Add fcntl sealing interfaces from Linux 3.17 to bits/fcntl-linux.h
Commit Message
While reviewing Linux 4.13 for glibc header changes needed, I noticed
that bits/fcntl-linux.h was missing F_ADD_SEALS etc. from Linux 3.17.
I didn't find any discussion indicating this omission is deliberate.
Now, these interfaces can only be used with file descriptors created
with memfd_create, and we don't have a memfd_create wrapper in glibc
(a patch was submitted in October 2014, albeit without documentation /
tests, and discussions continued over the next few months, but without
consensus on whether to add the interface - and we still lack any
general consensus on syscall wrappers), but I don't think that's a
reason to exclude the constants from bits/fcntl-linux.h (especially as
the header does not look compatible with simultaneously including
linux/fcntl.h).
(Some of those 2014/2015 discussions raised concerns about difficulty
using the memfd_create / sealing interface, but those seem to me more
like a question of whether it should be part of the OS-independent GNU
API - in my view, even fairly specialized syscalls ought to have
wrappers added to glibc if not obsolescent, but there may be cases
where we only want to include them in the Linux-specific API and
anything in the OS-independent GNU API should be different - rather
than being relevant to whether constants for use with fcntl should
appear in headers.)
2017-09-06 Joseph Myers <joseph@codesourcery.com>
* sysdeps/unix/sysv/linux/bits/fcntl-linux.h [__USE_GNU]
(F_ADD_SEALS): New macro.
[__USE_GNU] (F_GET_SEALS): Likewise.
[__USE_GNU] (F_SEAL_SEAL): Likewise.
[__USE_GNU] (F_SEAL_SHRINK): Likewise.
[__USE_GNU] (F_SEAL_GROW): Likewise.
[__USE_GNU] (F_SEAL_WRITE): Likewise.
Comments
On Wed, Sep 06, 2017 at 03:30:47PM +0000, Joseph Myers wrote:
> While reviewing Linux 4.13 for glibc header changes needed, I noticed
> that bits/fcntl-linux.h was missing F_ADD_SEALS etc. from Linux 3.17.
>
> I didn't find any discussion indicating this omission is deliberate.
> Now, these interfaces can only be used with file descriptors created
> with memfd_create, and we don't have a memfd_create wrapper in glibc
> (a patch was submitted in October 2014, albeit without documentation /
> tests, and discussions continued over the next few months, but without
> consensus on whether to add the interface - and we still lack any
> general consensus on syscall wrappers), but I don't think that's a
> reason to exclude the constants from bits/fcntl-linux.h (especially as
> the header does not look compatible with simultaneously including
> linux/fcntl.h).
>
> (Some of those 2014/2015 discussions raised concerns about difficulty
> using the memfd_create / sealing interface, but those seem to me more
> like a question of whether it should be part of the OS-independent GNU
> API - in my view, even fairly specialized syscalls ought to have
> wrappers added to glibc if not obsolescent, but there may be cases
> where we only want to include them in the Linux-specific API and
> anything in the OS-independent GNU API should be different - rather
> than being relevant to whether constants for use with fcntl should
> appear in headers.)
>
> 2017-09-06 Joseph Myers <joseph@codesourcery.com>
>
> * sysdeps/unix/sysv/linux/bits/fcntl-linux.h [__USE_GNU]
> (F_ADD_SEALS): New macro.
> [__USE_GNU] (F_GET_SEALS): Likewise.
> [__USE_GNU] (F_SEAL_SEAL): Likewise.
> [__USE_GNU] (F_SEAL_SHRINK): Likewise.
> [__USE_GNU] (F_SEAL_GROW): Likewise.
> [__USE_GNU] (F_SEAL_WRITE): Likewise.
I think the change itself is OK.
With regards to the changelog entry formatting,
I wonder why a more compact form is not used here, e.g.
* sysdeps/unix/sysv/linux/bits/fcntl-linux.h [__USE_GNU] (F_ADD_SEALS,
F_GET_SEALS, F_SEAL_SEAL, F_SEAL_SHRINK, F_SEAL_GROW, F_SEAL_WRITE):
New macros.
On Fri, 8 Sep 2017, Dmitry V. Levin wrote:
> With regards to the changelog entry formatting,
> I wonder why a more compact form is not used here, e.g.
>
> * sysdeps/unix/sysv/linux/bits/fcntl-linux.h [__USE_GNU] (F_ADD_SEALS,
> F_GET_SEALS, F_SEAL_SEAL, F_SEAL_SHRINK, F_SEAL_GROW, F_SEAL_WRITE):
> New macros.
glibc tends to use the "Likewise." style more than is required by the GNU
Coding Standards; I'm not sure why. (The above sort of list of symbols
should close parentheses at the end of each line and then reopen at the
start of the next line when continuing the list.)
On 09/08/2017 09:16 AM, Joseph Myers wrote:
> glibc tends to use the "Likewise." style more than is required by the GNU
> Coding Standards; I'm not sure why.
It's inertia. As I recall the GNU Coding Standards formerly recommended
"Likewise", and they still have a circa-1998 example using it
(unnecessarily, I might add). This was before they extended ChangeLog
format to make "Likewise" largely unnecessary.
@@ -202,6 +202,8 @@
# define F_NOTIFY 1026 /* Request notifications on a directory. */
# define F_SETPIPE_SZ 1031 /* Set pipe page size array. */
# define F_GETPIPE_SZ 1032 /* Set pipe page size array. */
+# define F_ADD_SEALS 1033 /* Add seals to file. */
+# define F_GET_SEALS 1034 /* Get seals for file. */
#endif
#ifdef __USE_XOPEN2K8
# define F_DUPFD_CLOEXEC 1030 /* Duplicate file descriptor with
@@ -271,6 +273,14 @@ struct f_owner_ex
};
#endif
+#ifdef __USE_GNU
+/* Types of seals. */
+# define F_SEAL_SEAL 0x0001 /* Prevent further seals from being set. */
+# define F_SEAL_SHRINK 0x0002 /* Prevent file from shrinking. */
+# define F_SEAL_GROW 0x0004 /* Prevent file from growing. */
+# define F_SEAL_WRITE 0x0008 /* Prevent writes. */
+#endif
+
/* Define some more compatibility macros to be backward compatible with
BSD systems which did not managed to hide these kernel macros. */
#ifdef __USE_MISC