From 56d8e2455fb86b885775db6c236cbb04ba403f4d Mon Sep 17 00:00:00 2001
From: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Date: Wed, 18 Dec 2019 23:32:32 +0000
Subject: memfd: add seals support

See "man fcntl" for more information about seals.

memfd are the only files that can be sealed, currently. For this
reason, we dump the seal values in the MEMFD_INODE image.

Restoring seals must be done carefully as the seal F_SEAL_FUTURE_WRITE
prevents future write access. This means that any memory mapping with
write access must be restored before restoring the seals.

Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
---
 images/memfd.proto | 1 +
 1 file changed, 1 insertion(+)

(limited to 'images/memfd.proto')

diff --git a/images/memfd.proto b/images/memfd.proto
index 8eccd6f4f..546ffc2ab 100644
--- a/images/memfd.proto
+++ b/images/memfd.proto
@@ -17,4 +17,5 @@ message memfd_inode_entry {
 	required uint32		gid		= 3;
 	required uint64		size		= 4;
 	required uint32		shmid		= 5;
+	required uint32		seals		= 6 [(criu).flags = "seals.flags"];
 };
-- 
cgit v1.2.3