1 //! memfd helpers. 2 3 use libc::*; 4 use std::fs::File; 5 use std::io::Error; 6 use std::io::Result; 7 use std::os::raw::c_uint; 8 use std::os::unix::prelude::{FromRawFd, RawFd}; 9 create(flags: c_uint) -> Result<File>10fn create(flags: c_uint) -> Result<File> { 11 let fd = memfd_create_syscall(flags); 12 if fd < 0 { 13 Err(Error::last_os_error()) 14 } else { 15 Ok(unsafe { File::from_raw_fd(fd as RawFd) }) 16 } 17 } 18 19 /// Make the `memfd_create` syscall ourself instead of going through `libc`; 20 /// `memfd_create` isn't supported on `glibc<2.27` so this allows us to 21 /// support old-but-still-used distros like Ubuntu Xenial, Debian Stretch, 22 /// RHEL 7, etc. 23 /// 24 /// See: https://github.com/tokio-rs/tracing/issues/1879 memfd_create_syscall(flags: c_uint) -> c_int25fn memfd_create_syscall(flags: c_uint) -> c_int { 26 unsafe { 27 syscall( 28 SYS_memfd_create, 29 "tracing-journald\0".as_ptr() as *const c_char, 30 flags, 31 ) as c_int 32 } 33 } 34 create_sealable() -> Result<File>35pub fn create_sealable() -> Result<File> { 36 create(MFD_ALLOW_SEALING | MFD_CLOEXEC) 37 } 38 seal_fully(fd: RawFd) -> Result<()>39pub fn seal_fully(fd: RawFd) -> Result<()> { 40 let all_seals = F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL; 41 let result = unsafe { fcntl(fd, F_ADD_SEALS, all_seals) }; 42 if result < 0 { 43 Err(Error::last_os_error()) 44 } else { 45 Ok(()) 46 } 47 } 48