2015-01-09 11:20:35 +00:00
|
|
|
.\" Copyright (C) 2014 Michael Kerrisk <mtk.manpages@gmail.com>
|
|
|
|
.\" and Copyright (C) 2014 David Herrmann <dh.herrmann@gmail.com>
|
2015-01-08 05:40:33 +00:00
|
|
|
.\"
|
2015-01-19 06:50:11 +00:00
|
|
|
.\" %%%LICENSE_START(GPLv2+)
|
2015-01-22 22:36:33 +00:00
|
|
|
.\"
|
2015-01-08 05:40:33 +00:00
|
|
|
.\" This program is free software; you can redistribute it and/or modify
|
|
|
|
.\" it under the terms of the GNU General Public License as published by
|
|
|
|
.\" the Free Software Foundation; either version 2 of the License, or
|
|
|
|
.\" (at your option) any later version.
|
|
|
|
.\"
|
|
|
|
.\" This program is distributed in the hope that it will be useful,
|
|
|
|
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
.\" GNU General Public License for more details.
|
|
|
|
.\"
|
|
|
|
.\" You should have received a copy of the GNU General Public
|
|
|
|
.\" License along with this manual; if not, see
|
|
|
|
.\" <http://www.gnu.org/licenses/>.
|
|
|
|
.\" %%%LICENSE_END
|
|
|
|
.\"
|
memusage.1, memusagestat.1, pldd.1, accept.2, adjtimex.2, arch_prctl.2, bdflush.2, bpf.2, close.2, epoll_ctl.2, epoll_wait.2, execve.2, execveat.2, fanotify_init.2, fanotify_mark.2, fcntl.2, fsync.2, get_kernel_syms.2, getdomainname.2, getgroups.2, gethostname.2, getrandom.2, getrlimit.2, getrusage.2, getsid.2, getunwind.2, io_getevents.2, ioctl_fat.2, kexec_load.2, killpg.2, listxattr.2, lseek.2, madvise.2, memfd_create.2, mknod.2, mlock.2, modify_ldt.2, msgctl.2, msgget.2, msgop.2, readlink.2, readv.2, reboot.2, recvmmsg.2, rename.2, request_key.2, restart_syscall.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, seccomp.2, select_tut.2, semctl.2, semget.2, semop.2, set_thread_area.2, seteuid.2, setgid.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigprocmask.2, stat.2, symlink.2, syscall.2, sysctl.2, unlink.2, bindresvport.3, byteorder.3, dlopen.3, endian.3, error.3, ffs.3, fmemopen.3, getcwd.3, getlogin.3, getnetent.3, getprotoent.3, getservent.3, getumask.3, getutent.3, glob.3, isalpha.3, lio_listio.3, login.3, mbsinit.3, mbstowcs.3, mbtowc.3, mkstemp.3, nextup.3, ntp_gettime.3, posix_fallocate.3, posix_spawn.3, pthread_join.3, pthread_rwlockattr_setkind_np.3, random.3, rcmd.3, realpath.3, resolver.3, setjmp.3, setnetgrent.3, sigvec.3, strerror.3, strverscmp.3, system.3, toupper.3, towlower.3, towupper.3, wcstombs.3, wordexp.3, cciss.4, loop.4, mouse.4, random.4, core.5, group.5, hosts.5, resolv.conf.5, ascii.7, environ.7, epoll.7, glob.7, ip.7, mq_overview.7, packet.7, pipe.7, raw.7, sched.7, signal.7, socket.7, symlink.7, ld.so.8, sln.8: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-10-08 10:53:47 +00:00
|
|
|
.TH MEMFD_CREATE 2 2016-10-08 Linux "Linux Programmer's Manual"
|
2015-01-08 05:40:33 +00:00
|
|
|
.SH NAME
|
|
|
|
memfd_create \- create an anonymous file
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B #include <sys/memfd.h>
|
_exit.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, close.2, connect.2, create_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, exit_group.2, fanotify_mark.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpid.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, getxattr.2, idle.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, ioctl.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_getfsmap.2, ioctl_tty.2, ioperm.2, iopl.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, mount.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, pause.2, pciconfig_read.2, perf_event_open.2, perfmonctl.2, personality.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, remap_file_pages.2, removexattr.2, rename.2, request_key.2, rmdir.2, rt_sigqueueinfo.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, set_mempolicy.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, setup.2, setxattr.2, sgetmask.2, shmctl.2, shmget.2, shutdown.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, stat.2, statfs.2, stime.2, swapon.2, symlink.2, sync.2, sysctl.2, sysinfo.2, syslog.2, time.2, timer_create.2, timer_delete.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, uname.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vfork.2, vhangup.2, vm86.2, wait.2, wait4.2, write.2, CPU_SET.3, INFINITY.3, __ppc_get_timebase.3, __ppc_set_ppr_med.3, __ppc_yield.3, __setfpucw.3, a64l.3, abort.3, abs.3, acos.3, acosh.3, addseverity.3, adjtime.3, aio_cancel.3, aio_error.3, aio_fsync.3, aio_init.3, aio_read.3, aio_return.3, aio_suspend.3, aio_write.3, alloca.3, argz_add.3, asin.3, asinh.3, asprintf.3, assert.3, assert_perror.3, atan.3, atan2.3, atanh.3, atexit.3, atof.3, atoi.3, basename.3, bcmp.3, bcopy.3, bsd_signal.3, bsearch.3, bstring.3, btowc.3, byteorder.3, cabs.3, cacos.3, cacosh.3, canonicalize_file_name.3, carg.3, casin.3, casinh.3, catan.3, catanh.3, catopen.3, cbrt.3, ccos.3, ccosh.3, ceil.3, cexp.3, cexp2.3, cfree.3, cimag.3, clearenv.3, clock.3, clock_getcpuclockid.3, clog.3, clog10.3, clog2.3, closedir.3, cmsg.3, confstr.3, conj.3, copysign.3, cos.3, cosh.3, cpow.3, cproj.3, creal.3, crypt.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, ctermid.3, ctime.3, daemon.3, difftime.3, dirfd.3, div.3, dlerror.3, dlopen.3, dlsym.3, drand48.3, drand48_r.3, duplocale.3, dysize.3, ecvt.3, ecvt_r.3, encrypt.3, endian.3, erf.3, erfc.3, err.3, errno.3, ether_aton.3, euidaccess.3, exec.3, exit.3, exp.3, exp10.3, exp2.3, expm1.3, fabs.3, fclose.3, fcloseall.3, fdim.3, fenv.3, ferror.3, fexecve.3, fflush.3, ffs.3, fgetc.3, fgetgrent.3, fgetpwent.3, fgetwc.3, fgetws.3, finite.3, flockfile.3, floor.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmod.3, fmtmsg.3, fnmatch.3, fopen.3, fpathconf.3, fpclassify.3, fpurge.3, fputwc.3, fputws.3, fread.3, frexp.3, fseek.3, fseeko.3, ftime.3, ftok.3, fts.3, ftw.3, futimes.3, fwide.3, gamma.3, gcvt.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getauxval.3, getcontext.3, getcwd.3, getdate.3, getdirentries.3, getdtablesize.3, getentropy.3, getenv.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, gethostid.3, getifaddrs.3, getipnodebyname.3, getline.3, getloadavg.3, getlogin.3, getmntent.3, getnameinfo.3, getnetent.3, getnetent_r.3, getopt.3, getpass.3, getprotoent.3, getprotoent_r.3, getpt.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent_r.3, getrpcport.3, gets.3, getservent.3, getservent_r.3, getspnam.3, getsubopt.3, getttyent.3, getumask.3, getusershell.3, getutent.3, getw.3, getwchar.3, glob.3, grantpt.3, group_member.3, gsignal.3, hsearch.3, hypot.3, iconv.3, iconv_close.3, iconv_open.3, if_nameindex.3, if_nametoindex.3, ilogb.3, index.3, inet.3, inet_net_pton.3, inet_ntop.3, infnan.3, initgroups.3, insque.3, isalpha.3, isatty.3, isfdtype.3, isgreater.3, iswalnum.3, iswalpha.3, iswblank.3, iswcntrl.3, iswctype.3, iswdigit.3, iswgraph.3, iswlower.3, iswprint.3, iswpunct.3, iswspace.3, iswupper.3, iswxdigit.3, j0.3, key_setsecret.3, killpg.3, ldexp.3, lgamma.3, localeconv.3, lockf.3, log.3, log10.3, log1p.3, log2.3, logb.3, login.3, lrint.3, lround.3, lsearch.3, lseek64.3, makecontext.3, malloc.3, malloc_get_state.3, malloc_hook.3, malloc_info.3, matherr.3, mblen.3, mbrlen.3, mbrtowc.3, mbsinit.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memccpy.3, memchr.3, memcmp.3, memcpy.3, memfrob.3, memmem.3, memmove.3, mempcpy.3, memset.3, mkdtemp.3, mkfifo.3, mkstemp.3, mktemp.3, modf.3, mpool.3, mq_close.3, mq_getattr.3, mq_notify.3, mq_open.3, mq_receive.3, mq_send.3, mq_unlink.3, mtrace.3, nan.3, netlink.3, newlocale.3, nextafter.3, nl_langinfo.3, offsetof.3, on_exit.3, open_memstream.3, opendir.3, openpty.3, perror.3, popen.3, posix_fallocate.3, posix_madvise.3, posix_memalign.3, posix_openpt.3, pow.3, pow10.3, printf.3, profil.3, psignal.3, pthread_atfork.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_detach.3, pthread_equal.3, pthread_exit.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_join.3, pthread_kill.3, pthread_rwlockattr_setkind_np.3, pthread_self.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_setschedprio.3, pthread_sigmask.3, pthread_sigqueue.3, pthread_testcancel.3, pthread_tryjoin_np.3, pthread_yield.3, ptsname.3, putenv.3, putgrent.3, putpwent.3, puts.3, putwchar.3, qecvt.3, qsort.3, raise.3, rand.3, random.3, random_r.3, rcmd.3, re_comp.3, readdir.3, realpath.3, remainder.3, remove.3, remquo.3, resolver.3, rewinddir.3, rexec.3, rint.3, round.3, rpmatch.3, rtime.3, rtnetlink.3, scalb.3, scalbln.3, scandir.3, scanf.3, sched_getcpu.3, seekdir.3, sem_close.3, sem_destroy.3, sem_getvalue.3, sem_init.3, sem_open.3, sem_post.3, sem_unlink.3, sem_wait.3, setaliasent.3, setbuf.3, setenv.3, setlocale.3, setlogmask.3, setnetgrent.3, shm_open.3, siginterrupt.3, signbit.3, significand.3, sigpause.3, sigqueue.3, sigset.3, sigvec.3, sigwait.3, sin.3, sincos.3, sinh.3, sleep.3, sockatmark.3, sqrt.3, statvfs.3, stdarg.3, stdio.3, stdio_ext.3, stpcpy.3, stpncpy.3, strcasecmp.3, strcat.3, strchr.3, strcmp.3, strcoll.3, strcpy.3, strdup.3, strerror.3, strfmon.3, strfromd.3, strfry.3, strftime.3, strlen.3, strnlen.3, strpbrk.3, strptime.3, strsep.3, strsignal.3, strspn.3, strstr.3, strtod.3, strtoimax.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, swab.3, sysconf.3, syslog.3, system.3, sysv_signal.3, tan.3, tanh.3, tcgetpgrp.3, tcgetsid.3, telldir.3, tempnam.3, termios.3, tgamma.3, timegm.3, timeradd.3, tmpfile.3, tmpnam.3, toascii.3, toupper.3, towctrans.3, towlower.3, towupper.3, trunc.3, tsearch.3, ttyname.3, ttyslot.3, tzset.3, ualarm.3, ulimit.3, ungetwc.3, unlocked_stdio.3, unlockpt.3, updwtmp.3, uselocale.3, usleep.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscasecmp.3, wcscat.3, wcschr.3, wcscmp.3, wcscpy.3, wcscspn.3, wcsdup.3, wcslen.3, wcsncasecmp.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcspbrk.3, wcsrchr.3, wcsrtombs.3, wcsspn.3, wcsstr.3, wcstoimax.3, wcstok.3, wcstombs.3, wcswidth.3, wctob.3, wctomb.3, wctrans.3, wctype.3, wcwidth.3, wmemchr.3, wmemcmp.3, wmemcpy.3, wmemmove.3, wmemset.3, wordexp.3, wprintf.3, xcrypt.3, y0.3, dsp56k.4, random.4, rtc.4, st.4, ddp.7, ip.7, ipv6.7, packet.7, rtnetlink.7, socket.7, tcp.7, udp.7, udplite.7, x25.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-15 15:16:29 +00:00
|
|
|
.PP
|
2015-01-08 05:40:33 +00:00
|
|
|
.BI "int memfd_create(const char *" name ", unsigned int " flags ");"
|
_syscall.2, clock_getres.2, clone.2, copy_file_range.2, create_module.2, delete_module.2, fallocate.2, futex.2, get_kernel_syms.2, get_robust_list.2, getcpu.2, getdents.2, gettid.2, gettimeofday.2, getunwind.2, init_module.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_userfaultfd.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, link.2, llseek.2, memfd_create.2, mmap.2, mq_getsetattr.2, msgctl.2, msgget.2, open_by_handle_at.2, outb.2, perf_event_open.2, pivot_root.2, process_vm_readv.2, query_module.2, readdir.2, recvmmsg.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_setattr.2, seccomp.2, select.2, select_tut.2, send.2, sendmmsg.2, set_thread_area.2, set_tid_address.2, sgetmask.2, shmop.2, sigaction.2, sigprocmask.2, splice.2, spu_create.2, spu_run.2, statx.2, subpage_prot.2, sync_file_range.2, syscall.2, sysctl.2, sysfs.2, tee.2, timer_create.2, timer_delete.2, timer_getoverrun.2, timer_settime.2, tkill.2, uselib.2, utimensat.2, vmsplice.2, wait.2, aio_init.3, asinh.3, atan2.3, atanh.3, backtrace.3, basename.3, bswap.3, bzero.3, catgets.3, catopen.3, dladdr.3, dlsym.3, endian.3, envz_add.3, erf.3, erfc.3, error.3, ferror.3, ffs.3, fgetc.3, fmemopen.3, fopen.3, fopencookie.3, fseek.3, ftw.3, futimes.3, getdate.3, getenv.3, getline.3, getlogin.3, getrpcent.3, getsubopt.3, getutmp.3, getw.3, gnu_get_libc_version.3, inet_net_pton.3, isalpha.3, lio_listio.3, makedev.3, malloc_get_state.3, malloc_stats.3, malloc_trim.3, malloc_usable_size.3, matherr.3, memchr.3, nextup.3, ntp_gettime.3, posix_madvise.3, program_invocation_name.3, pthread_atfork.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cleanup_push_defer_np.3, pthread_detach.3, pthread_equal.3, pthread_exit.3, pthread_join.3, pthread_kill.3, pthread_kill_other_threads_np.3, pthread_rwlockattr_setkind_np.3, pthread_self.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setschedprio.3, pthread_testcancel.3, pthread_tryjoin_np.3, pthread_yield.3, puts.3, random.3, random_r.3, rpc.3, sched_getcpu.3, setnetgrent.3, sigwait.3, stdin.3, strerror.3, strfmon.3, timeradd.3, tmpnam.3, toupper.3, towlower.3, towupper.3, ttyname.3, uselocale.3, xdr.3, dsp56k.4, sigevent.7, vdso.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-15 17:26:11 +00:00
|
|
|
.PP
|
2016-05-03 10:39:58 +00:00
|
|
|
.IR Note :
|
|
|
|
There is no glibc wrapper for this system call; see NOTES.
|
2015-01-08 05:40:33 +00:00
|
|
|
.SH DESCRIPTION
|
|
|
|
.BR memfd_create ()
|
2015-01-08 11:24:37 +00:00
|
|
|
creates an anonymous file and returns a file descriptor that refers to it.
|
|
|
|
The file behaves like a regular file, and so can be modified,
|
2015-01-09 09:36:16 +00:00
|
|
|
truncated, memory-mapped, and so on.
|
2015-01-08 11:24:37 +00:00
|
|
|
However, unlike a regular file,
|
|
|
|
it lives in RAM and has a volatile backing storage.
|
2015-01-08 05:47:42 +00:00
|
|
|
Once all references to the file are dropped, it is automatically released.
|
|
|
|
Anonymous memory is used for all backing pages of the file.
|
2015-01-08 11:24:37 +00:00
|
|
|
Therefore, files created by
|
|
|
|
.BR memfd_create ()
|
2015-01-19 06:50:11 +00:00
|
|
|
have the same semantics as other anonymous
|
|
|
|
.\" David Herrmann:
|
|
|
|
.\" memfd uses VM_NORESERVE so each page is accounted on first access.
|
|
|
|
.\" This means, the overcommit-limits (see __vm_enough_memory()) and the
|
|
|
|
.\" memory-cgroup limits (mem_cgroup_try_charge()) are applied. Note that
|
|
|
|
.\" those are accounted on "current" and "current->mm", that is, the
|
|
|
|
.\" process doing the first page access.
|
2015-01-08 11:24:37 +00:00
|
|
|
memory allocations such as those allocated using
|
2015-01-08 05:40:33 +00:00
|
|
|
.BR mmap (2)
|
2015-01-08 11:24:37 +00:00
|
|
|
with the
|
|
|
|
.BR MAP_ANONYMOUS
|
|
|
|
flag.
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-08 05:40:33 +00:00
|
|
|
The initial size of the file is set to 0.
|
2015-01-08 11:24:37 +00:00
|
|
|
Following the call, the file size should be set using
|
|
|
|
.BR ftruncate (2).
|
2015-01-19 06:50:11 +00:00
|
|
|
(Alternatively, the file may be populated by calls to
|
|
|
|
.BR write (2)
|
|
|
|
or similar.)
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-08 11:24:37 +00:00
|
|
|
The name supplied in
|
2015-01-08 05:40:33 +00:00
|
|
|
.I name
|
2015-01-19 06:50:11 +00:00
|
|
|
is used as a filename and will be displayed
|
2015-01-08 11:24:37 +00:00
|
|
|
as the target of the corresponding symbolic link in the directory
|
2015-01-08 05:40:33 +00:00
|
|
|
.IR /proc/self/fd/ .
|
2015-01-08 11:24:37 +00:00
|
|
|
The displayed name is always prefixed with
|
|
|
|
.IR memfd:
|
|
|
|
and serves only for debugging purposes.
|
2015-01-19 06:50:11 +00:00
|
|
|
Names do not affect the behavior of the file descriptor,
|
2015-01-08 05:47:42 +00:00
|
|
|
and as such multiple files can have the same name without any side effects.
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-08 05:40:33 +00:00
|
|
|
The following values may be bitwise ORed in
|
|
|
|
.IR flags
|
2015-02-23 18:54:15 +00:00
|
|
|
to change the behavior of
|
2015-01-08 05:40:33 +00:00
|
|
|
.BR memfd_create ():
|
|
|
|
.TP
|
|
|
|
.BR MFD_CLOEXEC
|
|
|
|
Set the close-on-exec
|
|
|
|
.RB ( FD_CLOEXEC )
|
|
|
|
flag on the new file descriptor.
|
|
|
|
See the description of the
|
|
|
|
.B O_CLOEXEC
|
|
|
|
flag in
|
|
|
|
.BR open (2)
|
2015-01-08 05:47:42 +00:00
|
|
|
for reasons why this may be useful.
|
2015-01-08 05:40:33 +00:00
|
|
|
.TP
|
|
|
|
.BR MFD_ALLOW_SEALING
|
2015-01-09 10:07:01 +00:00
|
|
|
Allow sealing operations on this file.
|
2015-01-09 12:00:24 +00:00
|
|
|
See the discussion of the
|
2015-01-08 05:40:33 +00:00
|
|
|
.B F_ADD_SEALS
|
|
|
|
and
|
2015-01-09 12:00:24 +00:00
|
|
|
.BR F_GET_SEALS
|
|
|
|
operations in
|
|
|
|
.BR fcntl (2),
|
2015-01-09 10:07:01 +00:00
|
|
|
and also NOTES, below.
|
2015-01-08 05:47:42 +00:00
|
|
|
The initial set of seals is empty.
|
|
|
|
If this flag is not set, the initial set of seals will be
|
2015-01-08 11:24:37 +00:00
|
|
|
.BR F_SEAL_SEAL ,
|
|
|
|
meaning that no other seals can be set on the file.
|
|
|
|
.\" FIXME Why is the MFD_ALLOW_SEALING behavior not simply the default?
|
2016-10-29 10:59:01 +00:00
|
|
|
.\" Is it worth adding some text explaining this?
|
2015-01-08 05:40:33 +00:00
|
|
|
.PP
|
2015-01-08 11:24:37 +00:00
|
|
|
Unused bits in
|
|
|
|
.I flags
|
|
|
|
must be 0.
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-08 05:40:33 +00:00
|
|
|
As its return value,
|
|
|
|
.BR memfd_create ()
|
|
|
|
returns a new file descriptor that can be used to refer to the file.
|
2015-01-08 11:24:37 +00:00
|
|
|
This file descriptor is opened for both reading and writing
|
|
|
|
.RB ( O_RDWR )
|
|
|
|
and
|
|
|
|
.B O_LARGEFILE
|
2016-01-01 10:45:50 +00:00
|
|
|
is set for the file descriptor.
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-08 11:24:37 +00:00
|
|
|
With respect to
|
|
|
|
.BR fork (2)
|
|
|
|
and
|
|
|
|
.BR execve (2),
|
|
|
|
the usual semantics apply for the file descriptor created by
|
|
|
|
.BR memfd_create ().
|
|
|
|
A copy of the file descriptor is inherited by the child produced by
|
|
|
|
.BR fork (2)
|
|
|
|
and refers to the same file.
|
|
|
|
The file descriptor is preserved across
|
2015-01-08 05:40:33 +00:00
|
|
|
.BR execve (2),
|
|
|
|
unless the close-on-exec flag has been set.
|
|
|
|
.SH RETURN VALUE
|
|
|
|
On success,
|
|
|
|
.BR memfd_create ()
|
|
|
|
returns a new file descriptor.
|
|
|
|
On error, \-1 is returned and
|
|
|
|
.I errno
|
|
|
|
is set to indicate the error.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
2015-01-08 11:24:37 +00:00
|
|
|
.B EFAULT
|
|
|
|
The address in
|
|
|
|
.IR name
|
|
|
|
points to invalid memory.
|
|
|
|
.TP
|
2015-01-08 05:40:33 +00:00
|
|
|
.B EINVAL
|
2015-01-08 11:26:30 +00:00
|
|
|
An unsupported value was specified in one of the arguments:
|
|
|
|
.I flags
|
|
|
|
included unknown bits, or
|
|
|
|
.I name
|
|
|
|
was too long.
|
2015-01-08 05:40:33 +00:00
|
|
|
.TP
|
|
|
|
.B EMFILE
|
accept.2, dup.2, eventfd.2, execve.2, fcntl.2, memfd_create.2, open.2, perf_event_open.2, pipe.2, signalfd.2, socket.2, socketpair.2, spu_create.2, timerfd_create.2, getgrent.3, getgrnam.3, getlogin.3, getpwent.3, getpwnam.3, mq_open.3, opendir.3, sem_open.3, shm_open.3, tmpfile.3: ERRORS: standardize text for EMFILE error
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-12-27 15:35:01 +00:00
|
|
|
The per-process limit on the number of open file descriptors has been reached.
|
2015-01-08 05:40:33 +00:00
|
|
|
.TP
|
|
|
|
.B ENFILE
|
2015-01-08 05:47:42 +00:00
|
|
|
The system-wide limit on the total number of open files has been reached.
|
2015-01-08 05:40:33 +00:00
|
|
|
.TP
|
|
|
|
.B ENOMEM
|
|
|
|
There was insufficient memory to create a new anonymous file.
|
|
|
|
.SH VERSIONS
|
2015-01-08 11:24:37 +00:00
|
|
|
The
|
|
|
|
.BR memfd_create ()
|
|
|
|
system call first appeared in Linux 3.17.
|
2015-01-08 05:40:33 +00:00
|
|
|
.SH CONFORMING TO
|
2015-01-08 11:24:37 +00:00
|
|
|
The
|
2015-01-08 05:40:33 +00:00
|
|
|
.BR memfd_create ()
|
2015-01-08 11:24:37 +00:00
|
|
|
system call is Linux-specific.
|
2015-01-08 13:10:21 +00:00
|
|
|
.SH NOTES
|
2016-05-03 10:39:58 +00:00
|
|
|
Glibc does not provide a wrapper for this system call; call it using
|
|
|
|
.BR syscall (2).
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-08 13:10:21 +00:00
|
|
|
.\" See also http://lwn.net/Articles/593918/
|
|
|
|
.\" and http://lwn.net/Articles/594919/ and http://lwn.net/Articles/591108/
|
|
|
|
The
|
|
|
|
.BR memfd_create ()
|
|
|
|
system call provides a simple alternative to manually mounting a
|
fallocate.2, fcntl.2, lseek.2, madvise.2, memfd_create.2, mmap.2, remap_file_pages.2, swapon.2, proc.5, cgroups.7, shm_overview.7, user_namespaces.7: Fix cross references to new tmpfs(5) page
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-07 14:50:02 +00:00
|
|
|
.BR tmpfs (5)
|
2015-01-08 13:10:21 +00:00
|
|
|
filesystem and creating and opening a file in that filesystem.
|
|
|
|
The primary purpose of
|
|
|
|
.BR memfd_create ()
|
|
|
|
is to create files and associated file descriptors that are
|
|
|
|
used with the file-sealing APIs provided by
|
|
|
|
.BR fcntl (2).
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-19 06:50:11 +00:00
|
|
|
The
|
|
|
|
.BR memfd_create ()
|
|
|
|
system call also has uses without file sealing
|
|
|
|
(which is why file-sealing is disabled, unless explicitly requested with the
|
|
|
|
.BR MFD_ALLOW_SEALING
|
|
|
|
flag).
|
|
|
|
In particular, it can be used as an alternative to creating files in
|
|
|
|
.IR tmp
|
|
|
|
or as an alternative to using the
|
|
|
|
.BR open (2)
|
|
|
|
.B O_TMPFILE
|
|
|
|
in cases where there is no intention to actually link the
|
|
|
|
resulting file into the filesystem.
|
2015-01-08 13:10:21 +00:00
|
|
|
.SS File sealing
|
|
|
|
In the absence of file sealing,
|
|
|
|
processes that communicate via shared memory must either trust each other,
|
|
|
|
or take measures to deal with the possibility that an untrusted peer
|
2015-01-09 11:54:14 +00:00
|
|
|
may manipulate the shared memory region in problematic ways.
|
2015-01-08 13:10:21 +00:00
|
|
|
For example, an untrusted peer might modify the contents of the
|
|
|
|
shared memory at any time, or shrink the shared memory region.
|
|
|
|
The former possibility leaves the local process vulnerable to
|
|
|
|
time-of-check-to-time-of-use race conditions
|
|
|
|
(typically dealt with by copying data from
|
|
|
|
the shared memory region before checking and using it).
|
|
|
|
The latter possibility leaves the local process vulnerable to
|
|
|
|
.BR SIGBUS
|
|
|
|
signals when an attempt is made to access a now-nonexistent
|
|
|
|
location in the shared memory region.
|
|
|
|
(Dealing with this possibility necessitates the use of a handler for the
|
|
|
|
.BR SIGBUS
|
|
|
|
signal.)
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-08 13:10:21 +00:00
|
|
|
Dealing with untrusted peers imposes extra complexity on
|
|
|
|
code that employs shared memory.
|
|
|
|
Memory sealing enables that extra complexity to be eliminated,
|
|
|
|
by allowing a process to operate secure in the knowledge that
|
|
|
|
its peer can't modify the shared memory in an undesired fashion.
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-08 13:10:21 +00:00
|
|
|
An example of the usage of the sealing mechanism is as follows:
|
|
|
|
.IP 1. 3
|
|
|
|
The first process creates a
|
fallocate.2, fcntl.2, lseek.2, madvise.2, memfd_create.2, mmap.2, remap_file_pages.2, swapon.2, proc.5, cgroups.7, shm_overview.7, user_namespaces.7: Fix cross references to new tmpfs(5) page
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-07 14:50:02 +00:00
|
|
|
.BR tmpfs (5)
|
2015-01-22 22:36:33 +00:00
|
|
|
file using
|
2015-01-08 13:10:21 +00:00
|
|
|
.BR memfd_create ().
|
|
|
|
The call yields a file descriptor used in subsequent steps.
|
|
|
|
.IP 2.
|
|
|
|
The first process
|
|
|
|
sizes the file created in the previous step using
|
|
|
|
.BR ftruncate (2),
|
|
|
|
maps it using
|
|
|
|
.BR mmap (2),
|
|
|
|
and populates the shared memory with the desired data.
|
|
|
|
.IP 3.
|
|
|
|
The first process uses the
|
|
|
|
.BR fcntl (2)
|
|
|
|
.B F_ADD_SEALS
|
|
|
|
operation to place one or more seals on the file,
|
|
|
|
in order to restrict further modifications on the file.
|
|
|
|
(If placing the seal
|
|
|
|
.BR F_SEAL_WRITE ,
|
|
|
|
then it will be necessary to first unmap the shared writable mapping
|
|
|
|
created in the previous step.)
|
|
|
|
.IP 4.
|
|
|
|
A second process obtains a file descriptor for the
|
fallocate.2, fcntl.2, lseek.2, madvise.2, memfd_create.2, mmap.2, remap_file_pages.2, swapon.2, proc.5, cgroups.7, shm_overview.7, user_namespaces.7: Fix cross references to new tmpfs(5) page
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-07 14:50:02 +00:00
|
|
|
.BR tmpfs (5)
|
2015-01-08 13:10:21 +00:00
|
|
|
file and maps it.
|
2015-01-19 06:50:11 +00:00
|
|
|
Among the possible ways in which this could happen are the following:
|
2015-01-08 13:10:21 +00:00
|
|
|
.RS
|
|
|
|
.IP * 3
|
2015-01-19 06:50:11 +00:00
|
|
|
The process that called
|
|
|
|
.BR memfd_create ()
|
|
|
|
could transfer the resulting file descriptor to the second process
|
|
|
|
via a UNIX domain socket (see
|
|
|
|
.BR unix (7)
|
|
|
|
and
|
|
|
|
.BR cmsg (3)).
|
|
|
|
The second process then maps the file using
|
|
|
|
.BR mmap (2).
|
|
|
|
.IP *
|
2015-01-08 13:10:21 +00:00
|
|
|
The second process is created via
|
|
|
|
.BR fork (2)
|
|
|
|
and thus automatically inherits the file descriptor and mapping.
|
2015-01-19 06:50:11 +00:00
|
|
|
(Note that in this case and the next,
|
|
|
|
there is a natural trust relationship between the two processes,
|
|
|
|
since they are running under the same user ID.
|
|
|
|
Therefore, file sealing would not normally be necessary.)
|
2015-01-08 13:10:21 +00:00
|
|
|
.IP *
|
2015-01-22 22:36:33 +00:00
|
|
|
The second process opens the file
|
2016-05-15 21:00:22 +00:00
|
|
|
.IR /proc/<pid>/fd/<fd> ,
|
2015-01-08 13:10:21 +00:00
|
|
|
where
|
|
|
|
.I <pid>
|
|
|
|
is the PID of the first process (the one that called
|
|
|
|
.BR memfd_create ()),
|
|
|
|
and
|
|
|
|
.I <fd>
|
|
|
|
is the number of the file descriptor returned by the call to
|
|
|
|
.BR memfd_create ()
|
|
|
|
in that process.
|
|
|
|
The second process then maps the file using
|
|
|
|
.BR mmap (2).
|
|
|
|
.RE
|
|
|
|
.IP 5.
|
|
|
|
The second process uses the
|
|
|
|
.BR fcntl (2)
|
|
|
|
.B F_GET_SEALS
|
2015-01-09 10:46:49 +00:00
|
|
|
operation to retrieve the bit mask of seals
|
|
|
|
that has been applied to the file.
|
|
|
|
This bit mask can be inspected in order to determine
|
|
|
|
what kinds of restrictions have been placed on file modifications.
|
2015-01-08 13:10:21 +00:00
|
|
|
If desired, the second process can apply further seals
|
|
|
|
to impose additional restrictions (so long as the
|
|
|
|
.BR F_SEAL_SEAL
|
|
|
|
seal has not yet been applied).
|
2015-01-09 11:20:35 +00:00
|
|
|
.SH EXAMPLE
|
|
|
|
Below are shown two example programs that demonstrate the use of
|
|
|
|
.BR memfd_create ()
|
|
|
|
and the file sealing API.
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-09 11:20:35 +00:00
|
|
|
The first program,
|
|
|
|
.IR t_memfd_create.c ,
|
|
|
|
creates a
|
fallocate.2, fcntl.2, lseek.2, madvise.2, memfd_create.2, mmap.2, remap_file_pages.2, swapon.2, proc.5, cgroups.7, shm_overview.7, user_namespaces.7: Fix cross references to new tmpfs(5) page
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-07 14:50:02 +00:00
|
|
|
.BR tmpfs (5)
|
2015-01-09 11:20:35 +00:00
|
|
|
file using
|
|
|
|
.BR memfd_create (),
|
|
|
|
sets a size for the file, maps it into memory,
|
|
|
|
and optionally places some seals on the file.
|
|
|
|
The program accepts up to three command-line arguments,
|
|
|
|
of which the first two are required.
|
|
|
|
The first argument is the name to associate with the file,
|
|
|
|
the second argument is the size to be set for the file,
|
2016-05-03 06:42:11 +00:00
|
|
|
and the optional third argument is a string of characters that specify
|
2015-01-09 11:20:35 +00:00
|
|
|
seals to be set on file.
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-09 11:20:35 +00:00
|
|
|
The second program,
|
|
|
|
.IR t_get_seals.c ,
|
|
|
|
can be used to open an existing file that was created via
|
|
|
|
.BR memfd_create ()
|
|
|
|
and inspect the set of seals that have been applied to that file.
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-09 11:20:35 +00:00
|
|
|
The following shell session demonstrates the use of these programs.
|
|
|
|
First we create a
|
fallocate.2, fcntl.2, lseek.2, madvise.2, memfd_create.2, mmap.2, remap_file_pages.2, swapon.2, proc.5, cgroups.7, shm_overview.7, user_namespaces.7: Fix cross references to new tmpfs(5) page
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-07 14:50:02 +00:00
|
|
|
.BR tmpfs (5)
|
2015-01-09 11:20:35 +00:00
|
|
|
file and set some seals on it:
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-09 11:20:35 +00:00
|
|
|
.in +4n
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EX
|
2015-01-09 11:20:35 +00:00
|
|
|
$ \fB./t_memfd_create my_memfd_file 4096 sw &\fP
|
|
|
|
[1] 11775
|
|
|
|
PID: 11775; fd: 3; /proc/11775/fd/3
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EE
|
2015-01-09 11:20:35 +00:00
|
|
|
.in
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-09 11:20:35 +00:00
|
|
|
At this point, the
|
|
|
|
.I t_memfd_create
|
|
|
|
program continues to run in the background.
|
|
|
|
From another program, we can obtain a file descriptor for the
|
2015-01-19 06:50:11 +00:00
|
|
|
file created by
|
|
|
|
.BR memfd_create ()
|
|
|
|
by opening the
|
getrusage.2, madvise.2, memfd_create.2, mlock.2, mount.2, getauxval.3, core.5, capabilities.7, pid_namespaces.7, symlink.7, user_namespaces.7: Consistently use /proc/[pid] (not /proc/PID)
Reported-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-10-07 20:42:07 +00:00
|
|
|
.IR /proc/[pid]/fd
|
2016-01-01 10:45:50 +00:00
|
|
|
file that corresponds to the file descriptor opened by
|
2015-01-09 11:20:35 +00:00
|
|
|
.BR memfd_create ().
|
|
|
|
Using that pathname, we inspect the content of the
|
getrusage.2, madvise.2, memfd_create.2, mlock.2, mount.2, getauxval.3, core.5, capabilities.7, pid_namespaces.7, symlink.7, user_namespaces.7: Consistently use /proc/[pid] (not /proc/PID)
Reported-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-10-07 20:42:07 +00:00
|
|
|
.IR /proc/[pid]/fd
|
2015-01-09 11:20:35 +00:00
|
|
|
symbolic link, and use our
|
|
|
|
.I t_get_seals
|
|
|
|
program to view the seals that have been placed on the file:
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2015-01-09 11:20:35 +00:00
|
|
|
.in +4n
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EX
|
2015-01-09 11:20:35 +00:00
|
|
|
$ \fBreadlink /proc/11775/fd/3\fP
|
|
|
|
/memfd:my_memfd_file (deleted)
|
|
|
|
$ \fB./t_get_seals /proc/11775/fd/3\fP
|
|
|
|
Existing seals: WRITE SHRINK
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EE
|
2015-01-09 11:20:35 +00:00
|
|
|
.in
|
|
|
|
.SS Program source: t_memfd_create.c
|
|
|
|
\&
|
intro.1, locale.1, ioctl_list.2, listxattr.2, memfd_create.2, nfsservctl.2, open_by_handle_at.2, perf_event_open.2, poll.2, process_vm_readv.2, ptrace.2, select.2, select_tut.2, semop.2, sendmmsg.2, shmget.2, sigaction.2, spu_run.2, umask.2, wait4.2, nan.3, setlocale.3, feature_test_macros.7, glob.7, posixoptions.7, rtld-audit.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-19 10:56:40 +00:00
|
|
|
.EX
|
2015-01-09 11:20:35 +00:00
|
|
|
#include <sys/memfd.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
int
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
int fd;
|
|
|
|
unsigned int seals;
|
|
|
|
char *addr;
|
|
|
|
char *name, *seals_arg;
|
|
|
|
ssize_t len;
|
|
|
|
|
|
|
|
if (argc < 3) {
|
|
|
|
fprintf(stderr, "%s name size [seals]\\n", argv[0]);
|
|
|
|
fprintf(stderr, "\\t\(aqseals\(aq can contain any of the "
|
|
|
|
"following characters:\\n");
|
|
|
|
fprintf(stderr, "\\t\\tg \- F_SEAL_GROW\\n");
|
|
|
|
fprintf(stderr, "\\t\\ts \- F_SEAL_SHRINK\\n");
|
|
|
|
fprintf(stderr, "\\t\\tw \- F_SEAL_WRITE\\n");
|
|
|
|
fprintf(stderr, "\\t\\tS \- F_SEAL_SEAL\\n");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
name = argv[1];
|
|
|
|
len = atoi(argv[2]);
|
|
|
|
seals_arg = argv[3];
|
|
|
|
|
|
|
|
/* Create an anonymous file in tmpfs; allow seals to be
|
|
|
|
placed on the file */
|
|
|
|
|
|
|
|
fd = memfd_create(name, MFD_ALLOW_SEALING);
|
|
|
|
if (fd == \-1)
|
|
|
|
errExit("memfd_create");
|
|
|
|
|
|
|
|
/* Size the file as specified on the command line */
|
|
|
|
|
|
|
|
if (ftruncate(fd, len) == \-1)
|
|
|
|
errExit("truncate");
|
|
|
|
|
|
|
|
printf("PID: %ld; fd: %d; /proc/%ld/fd/%d\\n",
|
|
|
|
(long) getpid(), fd, (long) getpid(), fd);
|
|
|
|
|
|
|
|
/* Code to map the file and populate the mapping with data
|
|
|
|
omitted */
|
|
|
|
|
|
|
|
/* If a \(aqseals\(aq command\-line argument was supplied, set some
|
|
|
|
seals on the file */
|
|
|
|
|
|
|
|
if (seals_arg != NULL) {
|
|
|
|
seals = 0;
|
|
|
|
|
|
|
|
if (strchr(seals_arg, \(aqg\(aq) != NULL)
|
|
|
|
seals |= F_SEAL_GROW;
|
|
|
|
if (strchr(seals_arg, \(aqs\(aq) != NULL)
|
|
|
|
seals |= F_SEAL_SHRINK;
|
|
|
|
if (strchr(seals_arg, \(aqw\(aq) != NULL)
|
|
|
|
seals |= F_SEAL_WRITE;
|
|
|
|
if (strchr(seals_arg, \(aqS\(aq) != NULL)
|
|
|
|
seals |= F_SEAL_SEAL;
|
|
|
|
|
|
|
|
if (fcntl(fd, F_ADD_SEALS, seals) == \-1)
|
|
|
|
errExit("fcntl");
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Keep running, so that the file created by memfd_create()
|
|
|
|
continues to exist */
|
|
|
|
|
|
|
|
pause();
|
|
|
|
|
|
|
|
exit(EXIT_SUCCESS);
|
|
|
|
}
|
intro.1, locale.1, ioctl_list.2, listxattr.2, memfd_create.2, nfsservctl.2, open_by_handle_at.2, perf_event_open.2, poll.2, process_vm_readv.2, ptrace.2, select.2, select_tut.2, semop.2, sendmmsg.2, shmget.2, sigaction.2, spu_run.2, umask.2, wait4.2, nan.3, setlocale.3, feature_test_macros.7, glob.7, posixoptions.7, rtld-audit.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-19 10:56:40 +00:00
|
|
|
.EE
|
2015-01-09 11:20:35 +00:00
|
|
|
.SS Program source: t_get_seals.c
|
|
|
|
\&
|
intro.1, locale.1, ioctl_list.2, listxattr.2, memfd_create.2, nfsservctl.2, open_by_handle_at.2, perf_event_open.2, poll.2, process_vm_readv.2, ptrace.2, select.2, select_tut.2, semop.2, sendmmsg.2, shmget.2, sigaction.2, spu_run.2, umask.2, wait4.2, nan.3, setlocale.3, feature_test_macros.7, glob.7, posixoptions.7, rtld-audit.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-19 10:56:40 +00:00
|
|
|
.EX
|
2015-01-09 11:20:35 +00:00
|
|
|
#include <sys/memfd.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
int
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
int fd;
|
|
|
|
unsigned int seals;
|
|
|
|
|
|
|
|
if (argc != 2) {
|
|
|
|
fprintf(stderr, "%s /proc/PID/fd/FD\\n", argv[0]);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
fd = open(argv[1], O_RDWR);
|
|
|
|
if (fd == \-1)
|
|
|
|
errExit("open");
|
|
|
|
|
|
|
|
seals = fcntl(fd, F_GET_SEALS);
|
|
|
|
if (seals == \-1)
|
|
|
|
errExit("fcntl");
|
|
|
|
|
|
|
|
printf("Existing seals:");
|
|
|
|
if (seals & F_SEAL_SEAL)
|
|
|
|
printf(" SEAL");
|
|
|
|
if (seals & F_SEAL_GROW)
|
|
|
|
printf(" GROW");
|
|
|
|
if (seals & F_SEAL_WRITE)
|
|
|
|
printf(" WRITE");
|
|
|
|
if (seals & F_SEAL_SHRINK)
|
|
|
|
printf(" SHRINK");
|
|
|
|
printf("\\n");
|
|
|
|
|
|
|
|
/* Code to map the file and access the contents of the
|
|
|
|
resulting mapping omitted */
|
|
|
|
|
|
|
|
exit(EXIT_SUCCESS);
|
|
|
|
}
|
intro.1, locale.1, ioctl_list.2, listxattr.2, memfd_create.2, nfsservctl.2, open_by_handle_at.2, perf_event_open.2, poll.2, process_vm_readv.2, ptrace.2, select.2, select_tut.2, semop.2, sendmmsg.2, shmget.2, sigaction.2, spu_run.2, umask.2, wait4.2, nan.3, setlocale.3, feature_test_macros.7, glob.7, posixoptions.7, rtld-audit.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-19 10:56:40 +00:00
|
|
|
.EE
|
2015-01-08 05:40:33 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR fcntl (2),
|
2015-01-09 10:07:01 +00:00
|
|
|
.BR ftruncate (2),
|
|
|
|
.BR mmap (2),
|
2015-01-19 06:50:11 +00:00
|
|
|
.BR shmget (2),
|
|
|
|
.BR shm_open (3)
|