Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add NOEXEC_SEAL and EXEC to MemfdFlags #976

Merged
merged 2 commits into from
Feb 15, 2024
Merged

Add NOEXEC_SEAL and EXEC to MemfdFlags #976

merged 2 commits into from
Feb 15, 2024

Conversation

rusty-snake
Copy link
Contributor

Enabling non-executable memfds: https://lwn.net/Articles/918106/

@Mek101
Copy link
Contributor

Mek101 commented Jan 11, 2024

Bump(?)

@sunfishcode
Copy link
Member

It looks like MFD_NOEXEC_SEAL hasn't been added to the libc crate yet.

@rusty-snake
Copy link
Contributor Author

Exactly. I'm not sure how to proceeded. Supporting only linux_raw sound wrong. Do we want to wait on libc or define them ourself?

@sunfishcode
Copy link
Member

The libc crate doesn't pick up new features automatically; I'll need someone to submit a PR.

Rustix does occasionally define values for itself, but we usually prefer to submit PRs to libc to upstream values. So submitting NOEXEC_SEAL etc. to the libc crate would be a good first step here.

@rusty-snake
Copy link
Contributor Author

rust-lang/libc#3553

@rusty-snake
Copy link
Contributor Author

libc merge request merged just now.

NOEXEC_SEAL and EXEC constants were added in libc 0.2.153
@rusty-snake
Copy link
Contributor Author

CI failures seem to be unrelated.

@rusty-snake rusty-snake marked this pull request as ready for review February 9, 2024 18:06
@sunfishcode sunfishcode merged commit 8edaeca into bytecodealliance:main Feb 15, 2024
39 of 43 checks passed
@sunfishcode
Copy link
Member

Thanks!

@rusty-snake rusty-snake deleted the memfd_create-exec branch February 16, 2024 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants