GNU bug report logs - #78757
shepherd: dangling file descriptor to /dev/console

Previous Next

Package: guix;

Reported by: burban <at> opopop.net

Date: Wed, 11 Jun 2025 14:55:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#78757: closed (shepherd: dangling file descriptor to
 /dev/console)
Date: Mon, 16 Jun 2025 13:38:08 +0000

[Message part 1 (text/plain, inline)]
Your message dated Mon, 16 Jun 2025 15:35:19 +0200
with message-id <87ldprdd2g.fsf <at> gnu.org>
and subject line Re: bug#78757: shepherd: dangling file descriptor to /dev/console
has caused the debbugs.gnu.org bug report #78757,
regarding shepherd: dangling file descriptor to /dev/console
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
78757: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78757
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: burban <at> opopop.net
To: bug-guix <at> gnu.org
Subject: shepherd: dangling file descriptor to /dev/console
Date: Tue, 10 Jun 2025 20:31:51 +0000

Hello,

All shepherd children have an open file descriptor to /dev/console,
probably because of the use of dup2 (and not dup3) in system.scm.

The pb. disapears if I force that flag with that code before I define
my services (context: shepherd used as init system on Debian):
(port-for-each (lambda (x)
                 (catch #t
		   (lambda ()
		     (when (= (fcntl x F_GETFD) 0)
		       (fcntl x F_SETFD FD_CLOEXEC)
		       (format #t "FD_CLOEXEC flag set on port ~a (fd: ~a)\n" x (port->fdes x))))
		   (lambda (keys . args) (format #t "fcntl error for port ~a\n" x)))
		 ))


Sincerely.

-- 

Bernard




[Message part 3 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: burban <at> opopop.net
Cc: 78757-done <at> debbugs.gnu.org
Subject: Re: bug#78757: shepherd: dangling file descriptor to /dev/console
Date: Mon, 16 Jun 2025 15:35:19 +0200

Hi,

burban <at> opopop.net writes:

>> ‘shepherd’ marks all previously-opened FDs as O_CLOEXEC upfront—see
>> ‘mark-as-close-on-exec’ in ‘shepherd.scm’.  Those opened later are
>> opened with O_CLOEXEC, except for user code that explicitly omits the
>> O_CLOEXEC flag.
>
> Hmmm.... I have at one point (before the above (port-for-each ...)
>
> (define *s* (open-output-file "/proc/self/fd/1"))
>
> to have an early log output to (on ordinary PC) /dev/tty1. But maybe /dev/tty1
> is a synonym for /dev/console. Let's test that:
>
> (fileno *s*) returns 19 indeed! Now all I have to do is (fcntl *s*
> F_SETFD FD_CLOEXEC) after creating *s*.

Ah yes, it’s easy to shot oneself in the foot.  ;-)

To reduce the risks, ‘shepherd’ replaces ‘call-with-input-file’ and
‘call-with-output-file’ with O_CLOEXEC variants (commit
47c693d51a991e9a3d5ed6e75760c61e329cc537) because it wouldn’t make much
sense to not have O_CLOEXEC for these.  However, the other procedures
are left unchanged because users might need it.

> So you can close that ticket.

Thanks,
Ludo’.
This bug report was last modified 2 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.