Sandbox2: Remove file sealing for in-memory files.

The `CreateMemFd` function sets the `MFD_ALLOW_SEALING` flag which enables seals to be set and creating an empty file seal.

PiperOrigin-RevId: 550850108
Change-Id: I1a84b7b14cc9396144048bbeb8995f2f7eca9fb7
This commit is contained in:
Oliver Kunz 2023-07-25 05:04:08 -07:00 committed by Copybara-Service
parent 04ed89906b
commit eaa175c8d2

View File

@ -251,9 +251,8 @@ bool CreateMemFd(int* fd, const char* name) {
// Usually defined in linux/memfd.h. Define it here to avoid dependency on // Usually defined in linux/memfd.h. Define it here to avoid dependency on
// UAPI headers. // UAPI headers.
constexpr uintptr_t MFD_CLOEXEC = 0x0001; constexpr uintptr_t MFD_CLOEXEC = 0x0001;
constexpr uintptr_t MFD_ALLOW_SEALING = 0x0002;
int tmp_fd = Syscall(__NR_memfd_create, reinterpret_cast<uintptr_t>(name), int tmp_fd = Syscall(__NR_memfd_create, reinterpret_cast<uintptr_t>(name),
MFD_CLOEXEC | MFD_ALLOW_SEALING); MFD_CLOEXEC);
if (tmp_fd < 0) { if (tmp_fd < 0) {
if (errno == ENOSYS) { if (errno == ENOSYS) {
SAPI_RAW_LOG(ERROR, SAPI_RAW_LOG(ERROR,