From 491dd62b38e1772f3e50de58118d9b9ac97272ff Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Mon, 12 Sep 2022 14:32:21 +0200
Subject: secret-service: Mark sockets as SOCK_CLOEXEC.

* gnu/build/secret-service.scm (secret-service-send-secrets)
(secret-service-receive-secrets): Pass SOCK_CLOEXEC to 'socket'.
---
 gnu/build/secret-service.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu/build')

diff --git a/gnu/build/secret-service.scm b/gnu/build/secret-service.scm
index 1baa058635..b362b901be 100644
--- a/gnu/build/secret-service.scm
+++ b/gnu/build/secret-service.scm
@@ -119,7 +119,7 @@ wait for at most HANDSHAKE-TIMEOUT seconds for handshake to complete.  Return
                 files)))
 
   (log "sending secrets to ~a~%" port)
-  (let ((sock (socket AF_INET SOCK_STREAM 0))
+  (let ((sock (socket AF_INET (logior SOCK_CLOEXEC SOCK_STREAM) 0))
         (addr (make-socket-address AF_INET INADDR_LOOPBACK port))
         (sleep (if (resolve-module '(fibers) #f)
                    (module-ref (resolve-interface '(fibers)) 'sleep)
@@ -177,7 +177,7 @@ and #f otherwise."
     ;; Wait for a TCP connection on PORT.  Note: We cannot use the
     ;; virtio-serial ports, which would be safer, because they are
     ;; (presumably) unsupported on GNU/Hurd.
-    (let ((sock (socket AF_INET SOCK_STREAM 0)))
+    (let ((sock (socket AF_INET (logior SOCK_CLOEXEC SOCK_STREAM) 0)))
       (bind sock AF_INET INADDR_ANY port)
       (listen sock 1)
       (log "waiting for secrets on port ~a...~%" port)
-- 
cgit v1.2.3