Mapping files as MAP_SHARED is handled by the kernel as 'writable'
mapping. Always! Even with PROT_READ. Reason for that is,
mprotect(PROT_WRITE) could change the mapping underneath and currently
there is no kernel infrastructure to add protection there. This might
change in the future, but until then, map sealed files as MAP_PRIVATE so
we don't get EPERM.
psz = PAGE_ALIGN(part->size);
if (part->memfd >= 0)
psz = PAGE_ALIGN(part->size);
if (part->memfd >= 0)
- p = mmap(NULL, psz, PROT_READ, MAP_SHARED, part->memfd, 0);
+ p = mmap(NULL, psz, PROT_READ, MAP_PRIVATE, part->memfd, 0);
else if (part->is_zero)
p = mmap(NULL, psz, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
else
else if (part->is_zero)
p = mmap(NULL, psz, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
else