memfd: add seals support

See "man fcntl" for more information about seals. memfd are the only files that can be sealed, currently. For this reason, we dump the seal values in the MEMFD_INODE image. Restoring seals must be done carefully as the seal F_SEAL_FUTURE_WRITE prevents future write access. This means that any memory mapping with write access must be restored before restoring the seals. Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
author: Nicolas Viennot <Nicolas.Viennot@twosigma.com> 2019-12-19 02:32:32 +0300
committer: Andrei Vagin <avagin@gmail.com> 2020-03-27 19:36:20 +0300
commit: 56d8e2455fb86b885775db6c236cbb04ba403f4d (patch)
tree: d91802ec2a62329e1a2dee569d338df63be220e4 /lib
parent: 29a1a88bcebaf9d83591077d2bec424da82c0e71 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/py/images/pb2dict.py b/lib/py/images/pb2dict.py
index a89850a1d..40a6036cf 100644
--- a/lib/py/images/pb2dict.py
+++ b/lib/py/images/pb2dict.py
@@ -124,6 +124,14 @@ rfile_flags_map = [
     ('O_CLOEXEC', 0o02000000),
 ]
 
+seals_flags_map = [
+    ('F_SEAL_SEAL', 0x0001),
+    ('F_SEAL_SHRINK', 0x0002),
+    ('F_SEAL_GROW', 0x0004),
+    ('F_SEAL_WRITE', 0x0008),
+    ('F_SEAL_FUTURE_WRITE', 0x0010),
+]
+
 pmap_flags_map = [
     ('PE_PARENT', 1 << 0),
     ('PE_LAZY', 1 << 1),
@@ -136,6 +144,7 @@ flags_maps = {
     'mmap.status': mmap_status_map,
     'rfile.flags': rfile_flags_map,
     'pmap.flags': pmap_flags_map,
+    'seals.flags': seals_flags_map,
 }
 
 gen_maps = {
author	Nicolas Viennot <Nicolas.Viennot@twosigma.com>	2019-12-19 02:32:32 +0300
committer	Andrei Vagin <avagin@gmail.com>	2020-03-27 19:36:20 +0300
commit	56d8e2455fb86b885775db6c236cbb04ba403f4d (patch)
tree	d91802ec2a62329e1a2dee569d338df63be220e4 /lib
parent	29a1a88bcebaf9d83591077d2bec424da82c0e71 (diff)