summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-11-04 18:52:31 +0100
committerLennart Poettering <lennart@poettering.net>2014-11-04 18:52:34 +0100
commitdb74cc0d4748f08d2c7c2e9cf82dce9ffce9c36b (patch)
tree41b9a2ff9ad1764d04a795f267174ed18f04f8a8
parent936c200f6cc62f62f347b0e3cbfbf2355a44a17c (diff)
util: when sealing memfds, also use F_SEAL_SEAL
Let's be strict here, since its better to be safe than sorry.
-rw-r--r--src/shared/memfd-util.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/src/shared/memfd-util.c b/src/shared/memfd-util.c
index 21ecf4b32b..6624c5e7db 100644
--- a/src/shared/memfd-util.c
+++ b/src/shared/memfd-util.c
@@ -101,7 +101,7 @@ int memfd_set_sealed(int fd) {
assert(fd >= 0);
- r = fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
+ r = fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
if (r < 0)
return -errno;
@@ -117,8 +117,7 @@ int memfd_get_sealed(int fd) {
if (r < 0)
return -errno;
- return (r & (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)) ==
- (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
+ return r == (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
}
int memfd_get_size(int fd, uint64_t *sz) {