summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--guix/store.scm4
-rw-r--r--tests/guix-shell.sh10
2 files changed, 12 insertions, 2 deletions
diff --git a/guix/store.scm b/guix/store.scm
index e52aa420d9..4d21c5ff1a 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -457,7 +457,7 @@
 '&store-connection-error' upon error."
   (let ((s (with-fluids ((%default-port-encoding #f))
              ;; This trick allows use of the `scm_c_read' optimization.
-             (socket PF_UNIX SOCK_STREAM 0)))
+             (socket PF_UNIX (logior SOCK_STREAM SOCK_CLOEXEC) 0)))
         (a (make-socket-address PF_UNIX file)))
 
     (system-error-to-connection-error file
@@ -485,7 +485,7 @@
       ((ai rest ...)
        (let ((s (socket (addrinfo:fam ai)
                         ;; TCP/IP only
-                        SOCK_STREAM IPPROTO_IP)))
+                        (logior SOCK_STREAM SOCK_CLOEXEC) IPPROTO_IP)))
 
          (catch 'system-error
            (lambda ()
diff --git a/tests/guix-shell.sh b/tests/guix-shell.sh
index 6340f90574..9a6b055264 100644
--- a/tests/guix-shell.sh
+++ b/tests/guix-shell.sh
@@ -38,6 +38,16 @@ guix shell --bootstrap --pure guile-bootstrap -- guile --version
 # Rejecting unsupported packages.
 ! guix shell -s armhf-linux intelmetool -n
 
+# Test approximately that the child process does not inherit extra file
+# descriptors.  Ideally we'd check there's nothing more than 0, 1, and 2, but
+# we cannot do that because (1) we might be inheriting additional FDs, for
+# example due to <https://issues.guix.gnu.org/57567>, and (2) Bash itself
+# opens a couple of extra FDs.
+initial_fd_list="$(echo /proc/$$/fd/*)"
+fd_list="$(guix shell --bootstrap guile-bootstrap -- \
+		 "$SHELL" -c 'echo /proc/$$/fd/*')"
+test "$(echo $fd_list | wc -w)" -le "$(echo $initial_fd_list | wc -w)"
+
 # Ignoring unauthorized files.
 cat > "$tmpdir/guix.scm" <<EOF
 This is a broken guix.scm file.