diff options
author | Nicolas Viennot <Nicolas.Viennot@twosigma.com> | 2019-12-19 02:32:32 +0300 |
---|---|---|
committer | Andrei Vagin <avagin@gmail.com> | 2020-03-27 19:36:20 +0300 |
commit | 56d8e2455fb86b885775db6c236cbb04ba403f4d (patch) | |
tree | d91802ec2a62329e1a2dee569d338df63be220e4 /lib | |
parent | 29a1a88bcebaf9d83591077d2bec424da82c0e71 (diff) |
memfd: add seals support
See "man fcntl" for more information about seals.
memfd are the only files that can be sealed, currently. For this
reason, we dump the seal values in the MEMFD_INODE image.
Restoring seals must be done carefully as the seal F_SEAL_FUTURE_WRITE
prevents future write access. This means that any memory mapping with
write access must be restored before restoring the seals.
Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/py/images/pb2dict.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/py/images/pb2dict.py b/lib/py/images/pb2dict.py index a89850a1d..40a6036cf 100644 --- a/lib/py/images/pb2dict.py +++ b/lib/py/images/pb2dict.py @@ -124,6 +124,14 @@ rfile_flags_map = [ ('O_CLOEXEC', 0o02000000), ] +seals_flags_map = [ + ('F_SEAL_SEAL', 0x0001), + ('F_SEAL_SHRINK', 0x0002), + ('F_SEAL_GROW', 0x0004), + ('F_SEAL_WRITE', 0x0008), + ('F_SEAL_FUTURE_WRITE', 0x0010), +] + pmap_flags_map = [ ('PE_PARENT', 1 << 0), ('PE_LAZY', 1 << 1), @@ -136,6 +144,7 @@ flags_maps = { 'mmap.status': mmap_status_map, 'rfile.flags': rfile_flags_map, 'pmap.flags': pmap_flags_map, + 'seals.flags': seals_flags_map, } gen_maps = { |