Merge pull request #27659 from yuwata/memfd-seal

memfd-util: handle F_SEAL_EXEC flag
2025-01-26 14:04:03 +03:00 · 2023-05-16 22:00:57 +08:00 · 2023-05-16 22:00:57 +08:00 · 329f4b06f5
commit 329f4b06f5
parent 0313c41068 3418ca21ed
4 changed files with 48 additions and 2 deletions
--- a/src/basic/memfd-util.c
+++ b/src/basic/memfd-util.c
@ -92,9 +92,15 @@ int memfd_map(int fd, uint64_t offset, size_t size, void **p) {
 }

 int memfd_set_sealed(int fd) {
+        int r;
+
        assert(fd >= 0);

-        return RET_NERRNO(fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL));
+        r = RET_NERRNO(fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_EXEC | F_SEAL_SEAL));
+        if (r == -EINVAL) /* old kernel ? */
+                r = RET_NERRNO(fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL));
+
+        return r;
 }

 int memfd_get_sealed(int fd) {
@ -106,7 +112,8 @@ int memfd_get_sealed(int fd) {
        if (r < 0)
                return -errno;

-        return r == (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
+        /* We ignore F_SEAL_EXEC here to support older kernels. */
+        return FLAGS_SET(r, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
 }

 int memfd_get_size(int fd, uint64_t *sz) {
--- a/src/basic/missing_fcntl.h
+++ b/src/basic/missing_fcntl.h
@ -25,6 +25,14 @@
 #define F_SEAL_WRITE    0x0008  /* prevent writes */
 #endif

+#ifndef F_SEAL_FUTURE_WRITE
+#define F_SEAL_FUTURE_WRITE 0x0010 /* prevent future writes while mapped */
+#endif
+
+#ifndef F_SEAL_EXEC
+#define F_SEAL_EXEC     0x0020  /* prevent chmod modifying exec bits */
+#endif
+
 #ifndef F_OFD_GETLK
 #define F_OFD_GETLK     36
 #define F_OFD_SETLK     37
--- a/src/test/meson.build
+++ b/src/test/meson.build
@ -112,6 +112,7 @@ simple_tests += files(
        'test-log.c',
        'test-logarithm.c',
        'test-macro.c',
+        'test-memfd-util.c',
        'test-memory-util.c',
        'test-mempool.c',
        'test-mkdir.c',
--- a/src/test/test-memfd-util.c
+++ b/src/test/test-memfd-util.c
@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <unistd.h>
+
+#include "errno-util.h"
+#include "fd-util.h"
+#include "memfd-util.h"
+#include "string-util.h"
+#include "tests.h"
+
+TEST(memfd_get_sealed) {
+#define TEST_TEXT "this is some random test text we are going to write to a memfd"
+        _cleanup_close_ int fd = -EBADF;
+
+        fd = memfd_new("test-memfd-get-sealed");
+        if (fd < 0) {
+                assert_se(ERRNO_IS_NOT_SUPPORTED(fd));
+                return;
+        }
+
+        assert_se(write(fd, TEST_TEXT, strlen(TEST_TEXT)) == strlen(TEST_TEXT));
+        /* we'll leave the read offset at the end of the memfd, the fdopen_independent() descriptors should
+         * start at the beginning anyway */
+
+        assert_se(memfd_get_sealed(fd) == 0);
+        assert_se(memfd_set_sealed(fd) >= 0);
+        assert_se(memfd_get_sealed(fd) > 0);
+}
+
+DEFINE_TEST_MAIN(LOG_DEBUG);