secret-service: Mark sockets as SOCK_CLOEXEC.

* gnu/build/secret-service.scm (secret-service-send-secrets)
(secret-service-receive-secrets): Pass SOCK_CLOEXEC to 'socket'.
This commit is contained in:
Ludovic Courtès 2022-09-12 14:32:21 +02:00
parent 66fdaf3677
commit 491dd62b38
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5

@ -119,7 +119,7 @@ wait for at most HANDSHAKE-TIMEOUT seconds for handshake to complete. Return
files)))
(log "sending secrets to ~a~%" port)
(let ((sock (socket AF_INET SOCK_STREAM 0))
(let ((sock (socket AF_INET (logior SOCK_CLOEXEC SOCK_STREAM) 0))
(addr (make-socket-address AF_INET INADDR_LOOPBACK port))
(sleep (if (resolve-module '(fibers) #f)
(module-ref (resolve-interface '(fibers)) 'sleep)
@ -177,7 +177,7 @@ and #f otherwise."
;; Wait for a TCP connection on PORT. Note: We cannot use the
;; virtio-serial ports, which would be safer, because they are
;; (presumably) unsupported on GNU/Hurd.
(let ((sock (socket AF_INET SOCK_STREAM 0)))
(let ((sock (socket AF_INET (logior SOCK_CLOEXEC SOCK_STREAM) 0)))
(bind sock AF_INET INADDR_ANY port)
(listen sock 1)
(log "waiting for secrets on port ~a...~%" port)