Skip to content

Commit

Permalink
Try calling MemfdCreate() with MFD_EXEC
Browse files Browse the repository at this point in the history 
Newer kernel print a warning on memfd_create() without MFD_EXEC or MFD_NOEXEC_SEAL.
  • Loading branch information
@debfx
debfx committed Jan 27, 2024
1 parent 00f9161 commit f7c49b0
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
package main

import (
"errors"
"fmt"
"os"
"os/user"
Expand Down Expand Up @@ -253,7 +254,12 @@ func terminalName(fd uintptr) (string, error) {
}

func clonePathAsMemfd(path string, memfdName string) (int, error) {
memFd, err := unix.MemfdCreate(memfdName, unix.MFD_CLOEXEC|unix.MFD_ALLOW_SEALING)
// newer kernel print a warning on memfd_create() without MFD_EXEC or MFD_NOEXEC_SEAL
memFd, err := unix.MemfdCreate(memfdName, unix.MFD_CLOEXEC|unix.MFD_ALLOW_SEALING|unix.MFD_EXEC)
if errors.Is(err, unix.EINVAL) {
// older kernels don't support MFD_EXEC, try without it
memFd, err = unix.MemfdCreate(memfdName, unix.MFD_CLOEXEC|unix.MFD_ALLOW_SEALING)
}
if err != nil {
return 0, err
}
Expand Down

0 comments on commit f7c49b0

Please sign in to comment.