shm: use MFD_NOEXEC_SEAL for shared memory (!792) · Merge requests · PulseAudio / pulseaudio

Rudi Heitbaum requested to merge heitbaum/pulseaudio:memfd into master Jul 14, 2023

Since kernel 6.3 the error memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=2996 'pactl' appears in the kernel logs. Include this patch as a followup to #1394 (closed) and !751 (merged)

ref:

https://elixir.bootlin.com/linux/v6.3/source/include/uapi/linux/memfd.h#L12
https://lore.kernel.org/lkml/20221207154939.2532830-4-jeffxu@google.com/

The new MFD_NOEXEC_SEAL and MFD_EXEC flags allows application to set executable bit at creation time (memfd_create).

When MFD_NOEXEC_SEAL is set, memfd is created without executable bit (mode:0666), and sealed with F_SEAL_EXEC, so it can't be chmod to be executable (mode: 0777) after creation.

when MFD_EXEC flag is set, memfd is created with executable bit (mode:0777), this is the same as the old behavior of memfd_create.

shm: use MFD_NOEXEC_SEAL for shared memory

Merge request reports