#include <string.h>
+#include <fcntl.h>
+#include <sys/syscall.h>
+#include <unistd.h>
+
+#ifdef __linux__
+
+/* We want to support these features of Linux even when building GLib
+ * against older versions of system headers. This will allow us to
+ * 'automatically' start supporting a particular feature when GLib is
+ * used with a newer kernel, without recompile.
+ *
+ * This means that we're not changing functionality of GLib simply based
+ * on the set of headers we happen to compile against...
+ */
+
+#ifndef F_LINUX_SPECIFIC_BASE
+#define F_LINUX_SPECIFIC_BASE 1024
+#endif
+
+#ifndef F_ADD_SEALS
+#define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9)
+#define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10)
+
+#define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */
+#define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */
+#define F_SEAL_GROW 0x0004 /* prevent file from growing */
+#define F_SEAL_WRITE 0x0008 /* prevent writes */
+#endif
+
+#endif
+
/**
* SECTION:gunix
* @title: UNIX-specific utilities and integration
/**
* g_unix_open_pipe:
* @fds: Array of two integers
- * @flags: Bitfield of file descriptor flags, see "man 2 fcntl"
+ * @flags: Bitfield of file descriptor flags, as for fcntl()
* @error: a #GError
*
* Similar to the UNIX pipe() call, but on modern systems like Linux
* uses the pipe2() system call, which atomically creates a pipe with
- * the configured flags. The only supported flag currently is
- * <literal>FD_CLOEXEC</literal>. If for example you want to configure
- * <literal>O_NONBLOCK</literal>, that must still be done separately with
- * fcntl().
+ * the configured flags. The only supported flag currently is
+ * %FD_CLOEXEC. If for example you want to configure %O_NONBLOCK, that
+ * must still be done separately with fcntl().
*
- * <note>This function does *not* take <literal>O_CLOEXEC</literal>, it takes
- * <literal>FD_CLOEXEC</literal> as if for fcntl(); these are
- * different on Linux/glibc.</note>
+ * This function does not take %O_CLOEXEC, it takes %FD_CLOEXEC as if
+ * for fcntl(); these are different on Linux/glibc.
*
* Returns: %TRUE on success, %FALSE if not (and errno will be set).
*
* @error: a #GError
*
* Control the non-blocking state of the given file descriptor,
- * according to @nonblock. On most systems this uses <literal>O_NONBLOCK</literal>, but
- * on some older ones may use <literal>O_NDELAY</literal>.
+ * according to @nonblock. On most systems this uses %O_NONBLOCK, but
+ * on some older ones may use %O_NDELAY.
*
* Returns: %TRUE if successful
*
* @signum: A signal number
*
* Create a #GSource that will be dispatched upon delivery of the UNIX
- * signal @signum. In GLib versions before 2.36, only
- * <literal>SIGHUP</literal>, <literal>SIGINT</literal>,
- * <literal>SIGTERM</literal> can be monitored. In GLib 2.36,
- * <literal>SIGUSR1</literal> and <literal>SIGUSR2</literal> were
- * added.
+ * signal @signum. In GLib versions before 2.36, only `SIGHUP`, `SIGINT`,
+ * `SIGTERM` can be monitored. In GLib 2.36, `SIGUSR1` and `SIGUSR2`
+ * were added.
*
* Note that unlike the UNIX default, all sources which have created a
* watch will be dispatched, regardless of which underlying thread
* invoked g_unix_signal_source_new().
*
- * For example, an effective use of this function is to handle <literal>SIGTERM</literal>
+ * For example, an effective use of this function is to handle `SIGTERM`
* cleanly; flushing any outstanding files, and then calling
* g_main_loop_quit (). It is not safe to do any of this a regular
* UNIX signal handler; your handler may be invoked while malloc() or
{
return g_unix_fd_add_full (G_PRIORITY_DEFAULT, fd, condition, function, user_data, NULL);
}
+
+/**
+ * g_unix_fd_ensure_zero_copy_safe:
+ * @fd: a file descriptor
+ *
+ * Checks whether @fd can be use in zero-copy mode. On Linux, this checks that
+ * the descriptor is a memfd, created with memfd_create(), and tries to apply
+ * seals to it so that it can be safely consumed by another process. On other
+ * Unix systems, this function will fail.
+ *
+ * Returns: whether the fd is safe to use in zero-copy mode. Sealing of memfds
+ * is required for the @fd to be considered safe. If sealing fails, or
+ * memfds are not available, or the @fd is not a memfd, returns %FALSE
+ *
+ * Since: 2.44
+ **/
+gboolean
+g_unix_fd_ensure_zero_copy_safe (gint fd)
+{
+#ifdef F_GET_SEALS
+ gint seals;
+ const gint IMMUTABLE_SEALS = F_SEAL_WRITE |
+ F_SEAL_SHRINK |
+ F_SEAL_GROW |
+ F_SEAL_SEAL;
+
+ g_return_val_if_fail (fd >= 0, FALSE);
+
+ /* Seal the fd if possible (only on Linux 3.17+, and if the fd was created
+ * with memfd_create()). */
+ seals = fcntl (fd, F_GET_SEALS);
+ if (seals == -1)
+ {
+ g_debug ("Retrieving fd seals failed: %s", g_strerror (errno));
+ return FALSE;
+ }
+
+ /* Seal the fd, if it is not already. */
+ if ((seals & (IMMUTABLE_SEALS)) >= IMMUTABLE_SEALS)
+ {
+ g_debug ("%s", "fd already sealed");
+ }
+ else
+ {
+ gint error;
+
+ error = fcntl (fd, F_ADD_SEALS, IMMUTABLE_SEALS);
+ if (error == -1)
+ {
+ g_debug ("fd sealing failed: %s", g_strerror (errno));
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+#else
+ return FALSE;
+#endif
+}