On Mon, Mar 25, 2024 at 10:29:46PM -0700, Christoph Hellwig wrote:
> > +#ifdef HAVE_MEMFD_CLOEXEC
> > +# ifdef HAVE_MEMFD_NOEXEC_SEAL
> > + fd = memfd_create(description, MFD_CLOEXEC | MFD_NOEXEC_SEAL);
> > +# endif /* HAVE_MEMFD_NOEXEC_SEAL */
> > + /* memfd_create exists in kernel 3.17 (2014) and glibc 2.27 (2018). */
> > + fd = memfd_create(description, MFD_CLOEXEC);
> > +#endif /* HAVE_MEMFD_CLOEXEC */
> > +
> > +#ifdef HAVE_O_TMPFILE
> > + fd = open("/dev/shm", O_TMPFILE | O_CLOEXEC | O_RDWR, 0600);
> > + fd = open("/tmp", O_TMPFILE | O_CLOEXEC | O_RDWR, 0600);
> > +#endif
> > +
> > +#ifdef HAVE_MKOSTEMP_CLOEXEC
> > + fd = mkostemp("libxfsXXXXXX", O_CLOEXEC);
> > + if (fd >= 0)
> > + goto got_fd;
> > +#endif
>
> Is there any point in supporting pre-3.17 kernels here and not
> just use memfd_create unconditionally? And then just ifdef on
> MFD_NOEXEC_SEAL instead of adding a configure check?
There's not much reason. Now that memfd_create has existed for a decade
and the other flags for even longer, I'll drop all these configure
checks.
--D
