[shepherd] 03/04: Update 'NEWS'.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[shepherd] 03/04: Update 'NEWS'.

From:	Ludovic Courtès
Subject:	[shepherd] 03/04: Update 'NEWS'.
Date:	Sat, 10 Sep 2022 17:05:49 -0400 (EDT)

civodul pushed a commit to branch master
in repository shepherd.

commit c7d6855f2f8ecc6ba087901793d8678189bd8b5d
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Sat Sep 10 17:47:31 2022 +0200

    Update 'NEWS'.
---
 NEWS | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/NEWS b/NEWS
index 3798b31..1a1aa67 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,35 @@ Copyright © 2013-2014, 2016, 2018-2020, 2022 Ludovic Courtès 
<ludo@gnu.org>
 
 Please send Shepherd bug reports to bug-guix@gnu.org.
 
+* Changes in version 0.9.2
+** File descriptors used internally are now all marked as close-on-exec
+
+Previously, services started indirectly with ‘exec-command’ (which is usually
+the case) would not inherit any file descriptor from shepherd because
+‘exec-command’ would explicitly close all of them.  However, services started
+with ‘make-system-constructor’ and processes created by some other means, such
+as calling ‘system*’, would inherit some of those descriptors, giving them
+more authority than intended.
+
+The change here consists in marking all internally-used file descriptors as
+“close-on-exec” (O_CLOEXEC), a feature that’s been available on GNU/Linux and
+GNU/Hurd for years but that so far wasn’t used consistently in shepherd.  This
+is now fixed.  As a side-effect, the file-descriptor-closing loop in
+‘exec-command’ is now gone.
+
+** Client connections with ‘herd’ are non-blocking
+
+Previously, a misbehaving client could send an incomplete command
+(s-expression), causing shepherd to hang while waiting for completion.  (Note
+that said client is required to run with the same UID as shepherd, so this was
+not a security issue.)
+
+** Directory of log file is created if it doesn’t exist
+
+When a service constructor is passed ‘#:log-file "/var/log/foo/bar.log"’,
+shepherd now created /var/log/foo if it doesn’t exist; previously it would
+fail gracelessly.
+
 * Changes in version 0.9.1
 ** ‘make-inetd-constructor’ now accepts a list of endpoints

[Prev in Thread]

Current Thread

[Next in Thread]

[shepherd] branch master updated (2c03542 -> 4740dcf), Ludovic Courtès, 2022/09/10
- [shepherd] 02/04: doc: Format 'make-inetd-constructor' documentation correctly., Ludovic Courtès, 2022/09/10
- [shepherd] 03/04: Update 'NEWS'., Ludovic Courtès <=
- [shepherd] 01/04: tests: Make file descriptor count deterministic., Ludovic Courtès, 2022/09/10
- [shepherd] 04/04: build: Bump to version 0.9.2., Ludovic Courtès, 2022/09/10

Prev by Date: [shepherd] 02/04: doc: Format 'make-inetd-constructor' documentation correctly.
Next by Date: [shepherd] 01/04: tests: Make file descriptor count deterministic.
Previous by thread: [shepherd] 02/04: doc: Format 'make-inetd-constructor' documentation correctly.
Next by thread: [shepherd] 01/04: tests: Make file descriptor count deterministic.
Index(es):
- Date
- Thread