diff options
| author | Nicolas Viennot <Nicolas.Viennot@twosigma.com> | 2019-12-19 02:32:32 +0300 |
|---|---|---|
| committer | Andrei Vagin <avagin@gmail.com> | 2020-03-27 19:36:20 +0300 |
| commit | 56d8e2455fb86b885775db6c236cbb04ba403f4d (patch) | |
| tree | d91802ec2a62329e1a2dee569d338df63be220e4 /images/memfd.proto | |
| parent | 29a1a88bcebaf9d83591077d2bec424da82c0e71 (diff) | |
memfd: add seals support
See "man fcntl" for more information about seals.
memfd are the only files that can be sealed, currently. For this
reason, we dump the seal values in the MEMFD_INODE image.
Restoring seals must be done carefully as the seal F_SEAL_FUTURE_WRITE
prevents future write access. This means that any memory mapping with
write access must be restored before restoring the seals.
Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Diffstat (limited to 'images/memfd.proto')
| -rw-r--r-- | images/memfd.proto | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/images/memfd.proto b/images/memfd.proto index 8eccd6f4f..546ffc2ab 100644 --- a/images/memfd.proto +++ b/images/memfd.proto @@ -17,4 +17,5 @@ message memfd_inode_entry { required uint32 gid = 3; required uint64 size = 4; required uint32 shmid = 5; + required uint32 seals = 6 [(criu).flags = "seals.flags"]; }; |