Hi On Fri, Apr 17, 2015 at 6:28 AM, Michael Tirado <mtirado418@xxxxxxxxx> wrote: > On Thu, 16 Apr 2015 14:01:07 +0200 > David Herrmann <dh.herrmann@xxxxxxxxx> wrote: >> The same functionality of F_SEAL_WRITE_NONCREATOR can be achieved by >> opening /proc/self/fd/<num> with O_RDONLY. Just pass that read-only FD >> to your peers but retain the writable one. But note that you must >> verify your peers do not have the same uid as you do, otherwise they >> can just gain a writable descriptor by opening /proc/self/fd/<num> >> themselves. > > My peers may be any uid, Where's the problem? Just pass the read-only file-descriptor to your peers and make sure the access-mode of the memfd is 0600. No other user will be able to gain a writable file-descriptor, but you. Thanks David -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>