basic/memfd: drop test for F_SEAL_SEAL

With `F_SEAL_SEAL` a memfd can disable further sealing operations,
effectively sealing the set of seals. Testing for it ensures that no
further seals can be added, it never prevents seals from being dropped,
since seals cannot be dropped, ever.

Now testing for `F_SEAL_SEAL` makes sense if you want to ensure that
some seals are *not* set. That is, you either test for the entire set of
seals to match a local set, or you verify that a specific seal is not
set. Neither is what we are doing, so it feels wrong requiring it to be
set.

By dropping the requirement for `F_SEAL_SEAL`, the same FD can be shared
with other entities while retaining the ability to further restrict the
set of seals later on (e.g., being able to mark a region as executable
later on, and then adding `F_SEAL_EXEC`).

diff --git a/src/basic/memfd-util.c b/src/basic/memfd-util.c
index 8e6946642b7b4e5809592bf1a380925a37d39efd..c4e36b0ad454d3623a90aad5d7fa8f9eea6f8f99 100644 (file)
--- a/src/basic/memfd-util.c
+++ b/src/basic/memfd-util.c
@@ -113,7 +113,7 @@ int memfd_get_sealed(int fd) {
                 return -errno;
 
         /* We ignore F_SEAL_EXEC here to support older kernels. */
-        return FLAGS_SET(r, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
+        return FLAGS_SET(r, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
 }
 
 int memfd_get_size(int fd, uint64_t *sz) {