From 6abdcef4a68e98f538ab69fde096adc5f5ca4ff4 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 20 Sep 2022 19:20:53 +0200 Subject: linux-container: 'container-excursion*' marks its FDs as FD_CLOEXEC. Fixes . Reported by Mathieu Othacehe . Fixes a regression introduced with the Shepherd 0.9.2 upgrade in 1ba0e38267c9ff8bb476285091be6e297bbf136e, whereby IN and OUT would no longer be closed when 'fork+exec-command/container' would call 'exec-command*' as part of the THUNK passed to 'container-excursion*'. This is because the Shepherd 0.9.2 assumes file descriptors are properly marked as O_CLOEXEC and, consequently, 'exec-command' no longer run the close(2) loop prior to 'exec'. * gnu/build/linux-container.scm (container-excursion*): Add calls to 'fcntl'. --- gnu/build/linux-container.scm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'gnu/build/linux-container.scm') diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm index a0c8174721..73db127974 100644 --- a/gnu/build/linux-container.scm +++ b/gnu/build/linux-container.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 David Thompson -;;; Copyright © 2017, 2018, 2019 Ludovic Courtès +;;; Copyright © 2017-2019, 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -442,6 +442,10 @@ return the exit status." "Like 'container-excursion', but return the return value of THUNK." (match (pipe) ((in . out) + ;; Make sure IN and OUT are not inherited if THUNK forks + execs. + (fcntl in F_SETFD FD_CLOEXEC) + (fcntl out F_SETFD FD_CLOEXEC) + (match (container-excursion pid (lambda () (close-port in) -- cgit 1.4.1