From: David Herrmann Date: Mon, 18 Aug 2014 21:54:10 +0000 (+0200) Subject: bus: map sealed memfds as MAP_PRIVATE X-Git-Tag: v216~41 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;ds=sidebyside;h=1ac36c67dd4d3fb5b73939293673fcd6debae699;p=elogind.git bus: map sealed memfds as MAP_PRIVATE Mapping files as MAP_SHARED is handled by the kernel as 'writable' mapping. Always! Even with PROT_READ. Reason for that is, mprotect(PROT_WRITE) could change the mapping underneath and currently there is no kernel infrastructure to add protection there. This might change in the future, but until then, map sealed files as MAP_PRIVATE so we don't get EPERM. --- diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c index 3e6084217..c058b06f4 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -2840,7 +2840,7 @@ int bus_body_part_map(struct bus_body_part *part) { psz = PAGE_ALIGN(part->size); if (part->memfd >= 0) - p = mmap(NULL, psz, PROT_READ, MAP_SHARED, part->memfd, 0); + p = mmap(NULL, psz, PROT_READ, MAP_PRIVATE, part->memfd, 0); else if (part->is_zero) p = mmap(NULL, psz, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); else