From: David Rheinsberg Date: Mon, 17 Jul 2023 09:48:50 +0000 (+0200) Subject: basic/memfd: drop test for F_SEAL_SEAL X-Git-Tag: v255-rc1~850^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d268b22b25f4a911067b3779f06dce8355af6868;p=thirdparty%2Fsystemd.git basic/memfd: drop test for F_SEAL_SEAL With `F_SEAL_SEAL` a memfd can disable further sealing operations, effectively sealing the set of seals. Testing for it ensures that no further seals can be added, it never prevents seals from being dropped, since seals cannot be dropped, ever. Now testing for `F_SEAL_SEAL` makes sense if you want to ensure that some seals are *not* set. That is, you either test for the entire set of seals to match a local set, or you verify that a specific seal is not set. Neither is what we are doing, so it feels wrong requiring it to be set. By dropping the requirement for `F_SEAL_SEAL`, the same FD can be shared with other entities while retaining the ability to further restrict the set of seals later on (e.g., being able to mark a region as executable later on, and then adding `F_SEAL_EXEC`). --- diff --git a/src/basic/memfd-util.c b/src/basic/memfd-util.c index 8e6946642b7..c4e36b0ad45 100644 --- a/src/basic/memfd-util.c +++ b/src/basic/memfd-util.c @@ -113,7 +113,7 @@ int memfd_get_sealed(int fd) { return -errno; /* We ignore F_SEAL_EXEC here to support older kernels. */ - return FLAGS_SET(r, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL); + return FLAGS_SET(r, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE); } int memfd_get_size(int fd, uint64_t *sz) {