From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 4 Nov 2014 17:52:31 +0000 (+0100)
Subject: util: when sealing memfds, also use F_SEAL_SEAL
X-Git-Tag: v218~561
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=db74cc0d4748f08d2c7c2e9cf82dce9ffce9c36b;hp=936c200f6cc62f62f347b0e3cbfbf2355a44a17c

util: when sealing memfds, also use F_SEAL_SEAL

Let's be strict here, since its better to be safe than sorry.
---

diff --git a/src/shared/memfd-util.c b/src/shared/memfd-util.c
index 21ecf4b32..6624c5e7d 100644
--- a/src/shared/memfd-util.c
+++ b/src/shared/memfd-util.c
@@ -101,7 +101,7 @@ int memfd_set_sealed(int fd) {
 
         assert(fd >= 0);
 
-        r = fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
+        r = fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
         if (r < 0)
                 return -errno;
 
@@ -117,8 +117,7 @@ int memfd_get_sealed(int fd) {
         if (r < 0)
                 return -errno;
 
-        return (r & (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)) ==
-                    (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE);
+        return r == (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL);
 }
 
 int memfd_get_size(int fd, uint64_t *sz) {