memfd-util: introduce memfd_new_full() helper

This is just like memfd_new(), but allows fine grained control of the sealing flags. This switches over all uses of memfd_new() where we actually want sealing to use memfd_new_full(). This then allows use to use memfd_new() for two further calls, where we previously used the more lowlevel memfd_create_wrapper().
2025-01-09 01:18:19 +03:00 · 2024-12-16 11:28:46 +01:00 · 2024-12-16 11:28:46 +01:00 · 4d98709cb2
commit 4d98709cb2
parent 9b1d97cccd
7 changed files with 19 additions and 9 deletions
--- a/src/basic/memfd-util.c
+++ b/src/basic/memfd-util.c
@ -41,7 +41,7 @@ int memfd_create_wrapper(const char *name, unsigned mode) {
        return RET_NERRNO(memfd_create(name, mode_compat));
 }

-int memfd_new(const char *name) {
+int memfd_new_full(const char *name, unsigned extra_flags) {
        _cleanup_free_ char *g = NULL;

        if (!name) {
@ -70,7 +70,9 @@ int memfd_new(const char *name) {
                }
        }

-        return memfd_create_wrapper(name, MFD_ALLOW_SEALING | MFD_CLOEXEC | MFD_NOEXEC_SEAL);
+        return memfd_create_wrapper(
+                        name,
+                        MFD_CLOEXEC | MFD_NOEXEC_SEAL | extra_flags);
 }

 int memfd_add_seals(int fd, unsigned int seals) {
@ -183,7 +185,7 @@ int memfd_new_and_seal(const char *name, const void *data, size_t sz) {
        if (sz == SIZE_MAX)
                sz = strlen(data);

-        fd = memfd_new(name);
+        fd = memfd_new_full(name, MFD_ALLOW_SEALING);
        if (fd < 0)
                return fd;

--- a/src/basic/memfd-util.h
+++ b/src/basic/memfd-util.h
@ -8,8 +8,13 @@

 int memfd_create_wrapper(const char *name, unsigned mode);

-int memfd_new(const char *name);
+int memfd_new_full(const char *name, unsigned extra_flags);
+static inline int memfd_new(const char *name) {
+        return memfd_new_full(name, 0);
+}
+
 int memfd_new_and_map(const char *name, size_t sz, void **p);
+
 int memfd_new_and_seal(const char *name, const void *data, size_t sz);
 static inline int memfd_new_and_seal_string(const char *name, const char *s) {
        return memfd_new_and_seal(name, s, SIZE_MAX);
--- a/src/home/homed-home.c
+++ b/src/home/homed-home.c
@ -1271,7 +1271,7 @@ static int home_start_work(

        log_debug("Sending to worker: %s", formatted);

-        stdout_fd = memfd_create_wrapper("homework-stdout", MFD_CLOEXEC | MFD_NOEXEC_SEAL);
+        stdout_fd = memfd_new("homework-stdout");
        if (stdout_fd < 0)
                return stdout_fd;

--- a/src/libsystemd/sd-journal/journal-send.c
+++ b/src/libsystemd/sd-journal/journal-send.c
@ -22,6 +22,7 @@
 #include "iovec-util.h"
 #include "journal-send.h"
 #include "memfd-util.h"
+#include "missing_mman.h"
 #include "missing_syscall.h"
 #include "process-util.h"
 #include "socket-util.h"
@ -313,7 +314,7 @@ _public_ int sd_journal_sendv(const struct iovec *iov, int n) {

        /* Message doesn't fit... Let's dump the data in a memfd or temporary file and just pass a file
         * descriptor of it to the other side. */
-        buffer_fd = memfd_new("journal-data");
+        buffer_fd = memfd_new_full("journal-data", MFD_ALLOW_SEALING);
        if (buffer_fd < 0)
                return buffer_fd;

--- a/src/shared/data-fd-util.c
+++ b/src/shared/data-fd-util.c
@ -57,7 +57,7 @@ int copy_data_fd(int fd) {
        if (!S_ISREG(st.st_mode) || (uint64_t) st.st_size < DATA_FD_MEMORY_LIMIT) {

                /* Try a memfd first */
-                copy_fd = memfd_new("data-fd");
+                copy_fd = memfd_new_full("data-fd", MFD_ALLOW_SEALING);
                if (copy_fd < 0)
                        return copy_fd;

--- a/src/shared/serialize.c
+++ b/src/shared/serialize.c
@ -547,8 +547,9 @@ void deserialize_ratelimit(RateLimit *rl, const char *name, const char *value) {
 }

 int open_serialization_fd(const char *ident) {
+        assert(ident);

-        int fd = memfd_create_wrapper(ident, MFD_CLOEXEC | MFD_NOEXEC_SEAL);
+        int fd = memfd_new(ident);
        if (fd < 0)
                return fd;

--- a/src/test/test-memfd-util.c
+++ b/src/test/test-memfd-util.c
@ -5,6 +5,7 @@
 #include "errno-util.h"
 #include "fd-util.h"
 #include "memfd-util.h"
+#include "missing_mman.h"
 #include "string-util.h"
 #include "tests.h"

@ -12,7 +13,7 @@ TEST(memfd_get_sealed) {
 #define TEST_TEXT "this is some random test text we are going to write to a memfd"
        _cleanup_close_ int fd = -EBADF;

-        fd = memfd_new("test-memfd-get-sealed");
+        fd = memfd_new_full("test-memfd-get-sealed", MFD_ALLOW_SEALING);
        if (fd < 0) {
                assert_se(ERRNO_IS_NOT_SUPPORTED(fd));
                return;