picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

util: when sealing memfds, also use F_SEAL_SEAL

Browse source 
Let's be strict here, since its better to be safe than sorry.
This commit is contained in:
Lennart Poettering 2014-11-04 18:52:31 +01:00
parent 936c200f6c
commit db74cc0d47
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/shared/memfd-util.c
View file

@ -101,7 +101,7 @@ int memfd_set_sealed(int fd) {
assert(fd >= 0); assert(fd >= 0);
r = fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE); r = fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
if (r < 0) if (r < 0)
return -errno; return -errno;
@ -117,8 +117,7 @@ int memfd_get_sealed(int fd) {
if (r < 0) if (r < 0)
return -errno; return -errno;
return (r & (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)) == return r == (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
(F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
} }
int memfd_get_size(int fd, uint64_t *sz) { int memfd_get_size(int fd, uint64_t *sz) {