1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef LINUX_PID_SYSCTL_H
3 #define LINUX_PID_SYSCTL_H
5 #include <linux/pid_namespace.h>
7 #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
8 static inline void initialize_memfd_noexec_scope(struct pid_namespace *ns)
10 ns->memfd_noexec_scope =
11 task_active_pid_ns(current)->memfd_noexec_scope;
14 static int pid_mfd_noexec_dointvec_minmax(struct ctl_table *table,
15 int write, void *buf, size_t *lenp, loff_t *ppos)
17 struct pid_namespace *ns = task_active_pid_ns(current);
18 struct ctl_table table_copy;
20 if (write && !ns_capable(ns->user_ns, CAP_SYS_ADMIN))
24 if (ns != &init_pid_ns)
25 table_copy.data = &ns->memfd_noexec_scope;
28 * set minimum to current value, the effect is only bigger
31 if (*(int *)table_copy.data > *(int *)table_copy.extra1)
32 table_copy.extra1 = table_copy.data;
34 return proc_dointvec_minmax(&table_copy, write, buf, lenp, ppos);
37 static struct ctl_table pid_ns_ctl_table_vm[] = {
39 .procname = "memfd_noexec",
40 .data = &init_pid_ns.memfd_noexec_scope,
41 .maxlen = sizeof(init_pid_ns.memfd_noexec_scope),
43 .proc_handler = pid_mfd_noexec_dointvec_minmax,
44 .extra1 = SYSCTL_ZERO,
49 static inline void register_pid_ns_sysctl_table_vm(void)
51 register_sysctl("vm", pid_ns_ctl_table_vm);
54 static inline void initialize_memfd_noexec_scope(struct pid_namespace *ns) {}
55 static inline void set_memfd_noexec_scope(struct pid_namespace *ns) {}
56 static inline void register_pid_ns_sysctl_table_vm(void) {}
59 #endif /* LINUX_PID_SYSCTL_H */
projects / linux.git / blob