diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-11-04 18:52:31 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-11-04 18:52:34 +0100 |
commit | db74cc0d4748f08d2c7c2e9cf82dce9ffce9c36b (patch) | |
tree | 41b9a2ff9ad1764d04a795f267174ed18f04f8a8 | |
parent | 936c200f6cc62f62f347b0e3cbfbf2355a44a17c (diff) |
util: when sealing memfds, also use F_SEAL_SEAL
Let's be strict here, since its better to be safe than sorry.
-rw-r--r-- | src/shared/memfd-util.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/shared/memfd-util.c b/src/shared/memfd-util.c index 21ecf4b32b..6624c5e7db 100644 --- a/src/shared/memfd-util.c +++ b/src/shared/memfd-util.c @@ -101,7 +101,7 @@ int memfd_set_sealed(int fd) { assert(fd >= 0); - r = fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE); + r = fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL); if (r < 0) return -errno; @@ -117,8 +117,7 @@ int memfd_get_sealed(int fd) { if (r < 0) return -errno; - return (r & (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)) == - (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE); + return r == (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL); } int memfd_get_size(int fd, uint64_t *sz) { |