Hi On Thu, Mar 20, 2014 at 3:41 PM, One Thousand Gnomes <gnomes@xxxxxxxxxxxxxxxxxxx> wrote: > I think you want two things at minimum > > owner to seal > root can always override Why should root be allowed to override? > I would query the name too. Right now your assumption is 'shmem only' but > that might change with other future use cases or types (eg some driver > file handles) so SHMEM_ in the fcntl might become misleading. I'm fine with F_SET/GET_SEALS. But given you suggested requiring MFD_ALLOW_SEALS for sealing, I don't see why we couldn't limit this interface entirely to memfd_create(). > Whether you want some way to undo a seal without an exclusive reference as > the file owner is another question. No. You are never allowed to undo a seal but with an exclusive reference. This interface was created for situations _without_ any trust relationship. So if the owner is allowed to undo seals, the interface doesn't make any sense. The only options I see is to not allow un-sealing at all (which I'm fine with) or tracking users (which is way too much overhead). Thanks David -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>