2 files changed, 8 insertions, 8 deletions

diff --git a/src/journal/journal-send.c b/src/journal/journal-send.c
index bfc404e375..0ee83cdb77 100644
--- a/src/journal/journal-send.c
+++ b/src/journal/journal-send.c
@@ -32,6 +32,7 @@
 #include "sd-journal.h"
 #include "util.h"
 #include "socket-util.h"
+#include "memfd.h"
 
 #define SNDBUF_SIZE (8*1024*1024)
 
@@ -313,16 +314,16 @@ _public_ int sd_journal_sendv(const struct iovec *iov, int n) {
          * here, since we want this to be a tmpfs, and one that is
          * available from early boot on and where unprivileged users
          * can create files. */
-        buffer_fd = memfd_create("journal-message", MFD_ALLOW_SEALING | MFD_CLOEXEC);
+        buffer_fd = memfd_new(NULL);
         if (buffer_fd < 0) {
-                if (errno == ENOSYS) {
+                if (buffer_fd == -ENOSYS) {
                         buffer_fd = open_tmpfile("/dev/shm", O_RDWR | O_CLOEXEC);
                         if (buffer_fd < 0)
                                 return buffer_fd;
 
                         seal = false;
                 } else
-                        return -errno;
+                        return buffer_fd;
         }
 
         n = writev(buffer_fd, w, j);
@@ -330,9 +331,9 @@ _public_ int sd_journal_sendv(const struct iovec *iov, int n) {
                 return -errno;
 
         if (seal) {
-                r = fcntl(buffer_fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
+                r = memfd_set_sealed(buffer_fd);
                 if (r < 0)
-                        return -errno;
+                        return r;
         }
 
         mh.msg_iov = NULL;
diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
index 6a9ae8a6ce..d3735ec73c 100644
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@@ -33,6 +33,7 @@
 #include "journald-console.h"
 #include "journald-syslog.h"
 #include "journald-wall.h"
+#include "memfd.h"
 
 bool valid_user_field(const char *p, size_t l, bool allow_protected) {
         const char *a;
@@ -319,9 +320,7 @@ void server_process_native_file(
         /* If it's a memfd, check if it is sealed. If so, we can just
          * use map it and use it, and do not need to copy the data
          * out. */
-        r = fcntl(fd, F_GET_SEALS);
-        sealed = r >= 0 &&
-                (r & (F_SEAL_SHRINK|F_SEAL_GROW|F_SEAL_WRITE|F_SEAL_SEAL)) == (F_SEAL_SHRINK|F_SEAL_GROW|F_SEAL_WRITE|F_SEAL_SEAL);
+        sealed = memfd_get_sealed(fd) > 0;
 
         if (!sealed && (!ucred || ucred->uid != 0)) {
                 _cleanup_free_ char *sl = NULL, *k = NULL;