util: when sealing memfds, also use F_SEAL_SEAL
Let's be strict here, since its better to be safe than sorry.
This commit is contained in:
parent
936c200f6c
commit
db74cc0d47
|
@ -101,7 +101,7 @@ int memfd_set_sealed(int fd) {
|
||||||
|
|
||||||
assert(fd >= 0);
|
assert(fd >= 0);
|
||||||
|
|
||||||
r = fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
|
r = fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
||||||
|
@ -117,8 +117,7 @@ int memfd_get_sealed(int fd) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
||||||
return (r & (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)) ==
|
return r == (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
|
||||||
(F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int memfd_get_size(int fd, uint64_t *sz) {
|
int memfd_get_size(int fd, uint64_t *sz) {
|
||||||
|
|
Loading…
Reference in a new issue