Use /proc/self/fd to efficiently close all FDs on Linux

Issue #1506.

src/libstore/build.cc

@@ -2556,7 +2556,7 @@ void DerivationGoal::runChild()
             throw SysError(format("changing into '%1%'") % tmpDir);
 
         /* Close all other file descriptors. */
-        closeMostFDs(set<int>());
+        closeMostFDs({STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO});
 
 #if __linux__
         /* Change the personality to 32-bit if we're doing an

src/libutil/util.cc

@@ -310,6 +310,7 @@ string readLine(int fd)
     while (1) {
         checkInterrupt();
         char ch;
+        // FIXME: inefficient
         ssize_t rd = read(fd, &ch, 1);
         if (rd == -1) {
             if (errno != EINTR)
@@ -962,11 +963,24 @@ string runProgram(Path program, bool searchPath, const Strings & args,
 
 void closeMostFDs(const set<int> & exceptions)
 {
+#if __linux__
+    try {
+        for (auto & s : readDirectory("/proc/self/fd")) {
+            auto fd = std::stoi(s.name);
+            if (!exceptions.count(fd)) {
+                debug("closing leaked FD %d", fd);
+                close(fd);
+            }
+        }
+        return;
+    } catch (SysError &) {
+    }
+#endif
+
     int maxFD = 0;
     maxFD = sysconf(_SC_OPEN_MAX);
     for (int fd = 0; fd < maxFD; ++fd)
-        if (fd != STDIN_FILENO && fd != STDOUT_FILENO && fd != STDERR_FILENO
+        if (!exceptions.count(fd))
-            && exceptions.find(fd) == exceptions.end())
             close(fd); /* ignore result */
 }
 

src/libutil/util.hh

@@ -261,8 +261,8 @@ public:
    list of strings. */
 std::vector<char *> stringsToCharPtrs(const Strings & ss);
 
-/* Close all file descriptors except stdin, stdout, stderr, and those
+/* Close all file descriptors except those listed in the given set.
-   listed in the given set.  Good practice in child processes. */
+   Good practice in child processes. */
 void closeMostFDs(const set<int> & exceptions);
 
 /* Set the close-on-exec flag for the given file descriptor. */