return memfd_create_wrapper(name, MFD_ALLOW_SEALING | MFD_CLOEXEC | MFD_NOEXEC_SEAL);
}
+int memfd_add_seals(int fd, unsigned int seals) {
+ assert(fd >= 0);
+
+ return RET_NERRNO(fcntl(fd, F_ADD_SEALS, seals));
+}
+
+int memfd_get_seals(int fd, unsigned int *ret_seals) {
+ int r;
+
+ assert(fd >= 0);
+
+ r = RET_NERRNO(fcntl(fd, F_GET_SEALS));
+ if (r < 0)
+ return r;
+
+ if (ret_seals)
+ *ret_seals = r;
+ return 0;
+}
+
int memfd_map(int fd, uint64_t offset, size_t size, void **p) {
void *q;
int sealed;
}
int memfd_set_sealed(int fd) {
- assert(fd >= 0);
-
- return RET_NERRNO(fcntl(fd, F_ADD_SEALS, F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE));
+ return memfd_add_seals(fd, F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
}
int memfd_get_sealed(int fd) {
+ unsigned int seals;
int r;
- assert(fd >= 0);
-
- r = fcntl(fd, F_GET_SEALS);
+ r = memfd_get_seals(fd, &seals);
if (r < 0)
- return -errno;
+ return r;
/* We ignore F_SEAL_EXEC here to support older kernels. */
- return FLAGS_SET(r, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
+ return FLAGS_SET(seals, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
}
int memfd_get_size(int fd, uint64_t *sz) {
int memfd_new_and_map(const char *name, size_t sz, void **p);
int memfd_new_and_seal(const char *name, const void *data, size_t sz);
+int memfd_add_seals(int fd, unsigned int seals);
+int memfd_get_seals(int fd, unsigned int *ret_seals);
int memfd_map(int fd, uint64_t offset, size_t size, void **p);
int memfd_set_sealed(int fd);
projects / thirdparty / systemd.git / commitdiff
