GNU bug report logs - #78757
shepherd: dangling file descriptor to /dev/console

Previous Next

Package: guix;

Reported by: burban <at> opopop.net

Date: Wed, 11 Jun 2025 14:55:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#78757: closed (shepherd: dangling file descriptor to
 /dev/console)
Date: Mon, 16 Jun 2025 13:38:08 +0000

[Message part 1 (text/plain, inline)]
Your message dated Mon, 16 Jun 2025 15:35:19 +0200
with message-id <87ldprdd2g.fsf <at> gnu.org>
and subject line Re: bug#78757: shepherd: dangling file descriptor to /dev/console
has caused the debbugs.gnu.org bug report #78757,
regarding shepherd: dangling file descriptor to /dev/console
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
78757: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78757
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: burban <at> opopop.net
To: bug-guix <at> gnu.org
Subject: shepherd: dangling file descriptor to /dev/console
Date: Tue, 10 Jun 2025 20:31:51 +0000

Hello,

All shepherd children have an open file descriptor to /dev/console,
probably because of the use of dup2 (and not dup3) in system.scm.

The pb. disapears if I force that flag with that code before I define
my services (context: shepherd used as init system on Debian):
(port-for-each (lambda (x)
                 (catch #t
		   (lambda ()
		     (when (= (fcntl x F_GETFD) 0)
		       (fcntl x F_SETFD FD_CLOEXEC)
		       (format #t "FD_CLOEXEC flag set on port ~a (fd: ~a)\n" x (port->fdes x))))
		   (lambda (keys . args) (format #t "fcntl error for port ~a\n" x)))
		 ))


Sincerely.

-- 

Bernard




[Message part 3 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: burban <at> opopop.net
Cc: 78757-done <at> debbugs.gnu.org
Subject: Re: bug#78757: shepherd: dangling file descriptor to /dev/console
Date: Mon, 16 Jun 2025 15:35:19 +0200

Hi,

burban <at> opopop.net writes:

>> ‘shepherd’ marks all previously-opened FDs as O_CLOEXEC upfront—see
>> ‘mark-as-close-on-exec’ in ‘shepherd.scm’.  Those opened later are
>> opened with O_CLOEXEC, except for user code that explicitly omits the
>> O_CLOEXEC flag.
>
> Hmmm.... I have at one point (before the above (port-for-each ...)
>
> (define *s* (open-output-file "/proc/self/fd/1"))
>
> to have an early log output to (on ordinary PC) /dev/tty1. But maybe /dev/tty1
> is a synonym for /dev/console. Let's test that:
>
> (fileno *s*) returns 19 indeed! Now all I have to do is (fcntl *s*
> F_SETFD FD_CLOEXEC) after creating *s*.

Ah yes, it’s easy to shot oneself in the foot.  ;-)

To reduce the risks, ‘shepherd’ replaces ‘call-with-input-file’ and
‘call-with-output-file’ with O_CLOEXEC variants (commit
47c693d51a991e9a3d5ed6e75760c61e329cc537) because it wouldn’t make much
sense to not have O_CLOEXEC for these.  However, the other procedures
are left unchanged because users might need it.

> So you can close that ticket.

Thanks,
Ludo’.
This bug report was last modified 29 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.