T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do one add_seals call, rather than one per flag. (#4366)

Browse Source 
When setting up a copy on write image, we add several seals, to prevent
the image from being resized or modified. Set all the seals in a single
call, rather than doing one call per seal.
This commit is contained in:
Dan Gohman
2022-07-01 16:00:18 -07:00
committed by GitHub
parent f54ec712ef
commit a2197ebbeb
3 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
crates/runtime/src/cow.rs
View File

@@ -162,10 +162,12 @@ impl MemoryImage {
// extra-super-sure that it never changes, and because
// this costs very little, we use the kernel's "seal" API
// to make the memfd image permanently read-only.
memfd.add_seal(memfd::FileSeal::SealGrow)?;
memfd.add_seal(memfd::FileSeal::SealShrink)?;
memfd.add_seal(memfd::FileSeal::SealWrite)?;
memfd.add_seal(memfd::FileSeal::SealSeal)?;
memfd.add_seals(&[
memfd::FileSeal::SealGrow,
memfd::FileSeal::SealShrink,
memfd::FileSeal::SealWrite,
memfd::FileSeal::SealSeal,
])?;
Ok(Some(MemoryImage {
fd: FdSource::Memfd(memfd),