mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Sandbox2: Remove file sealing for in-memory files.
The `CreateMemFd` function sets the `MFD_ALLOW_SEALING` flag which enables seals to be set and creating an empty file seal. PiperOrigin-RevId: 550850108 Change-Id: I1a84b7b14cc9396144048bbeb8995f2f7eca9fb7
This commit is contained in:
parent
04ed89906b
commit
eaa175c8d2
|
@ -251,9 +251,8 @@ bool CreateMemFd(int* fd, const char* name) {
|
||||||
// Usually defined in linux/memfd.h. Define it here to avoid dependency on
|
// Usually defined in linux/memfd.h. Define it here to avoid dependency on
|
||||||
// UAPI headers.
|
// UAPI headers.
|
||||||
constexpr uintptr_t MFD_CLOEXEC = 0x0001;
|
constexpr uintptr_t MFD_CLOEXEC = 0x0001;
|
||||||
constexpr uintptr_t MFD_ALLOW_SEALING = 0x0002;
|
|
||||||
int tmp_fd = Syscall(__NR_memfd_create, reinterpret_cast<uintptr_t>(name),
|
int tmp_fd = Syscall(__NR_memfd_create, reinterpret_cast<uintptr_t>(name),
|
||||||
MFD_CLOEXEC | MFD_ALLOW_SEALING);
|
MFD_CLOEXEC);
|
||||||
if (tmp_fd < 0) {
|
if (tmp_fd < 0) {
|
||||||
if (errno == ENOSYS) {
|
if (errno == ENOSYS) {
|
||||||
SAPI_RAW_LOG(ERROR,
|
SAPI_RAW_LOG(ERROR,
|
||||||
|
|
Loading…
Reference in New Issue
Block a user