memfd: disallow importing memfds without sealing

[elogind.git] / src / shared / memfd.c

diff --git a/src/shared/memfd.c b/src/shared/memfd.c
index dcebfc9d6f8e3aee704a9b655ac1d7136e7f427b..6804b423616bf507b925ccb0676b6c9b608701f8 100644 (file)
--- a/src/shared/memfd.c
+++ b/src/shared/memfd.c
@@ -39,16 +39,11 @@ struct sd_memfd {
 
 int sd_memfd_new(sd_memfd **m, const char *name) {
 
-        _cleanup_close_ int kdbus = -1;
         _cleanup_free_ char *g = NULL;
         sd_memfd *n;
 
         assert_return(m, -EINVAL);
 
-        kdbus = open("/dev/kdbus/control", O_RDWR|O_NOCTTY|O_CLOEXEC);
-        if (kdbus < 0)
-                return -errno;
-
         if (name) {
                 /* The kernel side is pretty picky about the character
                  * set here, let's do the usual bus escaping to deal
@@ -102,12 +97,17 @@ int sd_memfd_new(sd_memfd **m, const char *name) {
 
 int sd_memfd_new_from_fd(sd_memfd **m, int fd) {
         sd_memfd *n;
+        int r;
 
         assert_return(m, -EINVAL);
         assert_return(fd >= 0, -EINVAL);
 
-        /* Check if this is a sealable fd */
-        if (fcntl(fd, F_GET_SEALS) < 0)
+        /* Check if this is a sealable fd. The kernel sets F_SEAL_SEAL on memfds
+         * that don't support sealing, so check for that, too. A file with
+         * *only* F_SEAL_SEAL set is the same as a random shmem file, so no
+         * reason to allow opening it as memfd. */
+        r = fcntl(fd, F_GET_SEALS);
+        if (r < 0 || r == F_SEAL_SEAL)
                 return -ENOTTY;
 
         n = new0(struct sd_memfd, 1);