From a3763d64e0d65ed1902b36c521c57cd252b9c3be Mon Sep 17 00:00:00 2001 From: Szabolcs Nagy Date: Wed, 1 Oct 2014 22:25:40 +0200 Subject: [PATCH] add new linux file sealing api to fcntl.h new in linux v3.17 commit 40e041a2c858b3caefc757e26cb85bfceae5062b sealing allows some operations to be blocked on a file which makes file access safer when fds are shared between processes (only supported for shared mem fds currently) flags: F_SEAL_SEAL prevents further sealing F_SEAL_SHRINK prevents file from shrinking F_SEAL_GROW prevents file from growing F_SEAL_WRITE prevents writes fcntl commands: F_GET_SEALS get the current seal flags F_ADD_SEALS add new seal flags --- include/fcntl.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/fcntl.h b/include/fcntl.h index ff9fcb92..f5bfebc8 100644 --- a/include/fcntl.h +++ b/include/fcntl.h @@ -121,6 +121,13 @@ int posix_fallocate(int, off_t, off_t); #define F_CANCELLK 1029 #define F_SETPIPE_SZ 1031 #define F_GETPIPE_SZ 1032 +#define F_ADD_SEALS 1033 +#define F_GET_SEALS 1034 + +#define F_SEAL_SEAL 0x0001 +#define F_SEAL_SHRINK 0x0002 +#define F_SEAL_GROW 0x0004 +#define F_SEAL_WRITE 0x0008 #define DN_ACCESS 0x00000001 #define DN_MODIFY 0x00000002