[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[shepherd] 07/10: service: Mark systemd listening sockets as SOCK_CLOEXE
|
From: |
Ludovic Courtès |
|
Subject: |
[shepherd] 07/10: service: Mark systemd listening sockets as SOCK_CLOEXEC. |
|
Date: |
Wed, 7 Sep 2022 17:19:10 -0400 (EDT) |
civodul pushed a commit to branch master
in repository shepherd.
commit c09657bc7f91fe43e334fadfb8ccfb7efd68b0ae
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Wed Sep 7 22:21:11 2022 +0200
service: Mark systemd listening sockets as SOCK_CLOEXEC.
* modules/shepherd/service.scm (close-on-exec-endpoint): Remove.
(endpoint->listening-socket): Use SOCK_CLOEXEC unconditionally.
(make-inetd-constructor): Remove use of 'close-on-exec-endpoint'.
---
modules/shepherd/service.scm | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
index 7b36a1d..5b0ef6c 100644
--- a/modules/shepherd/service.scm
+++ b/modules/shepherd/service.scm
@@ -1004,6 +1004,7 @@ false."
(dup2 1 2)
;; Make EXTRA-PORTS available starting from file descriptor 3.
+ ;; This clears their FD_CLOEXEC flag.
(let loop ((fd 3)
(ports extra-ports))
(match ports
@@ -1277,21 +1278,16 @@ permissions for its parent directory."
socket-owner socket-group
socket-directory-permissions))
-(define (close-on-exec-endpoint endpoint)
- "Return ENDPOINT with SOCK_CLOEXEC added to its 'style'."
- (match endpoint
- (($ <endpoint> name address style backlog
- owner group permissions)
- (make-endpoint name address (logior SOCK_CLOEXEC style) backlog
- owner group permissions))))
-
(define (endpoint->listening-socket endpoint)
"Return a listening socket for ENDPOINT."
(match endpoint
(($ <endpoint> name address style backlog
owner group permissions)
+ ;; Make listening sockets SOCK_CLOEXEC: inetd-style services don't pass
+ ;; them to the child process, and systemd-style do pass them but call
+ ;; 'dup2' right before 'exec', thereby clearing this property.
(let* ((sock (socket (sockaddr:fam address)
- (logior SOCK_NONBLOCK style)
+ (logior SOCK_NONBLOCK SOCK_CLOEXEC style)
0))
(owner (if (integer? owner)
owner
@@ -1555,10 +1551,7 @@ rejecting connection from ~:[~a~;~*local process~].")
#:socket-group socket-group
#:socket-directory-permissions
socket-directory-permissions)))))
- (sockets (open-sockets
- ;; Listening sockets are not passed to the child
- ;; process so they can be closed on 'exec'.
- (map close-on-exec-endpoint endpoints))))
+ (sockets (open-sockets endpoints)))
(for-each (lambda (endpoint socket)
(spawn-fiber
(accept-clients (endpoint-address endpoint)
- [shepherd] branch master updated (5c3a618 -> 978e5b4), Ludovic Courtès, 2022/09/07
- [shepherd] 04/10: shepherd: Mark client connection sockets as SOCK_NONBLOCK., Ludovic Courtès, 2022/09/07
- [shepherd] 07/10: service: Mark systemd listening sockets as SOCK_CLOEXEC.,
Ludovic Courtès <=
- [shepherd] 01/10: doc: Update inetd service example., Ludovic Courtès, 2022/09/07
- [shepherd] 09/10: shepherd: Upon startup, mark preexisting file descriptors as FD_CLOEXEC., Ludovic Courtès, 2022/09/07
- [shepherd] 10/10: shepherd: Add test ensuring proper use of close-on-exec., Ludovic Courtès, 2022/09/07
- [shepherd] 02/10: shepherd: Open listening socket as SOCK_NONBLOCK., Ludovic Courtès, 2022/09/07
- [shepherd] 03/10: shepherd: Mark client connection sockets as SOCK_CLOEXEC., Ludovic Courtès, 2022/09/07
- [shepherd] 05/10: system: Add 'pipe2' bindings., Ludovic Courtès, 2022/09/07
- [shepherd] 06/10: service: Mark service logging pipe as O_CLOEXEC., Ludovic Courtès, 2022/09/07
- [shepherd] 08/10: service: Mark inetd connection sockets as SOCK_CLOEXEC., Ludovic Courtès, 2022/09/07