PulseAudio Marge Bot pushed to branch master at PulseAudio / pulseaudio
Commits: 7d063d65 by Rudi Heitbaum at 2023-08-12T15:58:11+00:00 shm: use MFD_NOEXEC_SEAL for shared memory ref: https://lore.kernel.org/lkml/[email protected]/ The new MFD_NOEXEC_SEAL and MFD_EXEC flags allows application to set executable bit at creation time (memfd_create). When MFD_NOEXEC_SEAL is set, memfd is created without executable bit (mode:0666), and sealed with F_SEAL_EXEC, so it can't be chmod to be executable (mode: 0777) after creation. when MFD_EXEC flag is set, memfd is created with executable bit (mode:0777), this is the same as the old behavior of memfd_create. Signed-off-by: Rudi Heitbaum <[email protected]> Part-of: <https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/merge_requests/792> - - - - - 2 changed files: - src/pulsecore/memfd-wrappers.h - src/pulsecore/shm.c Changes: ===================================== src/pulsecore/memfd-wrappers.h ===================================== @@ -66,4 +66,8 @@ static inline int memfd_create(const char *name, unsigned int flags) { #endif /* HAVE_MEMFD && !HAVE_MEMFD_CREATE */ +#ifndef MFD_NOEXEC_SEAL +#define MFD_NOEXEC_SEAL 0x0008U +#endif + #endif ===================================== src/pulsecore/shm.c ===================================== @@ -164,7 +164,7 @@ static int sharedmem_create(pa_shm *m, pa_mem_type_t type, size_t size, mode_t m #endif #ifdef HAVE_MEMFD case PA_MEM_TYPE_SHARED_MEMFD: - fd = memfd_create("pulseaudio", MFD_ALLOW_SEALING|MFD_CLOEXEC); + fd = memfd_create("pulseaudio", MFD_ALLOW_SEALING|MFD_CLOEXEC|MFD_NOEXEC_SEAL); break; #endif default: View it on GitLab: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/commit/7d063d6544b9a2686c6ea5929abf1612d394bd41 -- View it on GitLab: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/commit/7d063d6544b9a2686c6ea5929abf1612d394bd41 You're receiving this email because of your account on gitlab.freedesktop.org.
