-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
common: Mark our memfds as non-executable #19823
Conversation
FTR, current Python 3.12 does not expose these new constants yet. But we also only use |
Ugh, fails on aarch64 at least. Update: Fixed. |
088b836
to
e771331
Compare
I've seen this udisks crash a lot, let's see if I can find out something more about it locally. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something is off here. I'm hoping it's a simple typo s/0/8U/
...
@allisonkarlitskaya no, it was not a typo, but deliberate (I had a version with 8, but then discarded it). See replies above. |
e771331
to
d791202
Compare
We only ever use them to store data. Recent Linux kernels now encourage explicitly declaring whether a memfd is supposed to be executable [1]. This avoids an unsightly warning at boot: > login: [ 85.637785] cockpit-tls[1176]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set Older kernel releases don't know about that flag yet, so add some ifdeffery and runtime fallback. We need to support building for a new distro/include files, but running on an older kernel. [1] https://lwn.net/Articles/918106/
d791202
to
7cc6503
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the go-arounds. This is nicely self-contained and does everything it needs to.
Eww, what happened to this aarch64 run.. retrying, can't hurt here. |
We only ever use them to store data. Recent Linux kernels now encourage explicitly declaring whether a memfd is supposed to be executable [1]. This avoids an unsightly warning at boot:
Older kernel releases don't know about that flag yet, so add some ifdeffery and runtime fallback. We need to support building for a new distro/include files, but running on an older kernel.
[1] https://lwn.net/Articles/918106/
You can see this with
bots/vm-run fedora-39