memfd: map unsealed files as MAP_SHARED

We need to map sealed files as MAP_PRIVATE so far as the kernel treats MAP_SHARED as writable mapping (you can run mprotect(PROT_WRITE) at any time on those). However, unsealed files must be mapped as MAP_SHARED. Otherwise, we never end up writing to the real file.
author: David Herrmann <dh.herrmann@gmail.com> 2014-08-18 13:05:48 +0200
committer: David Herrmann <dh.herrmann@gmail.com> 2014-08-18 13:05:48 +0200
commit: 23972f4244f7609658c2a17f85508d50e4739990 (patch)
tree: ecc7b9895abf0c193cae5bf2deb6dcdfe8b77c04
parent: c7dab73a5fa6e775813765fe925caaa7c4e549fa (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/shared/memfd.c b/src/shared/memfd.c
index 6804b4236..d94c6268d 100644
--- a/src/shared/memfd.c
+++ b/src/shared/memfd.c
@@ -176,7 +176,11 @@ int sd_memfd_map(sd_memfd *m, uint64_t offset, size_t size, void **p) {
         if (sealed < 0)
                 return sealed;
 
-        q = mmap(NULL, size, sealed ? PROT_READ : PROT_READ|PROT_WRITE, MAP_PRIVATE, m->fd, offset);
+        if (sealed)
+                q = mmap(NULL, size, PROT_READ, MAP_PRIVATE, m->fd, offset);
+        else
+                q = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, m->fd, offset);
+
         if (q == MAP_FAILED)
                 return -errno;
author	David Herrmann <dh.herrmann@gmail.com>	2014-08-18 13:05:48 +0200
committer	David Herrmann <dh.herrmann@gmail.com>	2014-08-18 13:05:48 +0200
commit	23972f4244f7609658c2a17f85508d50e4739990 (patch)
tree	ecc7b9895abf0c193cae5bf2deb6dcdfe8b77c04
parent	c7dab73a5fa6e775813765fe925caaa7c4e549fa (diff)