diff --git a/src/basic/memfd-util.c b/src/basic/memfd-util.c index 92b84f95a6..0ae9a4f777 100644 --- a/src/basic/memfd-util.c +++ b/src/basic/memfd-util.c @@ -177,6 +177,9 @@ int memfd_new_and_seal(const char *name, const void *data, size_t sz) { assert(data || sz == 0); + if (sz == SIZE_MAX) + sz = strlen(data); + fd = memfd_new(name); if (fd < 0) return fd; diff --git a/src/basic/memfd-util.h b/src/basic/memfd-util.h index 9b2103e0ce..020dccb4f6 100644 --- a/src/basic/memfd-util.h +++ b/src/basic/memfd-util.h @@ -11,6 +11,9 @@ int memfd_create_wrapper(const char *name, unsigned mode); int memfd_new(const char *name); int memfd_new_and_map(const char *name, size_t sz, void **p); int memfd_new_and_seal(const char *name, const void *data, size_t sz); +static inline int memfd_new_and_seal_string(const char *name, const char *s) { + return memfd_new_and_seal(name, s, SIZE_MAX); +} int memfd_add_seals(int fd, unsigned int seals); int memfd_get_seals(int fd, unsigned int *ret_seals); diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 20b05446b6..4e9ea8ac27 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -14,7 +14,6 @@ #include "bus-util.h" #include "chase.h" #include "confidential-virt.h" -#include "data-fd-util.h" #include "dbus-cgroup.h" #include "dbus-execute.h" #include "dbus-job.h" @@ -33,6 +32,7 @@ #include "locale-util.h" #include "log.h" #include "manager-dump.h" +#include "memfd-util.h" #include "os-util.h" #include "parse-util.h" #include "path-util.h" @@ -1447,7 +1447,7 @@ static int method_dump(sd_bus_message *message, void *userdata, sd_bus_error *er static int reply_dump_by_fd(sd_bus_message *message, char *dump) { _cleanup_close_ int fd = -EBADF; - fd = acquire_data_fd(dump); + fd = memfd_new_and_seal_string("dump", dump); if (fd < 0) return fd; diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 142c539d45..ff616813f6 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -31,7 +31,6 @@ #include "chattr-util.h" #include "chown-recursive.h" #include "copy.h" -#include "data-fd-util.h" #include "env-util.h" #include "escape.h" #include "exec-credential.h" @@ -44,6 +43,7 @@ #include "io-util.h" #include "iovec-util.h" #include "journal-send.h" +#include "memfd-util.h" #include "missing_ioprio.h" #include "missing_prctl.h" #include "missing_sched.h" @@ -406,7 +406,7 @@ static int setup_input( case EXEC_INPUT_DATA: { int fd; - fd = acquire_data_fd_full(context->stdin_data, context->stdin_data_size, /* flags = */ 0); + fd = memfd_new_and_seal("exec-input", context->stdin_data, context->stdin_data_size); if (fd < 0) return fd; diff --git a/src/home/homed-home.c b/src/home/homed-home.c index 32691e4f81..751b197be8 100644 --- a/src/home/homed-home.c +++ b/src/home/homed-home.c @@ -13,7 +13,6 @@ #include "build-path.h" #include "bus-common-errors.h" #include "bus-locator.h" -#include "data-fd-util.h" #include "env-util.h" #include "errno-list.h" #include "errno-util.h" @@ -1266,7 +1265,7 @@ static int home_start_work( if (r < 0) return r; - stdin_fd = acquire_data_fd(formatted); + stdin_fd = memfd_new_and_seal_string("request", formatted); if (stdin_fd < 0) return stdin_fd; diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c index edc9a4b274..f665c75d7f 100644 --- a/src/home/homework-cifs.c +++ b/src/home/homework-cifs.c @@ -5,7 +5,6 @@ #include #endif -#include "data-fd-util.h" #include "dirent-util.h" #include "fd-util.h" #include "fileio.h" @@ -13,6 +12,7 @@ #include "fs-util.h" #include "homework-cifs.h" #include "homework-mount.h" +#include "memfd-util.h" #include "mkdir.h" #include "mount-util.h" #include "process-util.h" @@ -76,7 +76,7 @@ int home_setup_cifs( pid_t mount_pid; int exit_status; - passwd_fd = acquire_data_fd(*pw); + passwd_fd = memfd_new_and_seal_string("cifspw", *pw); if (passwd_fd < 0) return log_error_errno(passwd_fd, "Failed to create data FD for password: %m"); diff --git a/src/network/networkd-serialize.c b/src/network/networkd-serialize.c index 26a38bd4dd..6e9536e182 100644 --- a/src/network/networkd-serialize.c +++ b/src/network/networkd-serialize.c @@ -2,11 +2,11 @@ #include "af-list.h" #include "daemon-util.h" -#include "data-fd-util.h" #include "fd-util.h" #include "fileio.h" #include "iovec-util.h" #include "json-util.h" +#include "memfd-util.h" #include "networkd-address.h" #include "networkd-json.h" #include "networkd-link.h" @@ -69,7 +69,7 @@ int manager_serialize(Manager *manager) { return r; _cleanup_close_ int fd = -EBADF; - fd = acquire_data_fd(dump); + fd = memfd_new_and_seal_string("serialization", dump); if (fd < 0) return fd; diff --git a/src/oom/oomd-manager-bus.c b/src/oom/oomd-manager-bus.c index 7d2edb5561..77bd31e4e7 100644 --- a/src/oom/oomd-manager-bus.c +++ b/src/oom/oomd-manager-bus.c @@ -4,8 +4,8 @@ #include "bus-common-errors.h" #include "bus-polkit.h" -#include "data-fd-util.h" #include "fd-util.h" +#include "memfd-util.h" #include "oomd-manager-bus.h" #include "oomd-manager.h" #include "user-util.h" @@ -22,7 +22,7 @@ static int bus_method_dump_by_fd(sd_bus_message *message, void *userdata, sd_bus if (r < 0) return r; - fd = acquire_data_fd(dump); + fd = memfd_new_and_seal_string("oomd-dump", dump); if (fd < 0) return fd; diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c index 8313dfdd14..bfb1f52c7f 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -21,10 +21,10 @@ #include "capsule-util.h" #include "chase.h" #include "daemon-util.h" -#include "data-fd-util.h" #include "env-util.h" #include "fd-util.h" #include "format-util.h" +#include "memfd-util.h" #include "memstream-util.h" #include "path-util.h" #include "socket-util.h" @@ -803,7 +803,7 @@ static int method_dump_memory_state_by_fd(sd_bus_message *message, void *userdat if (r < 0) return r; - fd = acquire_data_fd_full(dump, dump_size, /* flags = */ 0); + fd = memfd_new_and_seal("malloc-info", dump, dump_size); if (fd < 0) return fd; diff --git a/src/shared/data-fd-util.c b/src/shared/data-fd-util.c index adc7d7417e..b948ab6cc4 100644 --- a/src/shared/data-fd-util.c +++ b/src/shared/data-fd-util.c @@ -19,137 +19,12 @@ #include "missing_syscall.h" #include "tmpfile-util.h" -/* When the data is smaller or equal to 64K, try to place the copy in a memfd/pipe */ +/* When the data is smaller or equal to 64K, try to place the copy in a memfd */ #define DATA_FD_MEMORY_LIMIT (64U * U64_KB) -/* If memfd/pipe didn't work out, then let's use a file in /tmp up to a size of 1M. If it's large than that use /var/tmp instead. */ +/* If memfd didn't work out, then let's use a file in /tmp up to a size of 1M. If it's large than that use /var/tmp/ instead. */ #define DATA_FD_TMP_LIMIT (1U * U64_MB) -int acquire_data_fd_full(const void *data, size_t size, DataFDFlags flags) { - _cleanup_close_ int fd = -EBADF; - ssize_t n; - int r; - - assert(data || size == 0); - - /* Acquire a read-only file descriptor that when read from returns the specified data. This is much more - * complex than I wish it was. But here's why: - * - * a) First we try to use memfds. They are the best option, as we can seal them nicely to make them - * read-only. Unfortunately they require kernel 3.17, and – at the time of writing – we still support 3.14. - * - * b) Then, we try classic pipes. They are the second best options, as we can close the writing side, retaining - * a nicely read-only fd in the reading side. However, they are by default quite small, and unprivileged - * clients can only bump their size to a system-wide limit, which might be quite low. - * - * c) Then, we try an O_TMPFILE file in /dev/shm (that dir is the only suitable one known to exist from - * earliest boot on). To make it read-only we open the fd a second time with O_RDONLY via - * /proc/self/. Unfortunately O_TMPFILE is not available on older kernels on tmpfs. - * - * d) Finally, we try creating a regular file in /dev/shm, which we then delete. - * - * It sucks a bit that depending on the situation we return very different objects here, but that's Linux I - * figure. */ - - if (size == SIZE_MAX) - size = strlen(data); - - if (size == 0 && !FLAGS_SET(flags, ACQUIRE_NO_DEV_NULL)) - /* As a special case, return /dev/null if we have been called for an empty data block */ - return RET_NERRNO(open("/dev/null", O_RDONLY|O_CLOEXEC|O_NOCTTY)); - - if (!FLAGS_SET(flags, ACQUIRE_NO_MEMFD)) { - fd = memfd_new_and_seal("data-fd", data, size); - if (fd < 0 && !ERRNO_IS_NOT_SUPPORTED(fd)) - return fd; - if (fd >= 0) - return TAKE_FD(fd); - } - - if (!FLAGS_SET(flags, ACQUIRE_NO_PIPE)) { - _cleanup_close_pair_ int pipefds[2] = EBADF_PAIR; - int isz; - - if (pipe2(pipefds, O_CLOEXEC|O_NONBLOCK) < 0) - return -errno; - - isz = fcntl(pipefds[1], F_GETPIPE_SZ, 0); - if (isz < 0) - return -errno; - - if ((size_t) isz < size) { - isz = (int) size; - if (isz < 0 || (size_t) isz != size) - return -E2BIG; - - /* Try to bump the pipe size */ - (void) fcntl(pipefds[1], F_SETPIPE_SZ, isz); - - /* See if that worked */ - isz = fcntl(pipefds[1], F_GETPIPE_SZ, 0); - if (isz < 0) - return -errno; - - if ((size_t) isz < size) - goto try_dev_shm; - } - - n = write(pipefds[1], data, size); - if (n < 0) - return -errno; - if ((size_t) n != size) - return -EIO; - - (void) fd_nonblock(pipefds[0], false); - - return TAKE_FD(pipefds[0]); - } - -try_dev_shm: - if (!FLAGS_SET(flags, ACQUIRE_NO_TMPFILE)) { - fd = open("/dev/shm", O_RDWR|O_TMPFILE|O_CLOEXEC, 0500); - if (fd < 0) - goto try_dev_shm_without_o_tmpfile; - - n = write(fd, data, size); - if (n < 0) - return -errno; - if ((size_t) n != size) - return -EIO; - - /* Let's reopen the thing, in order to get an O_RDONLY fd for the original O_RDWR one */ - return fd_reopen(fd, O_RDONLY|O_CLOEXEC); - } - -try_dev_shm_without_o_tmpfile: - if (!FLAGS_SET(flags, ACQUIRE_NO_REGULAR)) { - char pattern[] = "/dev/shm/data-fd-XXXXXX"; - - fd = mkostemp_safe(pattern); - if (fd < 0) - return fd; - - n = write(fd, data, size); - if (n < 0) { - r = -errno; - goto unlink_and_return; - } - if ((size_t) n != size) { - r = -EIO; - goto unlink_and_return; - } - - /* Let's reopen the thing, in order to get an O_RDONLY fd for the original O_RDWR one */ - r = fd_reopen(fd, O_RDONLY|O_CLOEXEC); - - unlink_and_return: - (void) unlink(pattern); - return r; - } - - return -EOPNOTSUPP; -} - int copy_data_fd(int fd) { _cleanup_close_ int copy_fd = -EBADF, tmp_fd = -EBADF; _cleanup_free_ void *remains = NULL; @@ -158,11 +33,11 @@ int copy_data_fd(int fd) { struct stat st; int r; - /* Creates a 'data' fd from the specified source fd, containing all the same data in a read-only fashion, but - * independent of it (i.e. the source fd can be closed and unmounted after this call succeeded). Tries to be - * somewhat smart about where to place the data. In the best case uses a memfd(). If memfd() are not supported - * uses a pipe instead. For larger data will use an unlinked file in /tmp, and for even larger data one in - * /var/tmp. */ + /* Creates a 'data' fd from the specified source fd, containing all the same data in a read-only + * fashion, but independent of it (i.e. the source fd can be closed and unmounted after this call + * succeeded). Tries to be somewhat smart about where to place the data. In the best case uses a + * memfd(). For larger data will use an unlinked file in /tmp/, and for even larger data one in + * /var/tmp/. */ if (fstat(fd, &st) < 0) return -errno; @@ -175,96 +50,49 @@ int copy_data_fd(int fd) { if (!S_ISREG(st.st_mode) && !S_ISSOCK(st.st_mode) && !S_ISFIFO(st.st_mode) && !S_ISCHR(st.st_mode)) return -EBADFD; - /* If we have reason to believe the data is bounded in size, then let's use memfds or pipes as backing fd. Note - * that we use the reported regular file size only as a hint, given that there are plenty special files in - * /proc and /sys which report a zero file size but can be read from. */ + /* If we have reason to believe the data is bounded in size, then let's use memfds as backing + * fd. Note that we use the reported regular file size only as a hint, given that there are plenty + * special files in /proc/ and /sys/ which report a zero file size but can be read from. */ if (!S_ISREG(st.st_mode) || (uint64_t) st.st_size < DATA_FD_MEMORY_LIMIT) { /* Try a memfd first */ copy_fd = memfd_new("data-fd"); - if (copy_fd >= 0) { - off_t f; + if (copy_fd < 0) + return copy_fd; - r = copy_bytes(fd, copy_fd, DATA_FD_MEMORY_LIMIT, 0); + r = copy_bytes(fd, copy_fd, DATA_FD_MEMORY_LIMIT, COPY_REFLINK); + if (r < 0) + return r; + + off_t f = lseek(copy_fd, 0, SEEK_SET); + if (f < 0) + return -errno; + if (f != 0) + return -EIO; + + if (r == 0) { + /* Did it fit into the limit? If so, we are done. */ + r = memfd_set_sealed(copy_fd); if (r < 0) return r; - f = lseek(copy_fd, 0, SEEK_SET); - if (f != 0) - return -errno; - - if (r == 0) { - /* Did it fit into the limit? If so, we are done. */ - r = memfd_set_sealed(copy_fd); - if (r < 0) - return r; - - return TAKE_FD(copy_fd); - } - - /* Hmm, pity, this didn't fit. Let's fall back to /tmp then, see below */ - - } else { - _cleanup_close_pair_ int pipefds[2] = EBADF_PAIR; - int isz; - - /* If memfds aren't available, use a pipe. Set O_NONBLOCK so that we will get EAGAIN rather - * then block indefinitely when we hit the pipe size limit */ - - if (pipe2(pipefds, O_CLOEXEC|O_NONBLOCK) < 0) - return -errno; - - isz = fcntl(pipefds[1], F_GETPIPE_SZ, 0); - if (isz < 0) - return -errno; - - /* Try to enlarge the pipe size if necessary */ - if ((size_t) isz < DATA_FD_MEMORY_LIMIT) { - - (void) fcntl(pipefds[1], F_SETPIPE_SZ, DATA_FD_MEMORY_LIMIT); - - isz = fcntl(pipefds[1], F_GETPIPE_SZ, 0); - if (isz < 0) - return -errno; - } - - if ((size_t) isz >= DATA_FD_MEMORY_LIMIT) { - - r = copy_bytes_full(fd, pipefds[1], DATA_FD_MEMORY_LIMIT, 0, &remains, &remains_size, NULL, NULL); - if (r < 0 && r != -EAGAIN) - return r; /* If we get EAGAIN it could be because of the source or because of - * the destination fd, we can't know, as sendfile() and friends won't - * tell us. Hence, treat this as reason to fall back, just to be - * sure. */ - if (r == 0) { - /* Everything fit in, yay! */ - (void) fd_nonblock(pipefds[0], false); - - return TAKE_FD(pipefds[0]); - } - - /* Things didn't fit in. But we read data into the pipe, let's remember that, so that - * when writing the new file we incorporate this first. */ - copy_fd = TAKE_FD(pipefds[0]); - } + return TAKE_FD(copy_fd); } } /* If we have reason to believe this will fit fine in /tmp, then use that as first fallback. */ if ((!S_ISREG(st.st_mode) || (uint64_t) st.st_size < DATA_FD_TMP_LIMIT) && (DATA_FD_MEMORY_LIMIT + remains_size) < DATA_FD_TMP_LIMIT) { - off_t f; - tmp_fd = open_tmpfile_unlinkable(NULL /* NULL as directory means /tmp */, O_RDWR|O_CLOEXEC); if (tmp_fd < 0) return tmp_fd; if (copy_fd >= 0) { - /* If we tried a memfd/pipe first and it ended up being too large, then copy this into the + /* If we tried a memfd first and it ended up being too large, then copy this into the * temporary file first. */ - r = copy_bytes(copy_fd, tmp_fd, UINT64_MAX, 0); + r = copy_bytes(copy_fd, tmp_fd, UINT64_MAX, COPY_REFLINK); if (r < 0) return r; @@ -287,9 +115,11 @@ int copy_data_fd(int fd) { goto finish; /* Yay, it fit in */ /* It didn't fit in. Let's not forget to use what we already used */ - f = lseek(tmp_fd, 0, SEEK_SET); - if (f != 0) + off_t f = lseek(tmp_fd, 0, SEEK_SET); + if (f < 0) return -errno; + if (f != 0) + return -EIO; close_and_replace(copy_fd, tmp_fd); @@ -297,7 +127,7 @@ int copy_data_fd(int fd) { remains_size = 0; } - /* As last fallback use /var/tmp */ + /* As last fallback use /var/tmp/ */ r = var_tmp_dir(&td); if (r < 0) return r; @@ -307,7 +137,7 @@ int copy_data_fd(int fd) { return tmp_fd; if (copy_fd >= 0) { - /* If we tried a memfd/pipe first, or a file in /tmp, and it ended up being too large, than copy this + /* If we tried a memfd first, or a file in /tmp/, and it ended up being too large, than copy this * into the temporary file first. */ r = copy_bytes(copy_fd, tmp_fd, UINT64_MAX, COPY_REFLINK); if (r < 0) diff --git a/src/shared/data-fd-util.h b/src/shared/data-fd-util.h index d77e09fb06..db03fba251 100644 --- a/src/shared/data-fd-util.h +++ b/src/shared/data-fd-util.h @@ -4,18 +4,5 @@ #include #include -typedef enum DataFDFlags { - ACQUIRE_NO_DEV_NULL = 1 << 0, - ACQUIRE_NO_MEMFD = 1 << 1, - ACQUIRE_NO_PIPE = 1 << 2, - ACQUIRE_NO_TMPFILE = 1 << 3, - ACQUIRE_NO_REGULAR = 1 << 4, -} DataFDFlags; - -int acquire_data_fd_full(const void *data, size_t size, DataFDFlags flags); -static inline int acquire_data_fd(const void *data) { - return acquire_data_fd_full(data, SIZE_MAX, 0); -} - int copy_data_fd(int fd); int memfd_clone_fd(int fd, const char *name, int mode); diff --git a/src/test/test-data-fd-util.c b/src/test/test-data-fd-util.c index 4abd7a6519..bdbceee171 100644 --- a/src/test/test-data-fd-util.c +++ b/src/test/test-data-fd-util.c @@ -7,57 +7,11 @@ #include "data-fd-util.h" #include "fd-util.h" +#include "memfd-util.h" #include "memory-util.h" #include "process-util.h" -#include "tests.h" #include "random-util.h" - -static void test_acquire_data_fd_one(unsigned flags) { - char wbuffer[196*1024 - 7]; - char rbuffer[sizeof(wbuffer)]; - int fd; - - fd = acquire_data_fd_full("foo", 3, flags); - assert_se(fd >= 0); - - zero(rbuffer); - assert_se(read(fd, rbuffer, sizeof(rbuffer)) == 3); - ASSERT_STREQ(rbuffer, "foo"); - - fd = safe_close(fd); - - fd = acquire_data_fd_full("", SIZE_MAX, flags); - assert_se(fd >= 0); - - zero(rbuffer); - assert_se(read(fd, rbuffer, sizeof(rbuffer)) == 0); - ASSERT_STREQ(rbuffer, ""); - - fd = safe_close(fd); - - random_bytes(wbuffer, sizeof(wbuffer)); - - fd = acquire_data_fd_full(wbuffer, sizeof(wbuffer), flags); - assert_se(fd >= 0); - - zero(rbuffer); - assert_se(read(fd, rbuffer, sizeof(rbuffer)) == sizeof(rbuffer)); - assert_se(memcmp(rbuffer, wbuffer, sizeof(rbuffer)) == 0); - - fd = safe_close(fd); -} - -TEST(acquire_data_fd) { - test_acquire_data_fd_one(0); - test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL); - test_acquire_data_fd_one(ACQUIRE_NO_MEMFD); - test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL|ACQUIRE_NO_MEMFD); - test_acquire_data_fd_one(ACQUIRE_NO_PIPE); - test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL|ACQUIRE_NO_PIPE); - test_acquire_data_fd_one(ACQUIRE_NO_MEMFD|ACQUIRE_NO_PIPE); - test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL|ACQUIRE_NO_MEMFD|ACQUIRE_NO_PIPE); - test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL|ACQUIRE_NO_MEMFD|ACQUIRE_NO_PIPE|ACQUIRE_NO_TMPFILE); -} +#include "tests.h" static void assert_equal_fd(int fd1, int fd2) { for (;;) { @@ -98,14 +52,14 @@ TEST(copy_data_fd) { fd1 = safe_close(fd1); fd2 = safe_close(fd2); - fd1 = acquire_data_fd("hallo"); + fd1 = memfd_new_and_seal_string("data", "hallo"); assert_se(fd1 >= 0); fd2 = copy_data_fd(fd1); assert_se(fd2 >= 0); safe_close(fd1); - fd1 = acquire_data_fd("hallo"); + fd1 = memfd_new_and_seal_string("data", "hallo"); assert_se(fd1 >= 0); assert_equal_fd(fd1, fd2); diff --git a/src/test/test-fd-util.c b/src/test/test-fd-util.c index a359efa052..a0d0bc731a 100644 --- a/src/test/test-fd-util.c +++ b/src/test/test-fd-util.c @@ -6,11 +6,11 @@ #include #include "alloc-util.h" -#include "data-fd-util.h" #include "fd-util.h" #include "fileio.h" #include "fs-util.h" #include "macro.h" +#include "memfd-util.h" #include "memory-util.h" #include "missing_syscall.h" #include "mkdir.h" @@ -203,7 +203,7 @@ TEST(rearrange_stdio) { assert_se(pipe_read_fd >= 3); assert_se(open("/dev/full", O_WRONLY|O_CLOEXEC) == 0); - assert_se(acquire_data_fd("foobar") == 2); + assert_se(memfd_new_and_seal_string("data", "foobar") == 2); assert_se(rearrange_stdio(2, 0, 1) >= 0); diff --git a/src/test/test-varlink.c b/src/test/test-varlink.c index bd1d940585..fe54ec08a5 100644 --- a/src/test/test-varlink.c +++ b/src/test/test-varlink.c @@ -8,9 +8,9 @@ #include "sd-json.h" #include "sd-varlink.h" -#include "data-fd-util.h" #include "fd-util.h" #include "json-util.h" +#include "memfd-util.h" #include "rm-rf.h" #include "strv.h" #include "tests.h" @@ -134,8 +134,8 @@ static int method_passfd(sd_varlink *link, sd_json_variant *parameters, sd_varli test_fd(yy, "bar", 3); test_fd(zz, "quux", 4); - _cleanup_close_ int vv = acquire_data_fd("miau"); - _cleanup_close_ int ww = acquire_data_fd("wuff"); + _cleanup_close_ int vv = memfd_new_and_seal_string("data", "miau"); + _cleanup_close_ int ww = memfd_new_and_seal_string("data", "wuff"); assert_se(vv >= 0); assert_se(ww >= 0); @@ -284,9 +284,9 @@ static void *thread(void *arg) { assert_se(sd_json_variant_integer(sd_json_variant_by_key(o, "sum")) == 88 + 99); assert_se(!e); - int fd1 = acquire_data_fd("foo"); - int fd2 = acquire_data_fd("bar"); - int fd3 = acquire_data_fd("quux"); + int fd1 = memfd_new_and_seal_string("data", "foo"); + int fd2 = memfd_new_and_seal_string("data", "bar"); + int fd3 = memfd_new_and_seal_string("data", "quux"); assert_se(fd1 >= 0); assert_se(fd2 >= 0);