Hi
On Thu, Mar 20, 2014 at 3:41 PM, One Thousand Gnomes gnomes@lxorguk.ukuu.org.uk wrote:
I think you want two things at minimum
owner to seal root can always override
Why should root be allowed to override?
I would query the name too. Right now your assumption is 'shmem only' but that might change with other future use cases or types (eg some driver file handles) so SHMEM_ in the fcntl might become misleading.
I'm fine with F_SET/GET_SEALS. But given you suggested requiring MFD_ALLOW_SEALS for sealing, I don't see why we couldn't limit this interface entirely to memfd_create().
Whether you want some way to undo a seal without an exclusive reference as the file owner is another question.
No. You are never allowed to undo a seal but with an exclusive reference. This interface was created for situations _without_ any trust relationship. So if the owner is allowed to undo seals, the interface doesn't make any sense. The only options I see is to not allow un-sealing at all (which I'm fine with) or tracking users (which is way too much overhead).
Thanks David