742 lines
23 KiB
HTML
742 lines
23 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of MEMFD_CREATE</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>MEMFD_CREATE</H1>
|
|
Section: Linux Programmer's Manual (2)<BR>Updated: 2020-02-09<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
memfd_create - create an anonymous file
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<PRE>
|
|
<B>#define _GNU_SOURCE</B> /* See <A HREF="/cgi-bin/man/man2html?7+feature_test_macros">feature_test_macros</A>(7) */
|
|
<B>#include <<A HREF="file:///usr/include/sys/mman.h">sys/mman.h</A>></B>
|
|
|
|
<B>int memfd_create(const char *</B><I>name</I><B>, unsigned int </B><I>flags</I><B>);</B>
|
|
</PRE><A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
<B>memfd_create</B>()
|
|
|
|
creates an anonymous file and returns a file descriptor that refers to it.
|
|
The file behaves like a regular file, and so can be modified,
|
|
truncated, memory-mapped, and so on.
|
|
However, unlike a regular file,
|
|
it lives in RAM and has a volatile backing storage.
|
|
Once all references to the file are dropped, it is automatically released.
|
|
Anonymous memory is used for all backing pages of the file.
|
|
Therefore, files created by
|
|
<B>memfd_create</B>()
|
|
|
|
have the same semantics as other anonymous
|
|
|
|
|
|
|
|
|
|
|
|
|
|
memory allocations such as those allocated using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+mmap">mmap</A></B>(2)
|
|
|
|
with the
|
|
<B>MAP_ANONYMOUS</B>
|
|
|
|
flag.
|
|
<P>
|
|
|
|
The initial size of the file is set to 0.
|
|
Following the call, the file size should be set using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+ftruncate">ftruncate</A></B>(2).
|
|
|
|
(Alternatively, the file may be populated by calls to
|
|
<B><A HREF="/cgi-bin/man/man2html?2+write">write</A></B>(2)
|
|
|
|
or similar.)
|
|
<P>
|
|
|
|
The name supplied in
|
|
<I>name</I>
|
|
|
|
is used as a filename and will be displayed
|
|
as the target of the corresponding symbolic link in the directory
|
|
<I>/proc/self/fd/</I>.
|
|
|
|
The displayed name is always prefixed with
|
|
<I>memfd:</I>
|
|
|
|
and serves only for debugging purposes.
|
|
Names do not affect the behavior of the file descriptor,
|
|
and as such multiple files can have the same name without any side effects.
|
|
<P>
|
|
|
|
The following values may be bitwise ORed in
|
|
<I>flags</I>
|
|
|
|
to change the behavior of
|
|
<B>memfd_create</B>():
|
|
|
|
<DL COMPACT>
|
|
<DT id="1"><B>MFD_CLOEXEC</B>
|
|
|
|
<DD>
|
|
Set the close-on-exec
|
|
(<B>FD_CLOEXEC</B>)
|
|
|
|
flag on the new file descriptor.
|
|
See the description of the
|
|
<B>O_CLOEXEC</B>
|
|
|
|
flag in
|
|
<B><A HREF="/cgi-bin/man/man2html?2+open">open</A></B>(2)
|
|
|
|
for reasons why this may be useful.
|
|
<DT id="2"><B>MFD_ALLOW_SEALING</B>
|
|
|
|
<DD>
|
|
Allow sealing operations on this file.
|
|
See the discussion of the
|
|
<B>F_ADD_SEALS</B>
|
|
|
|
and
|
|
<B>F_GET_SEALS</B>
|
|
|
|
operations in
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fcntl">fcntl</A></B>(2),
|
|
|
|
and also NOTES, below.
|
|
The initial set of seals is empty.
|
|
If this flag is not set, the initial set of seals will be
|
|
<B>F_SEAL_SEAL</B>,
|
|
|
|
meaning that no other seals can be set on the file.
|
|
|
|
|
|
<DT id="3"><B>MFD_HUGETLB</B> (since Linux 4.14)
|
|
|
|
<DD>
|
|
|
|
The anonymous file will be created in the hugetlbfs filesystem using
|
|
huge pages.
|
|
See the Linux kernel source file
|
|
<I>Documentation/admin-guide/mm/hugetlbpage.rst</I>
|
|
|
|
for more information about hugetlbfs.
|
|
|
|
Specifying both
|
|
<B>MFD_HUGETLB</B>
|
|
|
|
and
|
|
<B>MFD_ALLOW_SEALING</B>
|
|
|
|
in
|
|
<I>flags</I>
|
|
|
|
is supported since Linux 4.16.
|
|
<DT id="4"><B>MFD_HUGE_2MB</B>, <B>MFD_HUGE_1GB</B>, <B>...</B>
|
|
|
|
<DD>
|
|
Used in conjunction with
|
|
<B>MFD_HUGETLB</B>
|
|
|
|
to select alternative hugetlb page sizes (respectively, 2 MB, 1 GB, ...)
|
|
on systems that support multiple hugetlb page sizes.
|
|
Definitions for known
|
|
huge page sizes are included in the header file
|
|
<I><<A HREF="file:///usr/include/linux/memfd.h">linux/memfd.h</A>>.</I>
|
|
|
|
<DT id="5"><DD>
|
|
For details on encoding huge page sizes not included in the header file,
|
|
see the discussion of the similarly named constants in
|
|
<B><A HREF="/cgi-bin/man/man2html?2+mmap">mmap</A></B>(2).
|
|
|
|
</DL>
|
|
<P>
|
|
|
|
Unused bits in
|
|
<I>flags</I>
|
|
|
|
must be 0.
|
|
<P>
|
|
|
|
As its return value,
|
|
<B>memfd_create</B>()
|
|
|
|
returns a new file descriptor that can be used to refer to the file.
|
|
This file descriptor is opened for both reading and writing
|
|
(<B>O_RDWR</B>)
|
|
|
|
and
|
|
<B>O_LARGEFILE</B>
|
|
|
|
is set for the file descriptor.
|
|
<P>
|
|
|
|
With respect to
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fork">fork</A></B>(2)
|
|
|
|
and
|
|
<B><A HREF="/cgi-bin/man/man2html?2+execve">execve</A></B>(2),
|
|
|
|
the usual semantics apply for the file descriptor created by
|
|
<B>memfd_create</B>().
|
|
|
|
A copy of the file descriptor is inherited by the child produced by
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fork">fork</A></B>(2)
|
|
|
|
and refers to the same file.
|
|
The file descriptor is preserved across
|
|
<B><A HREF="/cgi-bin/man/man2html?2+execve">execve</A></B>(2),
|
|
|
|
unless the close-on-exec flag has been set.
|
|
<A NAME="lbAE"> </A>
|
|
<H2>RETURN VALUE</H2>
|
|
|
|
On success,
|
|
<B>memfd_create</B>()
|
|
|
|
returns a new file descriptor.
|
|
On error, -1 is returned and
|
|
<I>errno</I>
|
|
|
|
is set to indicate the error.
|
|
<A NAME="lbAF"> </A>
|
|
<H2>ERRORS</H2>
|
|
|
|
<DL COMPACT>
|
|
<DT id="6"><B>EFAULT</B>
|
|
|
|
<DD>
|
|
The address in
|
|
<I>name</I>
|
|
|
|
points to invalid memory.
|
|
<DT id="7"><B>EINVAL</B>
|
|
|
|
<DD>
|
|
<I>flags</I>
|
|
|
|
included unknown bits.
|
|
<DT id="8"><B>EINVAL</B>
|
|
|
|
<DD>
|
|
<I>name</I>
|
|
|
|
was too long.
|
|
(The limit is
|
|
|
|
249 bytes, excluding the terminating null byte.)
|
|
<DT id="9"><B>EINVAL</B>
|
|
|
|
<DD>
|
|
Both
|
|
<B>MFD_HUGETLB</B>
|
|
|
|
and
|
|
<B>MFD_ALLOW_SEALING</B>
|
|
|
|
were specified in
|
|
<I>flags</I>.
|
|
|
|
<DT id="10"><B>EMFILE</B>
|
|
|
|
<DD>
|
|
The per-process limit on the number of open file descriptors has been reached.
|
|
<DT id="11"><B>ENFILE</B>
|
|
|
|
<DD>
|
|
The system-wide limit on the total number of open files has been reached.
|
|
<DT id="12"><B>ENOMEM</B>
|
|
|
|
<DD>
|
|
There was insufficient memory to create a new anonymous file.
|
|
</DL>
|
|
<A NAME="lbAG"> </A>
|
|
<H2>VERSIONS</H2>
|
|
|
|
The
|
|
<B>memfd_create</B>()
|
|
|
|
system call first appeared in Linux 3.17;
|
|
glibc support was added in version 2.27.
|
|
<A NAME="lbAH"> </A>
|
|
<H2>CONFORMING TO</H2>
|
|
|
|
The
|
|
<B>memfd_create</B>()
|
|
|
|
system call is Linux-specific.
|
|
<A NAME="lbAI"> </A>
|
|
<H2>NOTES</H2>
|
|
|
|
<P>
|
|
|
|
|
|
|
|
The
|
|
<B>memfd_create</B>()
|
|
|
|
system call provides a simple alternative to manually mounting a
|
|
<B><A HREF="/cgi-bin/man/man2html?5+tmpfs">tmpfs</A></B>(5)
|
|
|
|
filesystem and creating and opening a file in that filesystem.
|
|
The primary purpose of
|
|
<B>memfd_create</B>()
|
|
|
|
is to create files and associated file descriptors that are
|
|
used with the file-sealing APIs provided by
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fcntl">fcntl</A></B>(2).
|
|
|
|
<P>
|
|
|
|
The
|
|
<B>memfd_create</B>()
|
|
|
|
system call also has uses without file sealing
|
|
(which is why file-sealing is disabled, unless explicitly requested with the
|
|
<B>MFD_ALLOW_SEALING</B>
|
|
|
|
flag).
|
|
In particular, it can be used as an alternative to creating files in
|
|
<I>tmp</I>
|
|
|
|
or as an alternative to using the
|
|
<B><A HREF="/cgi-bin/man/man2html?2+open">open</A></B>(2)
|
|
|
|
<B>O_TMPFILE</B>
|
|
|
|
in cases where there is no intention to actually link the
|
|
resulting file into the filesystem.
|
|
<A NAME="lbAJ"> </A>
|
|
<H3>File sealing</H3>
|
|
|
|
In the absence of file sealing,
|
|
processes that communicate via shared memory must either trust each other,
|
|
or take measures to deal with the possibility that an untrusted peer
|
|
may manipulate the shared memory region in problematic ways.
|
|
For example, an untrusted peer might modify the contents of the
|
|
shared memory at any time, or shrink the shared memory region.
|
|
The former possibility leaves the local process vulnerable to
|
|
time-of-check-to-time-of-use race conditions
|
|
(typically dealt with by copying data from
|
|
the shared memory region before checking and using it).
|
|
The latter possibility leaves the local process vulnerable to
|
|
<B>SIGBUS</B>
|
|
|
|
signals when an attempt is made to access a now-nonexistent
|
|
location in the shared memory region.
|
|
(Dealing with this possibility necessitates the use of a handler for the
|
|
<B>SIGBUS</B>
|
|
|
|
signal.)
|
|
<P>
|
|
|
|
Dealing with untrusted peers imposes extra complexity on
|
|
code that employs shared memory.
|
|
Memory sealing enables that extra complexity to be eliminated,
|
|
by allowing a process to operate secure in the knowledge that
|
|
its peer can't modify the shared memory in an undesired fashion.
|
|
<P>
|
|
|
|
An example of the usage of the sealing mechanism is as follows:
|
|
<DL COMPACT>
|
|
<DT id="13">1.<DD>
|
|
The first process creates a
|
|
<B><A HREF="/cgi-bin/man/man2html?5+tmpfs">tmpfs</A></B>(5)
|
|
|
|
file using
|
|
<B>memfd_create</B>().
|
|
|
|
The call yields a file descriptor used in subsequent steps.
|
|
<DT id="14">2.<DD>
|
|
The first process
|
|
sizes the file created in the previous step using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+ftruncate">ftruncate</A></B>(2),
|
|
|
|
maps it using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+mmap">mmap</A></B>(2),
|
|
|
|
and populates the shared memory with the desired data.
|
|
<DT id="15">3.<DD>
|
|
The first process uses the
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fcntl">fcntl</A></B>(2)
|
|
|
|
<B>F_ADD_SEALS</B>
|
|
|
|
operation to place one or more seals on the file,
|
|
in order to restrict further modifications on the file.
|
|
(If placing the seal
|
|
<B>F_SEAL_WRITE</B>,
|
|
|
|
then it will be necessary to first unmap the shared writable mapping
|
|
created in the previous step.
|
|
Otherwise, behavior similar to
|
|
<B>F_SEAL_WRITE</B>
|
|
|
|
can be achieved by using
|
|
<B>F_SEAL_FUTURE_WRITE</B>,
|
|
|
|
which will prevent future writes via
|
|
<B><A HREF="/cgi-bin/man/man2html?2+mmap">mmap</A></B>(2)
|
|
|
|
and
|
|
<B><A HREF="/cgi-bin/man/man2html?2+write">write</A></B>(2)
|
|
|
|
from succeeding while keeping existing shared writable mappings).
|
|
<DT id="16">4.<DD>
|
|
A second process obtains a file descriptor for the
|
|
<B><A HREF="/cgi-bin/man/man2html?5+tmpfs">tmpfs</A></B>(5)
|
|
|
|
file and maps it.
|
|
Among the possible ways in which this could happen are the following:
|
|
<DL COMPACT><DT id="17"><DD>
|
|
<DL COMPACT>
|
|
<DT id="18">*<DD>
|
|
The process that called
|
|
<B>memfd_create</B>()
|
|
|
|
could transfer the resulting file descriptor to the second process
|
|
via a UNIX domain socket (see
|
|
<B><A HREF="/cgi-bin/man/man2html?7+unix">unix</A></B>(7)
|
|
|
|
and
|
|
<B><A HREF="/cgi-bin/man/man2html?3+cmsg">cmsg</A></B>(3)).
|
|
|
|
The second process then maps the file using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+mmap">mmap</A></B>(2).
|
|
|
|
<DT id="19">*<DD>
|
|
The second process is created via
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fork">fork</A></B>(2)
|
|
|
|
and thus automatically inherits the file descriptor and mapping.
|
|
(Note that in this case and the next,
|
|
there is a natural trust relationship between the two processes,
|
|
since they are running under the same user ID.
|
|
Therefore, file sealing would not normally be necessary.)
|
|
<DT id="20">*<DD>
|
|
The second process opens the file
|
|
<I>/proc/<pid>/fd/<fd></I>,
|
|
|
|
where
|
|
<I><pid></I>
|
|
|
|
is the PID of the first process (the one that called
|
|
<B>memfd_create</B>()),
|
|
|
|
and
|
|
<I><fd></I>
|
|
|
|
is the number of the file descriptor returned by the call to
|
|
<B>memfd_create</B>()
|
|
|
|
in that process.
|
|
The second process then maps the file using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+mmap">mmap</A></B>(2).
|
|
|
|
</DL>
|
|
</DL>
|
|
|
|
<DT id="21">5.<DD>
|
|
The second process uses the
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fcntl">fcntl</A></B>(2)
|
|
|
|
<B>F_GET_SEALS</B>
|
|
|
|
operation to retrieve the bit mask of seals
|
|
that has been applied to the file.
|
|
This bit mask can be inspected in order to determine
|
|
what kinds of restrictions have been placed on file modifications.
|
|
If desired, the second process can apply further seals
|
|
to impose additional restrictions (so long as the
|
|
<B>F_SEAL_SEAL</B>
|
|
|
|
seal has not yet been applied).
|
|
</DL>
|
|
<A NAME="lbAK"> </A>
|
|
<H2>EXAMPLE</H2>
|
|
|
|
Below are shown two example programs that demonstrate the use of
|
|
<B>memfd_create</B>()
|
|
|
|
and the file sealing API.
|
|
<P>
|
|
|
|
The first program,
|
|
<I>t_memfd_create.c</I>,
|
|
|
|
creates a
|
|
<B><A HREF="/cgi-bin/man/man2html?5+tmpfs">tmpfs</A></B>(5)
|
|
|
|
file using
|
|
<B>memfd_create</B>(),
|
|
|
|
sets a size for the file, maps it into memory,
|
|
and optionally places some seals on the file.
|
|
The program accepts up to three command-line arguments,
|
|
of which the first two are required.
|
|
The first argument is the name to associate with the file,
|
|
the second argument is the size to be set for the file,
|
|
and the optional third argument is a string of characters that specify
|
|
seals to be set on file.
|
|
<P>
|
|
|
|
The second program,
|
|
<I>t_get_seals.c</I>,
|
|
|
|
can be used to open an existing file that was created via
|
|
<B>memfd_create</B>()
|
|
|
|
and inspect the set of seals that have been applied to that file.
|
|
<P>
|
|
|
|
The following shell session demonstrates the use of these programs.
|
|
First we create a
|
|
<B><A HREF="/cgi-bin/man/man2html?5+tmpfs">tmpfs</A></B>(5)
|
|
|
|
file and set some seals on it:
|
|
<P>
|
|
|
|
|
|
|
|
$ <B>./t_memfd_create my_memfd_file 4096 sw &</B>
|
|
[1] 11775
|
|
PID: 11775; fd: 3; /proc/11775/fd/3
|
|
|
|
|
|
<P>
|
|
|
|
At this point, the
|
|
<I>t_memfd_create</I>
|
|
|
|
program continues to run in the background.
|
|
From another program, we can obtain a file descriptor for the
|
|
file created by
|
|
<B>memfd_create</B>()
|
|
|
|
by opening the
|
|
<I>/proc/[pid]/fd</I>
|
|
|
|
file that corresponds to the file descriptor opened by
|
|
<B>memfd_create</B>().
|
|
|
|
Using that pathname, we inspect the content of the
|
|
<I>/proc/[pid]/fd</I>
|
|
|
|
symbolic link, and use our
|
|
<I>t_get_seals</I>
|
|
|
|
program to view the seals that have been placed on the file:
|
|
<P>
|
|
|
|
|
|
|
|
$ <B>readlink /proc/11775/fd/3</B>
|
|
/memfd:my_memfd_file (deleted)
|
|
$ <B>./t_get_seals /proc/11775/fd/3</B>
|
|
Existing seals: WRITE SHRINK
|
|
|
|
|
|
<A NAME="lbAL"> </A>
|
|
<H3>Program source: t_memfd_create.c</H3>
|
|
|
|
|
|
|
|
#define _GNU_SOURCE
|
|
#include <<A HREF="file:///usr/include/sys/mman.h">sys/mman.h</A>>
|
|
#include <<A HREF="file:///usr/include/fcntl.h">fcntl.h</A>>
|
|
#include <<A HREF="file:///usr/include/stdlib.h">stdlib.h</A>>
|
|
#include <<A HREF="file:///usr/include/unistd.h">unistd.h</A>>
|
|
#include <<A HREF="file:///usr/include/string.h">string.h</A>>
|
|
#include <<A HREF="file:///usr/include/stdio.h">stdio.h</A>>
|
|
<P>
|
|
#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \
|
|
<BR> } while (0)
|
|
<P>
|
|
int
|
|
main(int argc, char *argv[])
|
|
{
|
|
<BR> int fd;
|
|
<BR> unsigned int seals;
|
|
<BR> char *addr;
|
|
<BR> char *name, *seals_arg;
|
|
<BR> ssize_t len;
|
|
<P>
|
|
<BR> if (argc < 3) {
|
|
<BR> fprintf(stderr, "%s name size [seals]\n", argv[0]);
|
|
<BR> fprintf(stderr, "\t'seals' can contain any of the "
|
|
<BR> "following characters:\n");
|
|
<BR> fprintf(stderr, "\t\tg - F_SEAL_GROW\n");
|
|
<BR> fprintf(stderr, "\t\ts - F_SEAL_SHRINK\n");
|
|
<BR> fprintf(stderr, "\t\tw - F_SEAL_WRITE\n");
|
|
<BR> fprintf(stderr, "\t\tW - F_SEAL_FUTURE_WRITE\n");
|
|
<BR> fprintf(stderr, "\t\tS - F_SEAL_SEAL\n");
|
|
<BR> exit(EXIT_FAILURE);
|
|
<BR> }
|
|
<P>
|
|
<BR> name = argv[1];
|
|
<BR> len = atoi(argv[2]);
|
|
<BR> seals_arg = argv[3];
|
|
<P>
|
|
<BR> /* Create an anonymous file in tmpfs; allow seals to be
|
|
<BR> placed on the file */
|
|
<P>
|
|
<BR> fd = memfd_create(name, MFD_ALLOW_SEALING);
|
|
<BR> if (fd == -1)
|
|
<BR> errExit("memfd_create");
|
|
<P>
|
|
<BR> /* Size the file as specified on the command line */
|
|
<P>
|
|
<BR> if (ftruncate(fd, len) == -1)
|
|
<BR> errExit("truncate");
|
|
<P>
|
|
<BR> printf("PID: %ld; fd: %d; /proc/%ld/fd/%d\n",
|
|
<BR> (long) getpid(), fd, (long) getpid(), fd);
|
|
<P>
|
|
<BR> /* Code to map the file and populate the mapping with data
|
|
<BR> omitted */
|
|
<P>
|
|
<BR> /* If a 'seals' command-line argument was supplied, set some
|
|
<BR> seals on the file */
|
|
<P>
|
|
<BR> if (seals_arg != NULL) {
|
|
<BR> seals = 0;
|
|
<P>
|
|
<BR> if (strchr(seals_arg, 'g') != NULL)
|
|
<BR> seals |= F_SEAL_GROW;
|
|
<BR> if (strchr(seals_arg, 's') != NULL)
|
|
<BR> seals |= F_SEAL_SHRINK;
|
|
<BR> if (strchr(seals_arg, 'w') != NULL)
|
|
<BR> seals |= F_SEAL_WRITE;
|
|
<BR> if (strchr(seals_arg, 'W') != NULL)
|
|
<BR> seals |= F_SEAL_FUTURE_WRITE;
|
|
<BR> if (strchr(seals_arg, 'S') != NULL)
|
|
<BR> seals |= F_SEAL_SEAL;
|
|
<P>
|
|
<BR> if (fcntl(fd, F_ADD_SEALS, seals) == -1)
|
|
<BR> errExit("fcntl");
|
|
<BR> }
|
|
<P>
|
|
<BR> /* Keep running, so that the file created by memfd_create()
|
|
<BR> continues to exist */
|
|
<P>
|
|
<BR> pause();
|
|
<P>
|
|
<BR> exit(EXIT_SUCCESS);
|
|
}
|
|
|
|
<A NAME="lbAM"> </A>
|
|
<H3>Program source: t_get_seals.c</H3>
|
|
|
|
|
|
|
|
#define _GNU_SOURCE
|
|
#include <<A HREF="file:///usr/include/sys/mman.h">sys/mman.h</A>>
|
|
#include <<A HREF="file:///usr/include/fcntl.h">fcntl.h</A>>
|
|
#include <<A HREF="file:///usr/include/unistd.h">unistd.h</A>>
|
|
#include <<A HREF="file:///usr/include/stdlib.h">stdlib.h</A>>
|
|
#include <<A HREF="file:///usr/include/string.h">string.h</A>>
|
|
#include <<A HREF="file:///usr/include/stdio.h">stdio.h</A>>
|
|
<P>
|
|
#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \
|
|
<BR> } while (0)
|
|
<P>
|
|
int
|
|
main(int argc, char *argv[])
|
|
{
|
|
<BR> int fd;
|
|
<BR> unsigned int seals;
|
|
<P>
|
|
<BR> if (argc != 2) {
|
|
<BR> fprintf(stderr, "%s /proc/PID/fd/FD\n", argv[0]);
|
|
<BR> exit(EXIT_FAILURE);
|
|
<BR> }
|
|
<P>
|
|
<BR> fd = open(argv[1], O_RDWR);
|
|
<BR> if (fd == -1)
|
|
<BR> errExit("open");
|
|
<P>
|
|
<BR> seals = fcntl(fd, F_GET_SEALS);
|
|
<BR> if (seals == -1)
|
|
<BR> errExit("fcntl");
|
|
<P>
|
|
<BR> printf("Existing seals:");
|
|
<BR> if (seals & F_SEAL_SEAL)
|
|
<BR> printf(" SEAL");
|
|
<BR> if (seals & F_SEAL_GROW)
|
|
<BR> printf(" GROW");
|
|
<BR> if (seals & F_SEAL_WRITE)
|
|
<BR> printf(" WRITE");
|
|
<BR> if (seals & F_SEAL_FUTURE_WRITE)
|
|
<BR> printf(" FUTURE_WRITE");
|
|
<BR> if (seals & F_SEAL_SHRINK)
|
|
<BR> printf(" SHRINK");
|
|
<BR> printf("\n");
|
|
<P>
|
|
<BR> /* Code to map the file and access the contents of the
|
|
<BR> resulting mapping omitted */
|
|
<P>
|
|
<BR> exit(EXIT_SUCCESS);
|
|
}
|
|
|
|
<A NAME="lbAN"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+fcntl">fcntl</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+ftruncate">ftruncate</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+mmap">mmap</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+shmget">shmget</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?3+shm_open">shm_open</A></B>(3)
|
|
|
|
<A NAME="lbAO"> </A>
|
|
<H2>COLOPHON</H2>
|
|
|
|
This page is part of release 5.05 of the Linux
|
|
<I>man-pages</I>
|
|
|
|
project.
|
|
A description of the project,
|
|
information about reporting bugs,
|
|
and the latest version of this page,
|
|
can be found at
|
|
<A HREF="https://www.kernel.org/doc/man-pages/.">https://www.kernel.org/doc/man-pages/.</A>
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="22"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="23"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="24"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="25"><A HREF="#lbAE">RETURN VALUE</A><DD>
|
|
<DT id="26"><A HREF="#lbAF">ERRORS</A><DD>
|
|
<DT id="27"><A HREF="#lbAG">VERSIONS</A><DD>
|
|
<DT id="28"><A HREF="#lbAH">CONFORMING TO</A><DD>
|
|
<DT id="29"><A HREF="#lbAI">NOTES</A><DD>
|
|
<DL>
|
|
<DT id="30"><A HREF="#lbAJ">File sealing</A><DD>
|
|
</DL>
|
|
<DT id="31"><A HREF="#lbAK">EXAMPLE</A><DD>
|
|
<DL>
|
|
<DT id="32"><A HREF="#lbAL">Program source: t_memfd_create.c</A><DD>
|
|
<DT id="33"><A HREF="#lbAM">Program source: t_get_seals.c</A><DD>
|
|
</DL>
|
|
<DT id="34"><A HREF="#lbAN">SEE ALSO</A><DD>
|
|
<DT id="35"><A HREF="#lbAO">COLOPHON</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:05:33 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|