wayland: Seal memfd to prevent shrinking

ids1024 · ids1024 · commit 165a15e92c9c · 2023-01-06T07:52:59.000-08:00
I believe this should be possible wherever `memfd_create` is available.

Sealing isn't required, but Wayland doesn't allow a client to shrink an
shm pool, so there's no reason we should shrink the file. And if we mmap
the file, this prevents a `SIGBUS` if the compositor (incorrectly)
shrunk it.

So we might as well do this.
diff --git a/src/wayland/buffer.rs b/src/wayland/buffer.rs
@@ -16,11 +16,22 @@ use super::State;
 
 #[cfg(any(target_os = "linux", target_os = "freebsd"))]
 fn create_memfile() -> File {
-    use nix::sys::memfd::{memfd_create, MemFdCreateFlag};
+    use nix::{
+        fcntl::{fcntl, FcntlArg, SealFlag},
+        sys::memfd::{memfd_create, MemFdCreateFlag},
+    };
 
     let name = unsafe { CStr::from_bytes_with_nul_unchecked("softbuffer\0".as_bytes()) };
-    let fd = memfd_create(name, MemFdCreateFlag::MFD_CLOEXEC)
-        .expect("Failed to create memfd to store buffer.");
+    let fd = memfd_create(
+        name,
+        MemFdCreateFlag::MFD_CLOEXEC | MemFdCreateFlag::MFD_ALLOW_SEALING,
+    )
+    .expect("Failed to create memfd to store buffer.");
+    let _ = fcntl(
+        fd,
+        FcntlArg::F_ADD_SEALS(SealFlag::F_SEAL_SHRINK | SealFlag::F_SEAL_SEAL),
+    )
+    .expect("Failed to seal memfd.");
     unsafe { File::from_raw_fd(fd) }
 }
 
