shm: use MFD_NOEXEC_SEAL for shared memory

ref: https://lore.kernel.org/lkml/20221207154939.2532830-4-jeffxu@google.com/

The new MFD_NOEXEC_SEAL and MFD_EXEC flags allows application to
set executable bit at creation time (memfd_create).

When MFD_NOEXEC_SEAL is set, memfd is created without executable bit
(mode:0666), and sealed with F_SEAL_EXEC, so it can't be chmod to
be executable (mode: 0777) after creation.

when MFD_EXEC flag is set, memfd is created with executable bit
(mode:0777), this is the same as the old behavior of memfd_create.

Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>
Part-of: <https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/merge_requests/792>

2 files changed, 5 insertions, 1 deletions

diff --git a/src/pulsecore/memfd-wrappers.h b/src/pulsecore/memfd-wrappers.h
index c7aadfd3c..4708751ad 100644
--- a/src/pulsecore/memfd-wrappers.h
+++ b/src/pulsecore/memfd-wrappers.h
@@ -66,4 +66,8 @@ static inline int memfd_create(const char *name, unsigned int flags) {
 
 #endif /* HAVE_MEMFD && !HAVE_MEMFD_CREATE */
 
+#ifndef MFD_NOEXEC_SEAL
+#define MFD_NOEXEC_SEAL   0x0008U
+#endif
+
 #endif
diff --git a/src/pulsecore/shm.c b/src/pulsecore/shm.c
index ff54dcb59..4247b0921 100644
--- a/src/pulsecore/shm.c
+++ b/src/pulsecore/shm.c
@@ -164,7 +164,7 @@ static int sharedmem_create(pa_shm *m, pa_mem_type_t type, size_t size, mode_t m
 #endif
 #ifdef HAVE_MEMFD
     case PA_MEM_TYPE_SHARED_MEMFD:
-        fd = memfd_create("pulseaudio", MFD_ALLOW_SEALING|MFD_CLOEXEC);
+        fd = memfd_create("pulseaudio", MFD_ALLOW_SEALING|MFD_CLOEXEC|MFD_NOEXEC_SEAL);
         break;
 #endif
     default: