM SOCK_CLOEXEC) IPPROTO_IP))) (catch 'system-error (lambda () diff --git a/tests/guix-shell.sh b/tests/guix-shell.sh index 6340f90574..9a6b055264 100644 --- a/tests/guix-shell.sh +++ b/tests/guix-shell.sh @@ -38,6 +38,16 @@ guix shell --bootstrap --pure guile-bootstrap -- guile --version # Rejecting unsupported packages. ! guix shell -s armhf-linux intelmetool -n +# Test approximately that the child process does not inherit extra file +# descriptors. Ideally we'd check there's nothing more than 0, 1, and 2, but +# we cannot do that because (1) we might be inheriting additional FDs, for +# example due to <https://issues.guix.gnu.org/57567>, and (2) Bash itself +# opens a couple of extra FDs. +initial_fd_list="$(echo /proc/$$/fd/*)" +fd_list="$(guix shell --bootstrap guile-bootstrap -- \ + "$SHELL" -c 'echo /proc/$$/fd/*')" +test "$(echo $fd_list | wc -w)" -le "$(echo $initial_fd_list | wc -w)" + # Ignoring unauthorized files. cat > "$tmpdir/guix.scm" <<EOF This is a broken guix.scm file. |