We need to map sealed files as MAP_PRIVATE so far as the kernel treats
MAP_SHARED as writable mapping (you can run mprotect(PROT_WRITE) at any
time on those). However, unsealed files must be mapped as MAP_SHARED.
Otherwise, we never end up writing to the real file.
if (sealed < 0)
return sealed;
- q = mmap(NULL, size, sealed ? PROT_READ : PROT_READ|PROT_WRITE, MAP_PRIVATE, m->fd, offset);
+ if (sealed)
+ q = mmap(NULL, size, PROT_READ, MAP_PRIVATE, m->fd, offset);
+ else
+ q = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, m->fd, offset);
+
if (q == MAP_FAILED)
return -errno;