File: android-cloexec-memfd-create.rst

package info (click to toggle)
llvm-toolchain-6.0 1%3A6.0.1-10
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 598,080 kB
  • sloc: cpp: 3,046,253; ansic: 595,057; asm: 271,965; python: 128,926; objc: 106,554; sh: 21,906; lisp: 10,191; pascal: 6,094; ml: 5,544; perl: 5,265; makefile: 2,227; cs: 2,027; xml: 686; php: 212; csh: 117
file content (18 lines) | stat: -rw-r--r-- 485 bytes parent folder | download | duplicates (28) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 
.. title:: clang-tidy - android-cloexec-memfd-create

android-cloexec-memfd-create
============================

``memfd_create()`` should include ``MFD_CLOEXEC`` in its type argument to avoid
the file descriptor leakage. Without this flag, an opened sensitive file would
remain open across a fork+exec to a lower-privileged SELinux domain.

Examples:

.. code-block:: c++

  memfd_create(name, MFD_ALLOW_SEALING);

  // becomes

  memfd_create(name, MFD_ALLOW_SEALING | MFD_CLOEXEC);