search

bus1 / dbus-broker

Linux D-Bus Message Broker
https://github.com/bus1/dbus-broker/wiki
Apache License 2.0
661 stars 78 forks source link

memfd: provide proper abstractions #323

Closed dvdhrm closed 11 months ago

dvdhrm commented 12 months ago

Provide proper abstractions for memfd operations. This is especially necessary with the new MFD_EXEC and MFD_NOEXEC_SEAL features of the kernel, which requires all memfd users to update the code to use one of the new flags.

Unfortunately, they decided against providing MFD_NOEXEC, but instead just provide MFD_NOEXEC_SEAL, which is a combination of MFD_ALLOW_SEALING, MFD_NOEXEC, and F_SEAL_EXEC. This is really awkward to use in helpers, but I think I got something that works well enough.

Reported in #322.

dvdhrm commented 12 months ago

(updated to use MFD_EXEC with journald since it rejects F_SEAL_EXEC)