Hi On Thu, Mar 20, 2014 at 3:41 PM, One Thousand Gnomes <gnomes@xxxxxxxxxxxxxxxxxxx> wrote: > I think you want two things at minimum > > owner to seal > root can always override Why should root be allowed to override? > I would query the name too. Right now your assumption is 'shmem only' but > that might change with other future use cases or types (eg some driver > file handles) so SHMEM_ in the fcntl might become misleading. I'm fine with F_SET/GET_SEALS. But given you suggested requiring MFD_ALLOW_SEALS for sealing, I don't see why we couldn't limit this interface entirely to memfd_create(). > Whether you want some way to undo a seal without an exclusive reference as > the file owner is another question. No. You are never allowed to undo a seal but with an exclusive reference. This interface was created for situations _without_ any trust relationship. So if the owner is allowed to undo seals, the interface doesn't make any sense. The only options I see is to not allow un-sealing at all (which I'm fine with) or tracking users (which is way too much overhead). Thanks David _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/dri-devel
