summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDavid Herrmann <dh.herrmann@gmail.com>2014-08-18 13:03:09 +0200
committerDavid Herrmann <dh.herrmann@gmail.com>2014-08-18 13:03:09 +0200
commitc7dab73a5fa6e775813765fe925caaa7c4e549fa (patch)
tree0dbff1668341b397f64baba02609c27a90cbdc8f /src
parent302e4b4963c471baefa60b220e3e05f93a49de45 (diff)
memfd: disallow importing memfds without sealing
We use memfds for sealing. Lets not bother with memfds created without MFD_ALLOW_SEALING for now. They're equivalent to random shmem files, so don't bother treating them as sealable memfds.
Diffstat (limited to 'src')
-rw-r--r--src/shared/memfd.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/shared/memfd.c b/src/shared/memfd.c
index 6a2e12196a..6804b42361 100644
--- a/src/shared/memfd.c
+++ b/src/shared/memfd.c
@@ -97,12 +97,17 @@ int sd_memfd_new(sd_memfd **m, const char *name) {
int sd_memfd_new_from_fd(sd_memfd **m, int fd) {
sd_memfd *n;
+ int r;
assert_return(m, -EINVAL);
assert_return(fd >= 0, -EINVAL);
- /* Check if this is a sealable fd */
- if (fcntl(fd, F_GET_SEALS) < 0)
+ /* Check if this is a sealable fd. The kernel sets F_SEAL_SEAL on memfds
+ * that don't support sealing, so check for that, too. A file with
+ * *only* F_SEAL_SEAL set is the same as a random shmem file, so no
+ * reason to allow opening it as memfd. */
+ r = fcntl(fd, F_GET_SEALS);
+ if (r < 0 || r == F_SEAL_SEAL)
return -ENOTTY;
n = new0(struct sd_memfd, 1);