Commit f0d3a614 authored by Sebastian Wick's avatar Sebastian Wick

shared: guard all the seal logic behind HAVE_MEMFD_CREATE

The initial version of os_ro_anonymous_file missed two guards around the
seal logic which leads to a compilation error on older systems.

Also make the check for a read-only file symmetric in
os_ro_anonymous_file_get_fd and os_ro_anonymous_file_put_fd.
Signed-off-by: default avatarSebastian Wick <>
parent 7bce28b5
......@@ -340,6 +340,7 @@ os_ro_anonymous_file_get_fd(struct ro_anonymous_file *file,
void *src, *dst;
int seals, fd;
seals = fcntl(file->fd, F_GET_SEALS);
/* file was sealed for read-only and we don't have to support MAP_SHARED
......@@ -348,6 +349,7 @@ os_ro_anonymous_file_get_fd(struct ro_anonymous_file *file,
if (seals != -1 && mapmode == RO_ANONYMOUS_FILE_MAPMODE_PRIVATE &&
return file->fd;
/* for all other cases we create a new anonymous file that can be mapped
* with MAP_SHARED and copy the contents to it and return that instead
......@@ -388,17 +390,18 @@ os_ro_anonymous_file_get_fd(struct ro_anonymous_file *file,
os_ro_anonymous_file_put_fd(int fd)
int seals = fcntl(fd, F_GET_SEALS);
if (seals == -1 && errno != EINVAL)
return -1;
/* If the fd cannot be sealed seals is -1 at this point
* or the file can be sealed but has not been sealed for writing.
* In both cases we created a new anonymous file that we have to
* close.
/* The only case in which we do NOT have to close the file is when the file
* was sealed for read-only
if (seals == -1 || !(seals & F_SEAL_WRITE))
if (seals != -1 && (seals & READONLY_SEALS) == READONLY_SEALS)
return 0;
return 0;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment