#include "sd-journal.h"
#include "util.h"
#include "socket-util.h"
+#include "memfd.h"
#define SNDBUF_SIZE (8*1024*1024)
* here, since we want this to be a tmpfs, and one that is
* available from early boot on and where unprivileged users
* can create files. */
- buffer_fd = memfd_create("journal-message", MFD_ALLOW_SEALING | MFD_CLOEXEC);
+ buffer_fd = memfd_new(NULL);
if (buffer_fd < 0) {
- if (errno == ENOSYS) {
+ if (buffer_fd == -ENOSYS) {
buffer_fd = open_tmpfile("/dev/shm", O_RDWR | O_CLOEXEC);
if (buffer_fd < 0)
return buffer_fd;
seal = false;
} else
- return -errno;
+ return buffer_fd;
}
n = writev(buffer_fd, w, j);
return -errno;
if (seal) {
- r = fcntl(buffer_fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
+ r = memfd_set_sealed(buffer_fd);
if (r < 0)
- return -errno;
+ return r;
}
mh.msg_iov = NULL;
#include "journald-console.h"
#include "journald-syslog.h"
#include "journald-wall.h"
+#include "memfd.h"
bool valid_user_field(const char *p, size_t l, bool allow_protected) {
const char *a;
/* If it's a memfd, check if it is sealed. If so, we can just
* use map it and use it, and do not need to copy the data
* out. */
- r = fcntl(fd, F_GET_SEALS);
- sealed = r >= 0 &&
- (r & (F_SEAL_SHRINK|F_SEAL_GROW|F_SEAL_WRITE|F_SEAL_SEAL)) == (F_SEAL_SHRINK|F_SEAL_GROW|F_SEAL_WRITE|F_SEAL_SEAL);
+ sealed = memfd_get_sealed(fd) > 0;
if (!sealed && (!ucred || ucred->uid != 0)) {
_cleanup_free_ char *sl = NULL, *k = NULL;
assert_se(pthread_mutex_lock(&bus->memfd_cache_mutex) >= 0);
if (bus->n_memfd_cache <= 0) {
- _cleanup_free_ char *g = NULL;
int r;
assert_se(pthread_mutex_unlock(&bus->memfd_cache_mutex) >= 0);
- assert(bus->connection_name);
-
- g = bus_label_escape(bus->connection_name);
- if (!g)
- return -ENOMEM;
-
- r = memfd_create(g, MFD_ALLOW_SEALING|MFD_CLOEXEC);
+ r = memfd_new(bus->connection_name);
if (r < 0)
- return -errno;
+ return r;
*address = NULL;
*mapped = 0;
/* If overly long, let's return a bit to the OS */
if (mapped > max_mapped) {
- assert_se(ftruncate(fd, max_mapped) >= 0);
+ assert_se(memfd_set_size(fd, max_mapped) >= 0);
assert_se(munmap((uint8_t*) address + max_mapped, PAGE_ALIGN(mapped - max_mapped)) >= 0);
c->mapped = c->allocated = max_mapped;
} else {
uint64_t new_allocated;
new_allocated = PAGE_ALIGN(sz > 0 ? 2 * sz : 1);
- r = ftruncate(part->memfd, new_allocated);
+ r = memfd_set_size(part->memfd, new_allocated);
if (r < 0) {
m->poisoned = true;
- return -errno;
+ return r;
}
part->allocated = new_allocated;
/* Then, sync up real memfd size */
sz = part->size;
- if (ftruncate(part->memfd, sz) < 0)
- return -errno;
+ r = memfd_set_size(part->memfd, sz);
+ if (r < 0)
+ return r;
/* Finally, try to seal */
- if (fcntl(part->memfd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) >= 0)
+ if (memfd_set_sealed(part->memfd) >= 0)
part->sealed = true;
}
}
~ianmdlvl / elogind.git / commitdiff