€•8M      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ,/translations/zh_CN/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/zh_TW/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/it_IT/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/ja_JP/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/ko_KR/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/pt_BR/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/sp_SP/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1hµhhh²hh³ŒF/var/lib/git/docbuild/linux/Documentation/userspace-api/mfd_noexec.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ"Introduction of non-executable mfd”h]”hŒ"Introduction of non-executable mfd”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´KubhŒ
field_list”“”)”}”(hhh]”(hŒfield”“”)”}”(hhh]”(hŒ
field_name”“”)”}”(hŒAuthor”h]”hŒAuthor”…””}”(hhéh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hçhhäh³hÇh´K ubhŒ
field_body”“”)”}”(hŒEDaniel Verkamp <dverkamp@chromium.org>
Jeff Xu <jeffxu@chromium.org>
”h]”hŒ	paragraph”“”)”}”(hŒDDaniel Verkamp <dverkamp@chromium.org>
Jeff Xu <jeffxu@chromium.org>”h]”(hŒDaniel Verkamp <”…””}”(hhÿh²hh³Nh´NubhŒ	reference”“”)”}”(hŒdverkamp@chromium.org”h]”hŒdverkamp@chromium.org”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œmailto:dverkamp@chromium.org”uh1j  hhÿubhŒ>
Jeff Xu <”…””}”(hhÿh²hh³Nh´Nubj  )”}”(hŒjeffxu@chromium.org”h]”hŒjeffxu@chromium.org”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œmailto:jeffxu@chromium.org”uh1j  hhÿubhŒ>”…””}”(hhÿh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´Khhùubah}”(h]”h ]”h"]”h$]”h&]”uh1h÷hhäubeh}”(h]”h ]”h"]”h$]”h&]”uh1hâh³hÇh´Khhßh²hubhã)”}”(hhh]”(hè)”}”(hŒContributor”h]”hŒContributor”…””}”(hjF  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hçhjC  h³hÇh´K ubhø)”}”(hŒ!Aleksa Sarai <cyphar@cyphar.com>
”h]”hþ)”}”(hŒ Aleksa Sarai <cyphar@cyphar.com>”h]”(hŒAleksa Sarai <”…””}”(hjX  h²hh³Nh´Nubj  )”}”(hŒcyphar@cyphar.com”h]”hŒcyphar@cyphar.com”…””}”(hj`  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œmailto:cyphar@cyphar.com”uh1j  hjX  ubhŒ>”…””}”(hjX  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KhjT  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h÷hjC  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hâh³hÇh´K
hhßh²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝhhÊh²hh³hÇh´Kubhþ)”}”(hŒœSince Linux introduced the memfd feature, memfds have always had their
execute bit set, and the memfd_create() syscall doesn't allow setting
it differently.”h]”hŒžSince Linux introduced the memfd feature, memfds have always had their
execute bit set, and the memfd_create() syscall doesnâ€™t allow setting
it differently.”…””}”(hjŒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KhhÊh²hubhþ)”}”(hXÞ  However, in a secure-by-default system, such as ChromeOS, (where all
executables should come from the rootfs, which is protected by verified
boot), this executable nature of memfd opens a door for NoExec bypass
and enables â€œconfused deputy attackâ€.  E.g, in VRP bug [1]: cros_vm
process created a memfd to share the content with an external process,
however the memfd is overwritten and used for executing arbitrary code
and root escalation. [2] lists more VRP of this kind.”h]”hXÞ  However, in a secure-by-default system, such as ChromeOS, (where all
executables should come from the rootfs, which is protected by verified
boot), this executable nature of memfd opens a door for NoExec bypass
and enables â€œconfused deputy attackâ€.  E.g, in VRP bug [1]: cros_vm
process created a memfd to share the content with an external process,
however the memfd is overwritten and used for executing arbitrary code
and root escalation. [2] lists more VRP of this kind.”…””}”(hjš  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KhhÊh²hubhþ)”}”(hX
  On the other hand, executable memfd has its legit use: runc uses memfdâ€™s
seal and executable feature to copy the contents of the binary then
execute them. For such a system, we need a solution to differentiate runc's
use of executable memfds and an attacker's [3].”h]”hX  On the other hand, executable memfd has its legit use: runc uses memfdâ€™s
seal and executable feature to copy the contents of the binary then
execute them. For such a system, we need a solution to differentiate runcâ€™s
use of executable memfds and an attackerâ€™s [3].”…””}”(hj¨  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KhhÊh²hubhŒdefinition_list”“”)”}”(hhh]”hŒdefinition_list_item”“”)”}”(hŒûTo address those above:
- Let memfd_create() set X bit at creation time.
- Let memfd be sealed for modifying X bit when NX is set.
- Add a new pid namespace sysctl: vm.memfd_noexec to help applications in
  migrating and enforcing non-executable MFD.
”h]”(hŒterm”“”)”}”(hŒTo address those above:”h]”hŒTo address those above:”…””}”(hjÃ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÁ  h³hÇh´K"hj½  ubhŒ
definition”“”)”}”(hhh]”hŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ.Let memfd_create() set X bit at creation time.”h]”hþ)”}”(hjß  h]”hŒ.Let memfd_create() set X bit at creation time.”…””}”(hjá  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KhjÝ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÛ  hjØ  ubjÜ  )”}”(hŒ7Let memfd be sealed for modifying X bit when NX is set.”h]”hþ)”}”(hjö  h]”hŒ7Let memfd be sealed for modifying X bit when NX is set.”…””}”(hjø  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´K hjô  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÛ  hjØ  ubjÜ  )”}”(hŒtAdd a new pid namespace sysctl: vm.memfd_noexec to help applications in
migrating and enforcing non-executable MFD.
”h]”hþ)”}”(hŒsAdd a new pid namespace sysctl: vm.memfd_noexec to help applications in
migrating and enforcing non-executable MFD.”h]”hŒsAdd a new pid namespace sysctl: vm.memfd_noexec to help applications in
migrating and enforcing non-executable MFD.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´K!hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÛ  hjØ  ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1jÖ  h³hÇh´KhjÓ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÑ  hj½  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j»  h³hÇh´K"hj¸  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¶  hhÊh²hh³Nh´NubhÉ)”}”(hhh]”(hÎ)”}”(hŒUser API”h]”hŒUser API”…””}”(hj@  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj=  h²hh³hÇh´K%ubhþ)”}”(hŒ:``int memfd_create(const char *name, unsigned int flags)``”h]”hŒliteral”“”)”}”(hjP  h]”hŒ6int memfd_create(const char *name, unsigned int flags)”…””}”(hjT  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jR  hjN  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´K&hj=  h²hubj·  )”}”(hhh]”(j¼  )”}”(hX  ``MFD_NOEXEC_SEAL``
When MFD_NOEXEC_SEAL bit is set in the ``flags``, memfd is created
with NX. F_SEAL_EXEC is set and the memfd can't be modified to
add X later. MFD_ALLOW_SEALING is also implied.
This is the most common case for the application to use memfd.
”h]”(jÂ  )”}”(hŒ``MFD_NOEXEC_SEAL``”h]”jS  )”}”(hjp  h]”hŒMFD_NOEXEC_SEAL”…””}”(hjr  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jR  hjn  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÁ  h³hÇh´K,hjj  ubjÒ  )”}”(hhh]”hþ)”}”(hŒðWhen MFD_NOEXEC_SEAL bit is set in the ``flags``, memfd is created
with NX. F_SEAL_EXEC is set and the memfd can't be modified to
add X later. MFD_ALLOW_SEALING is also implied.
This is the most common case for the application to use memfd.”h]”(hŒ'When MFD_NOEXEC_SEAL bit is set in the ”…””}”(hjˆ  h²hh³Nh´NubjS  )”}”(hŒ	``flags``”h]”hŒflags”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jR  hjˆ  ubhŒÂ, memfd is created
with NX. F_SEAL_EXEC is set and the memfd canâ€™t be modified to
add X later. MFD_ALLOW_SEALING is also implied.
This is the most common case for the application to use memfd.”…””}”(hjˆ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´K)hj…  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÑ  hjj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j»  h³hÇh´K,hjg  ubj¼  )”}”(hŒQ``MFD_EXEC``
When MFD_EXEC bit is set in the ``flags``, memfd is created with X.
”h]”(jÂ  )”}”(hŒ``MFD_EXEC``”h]”jS  )”}”(hjº  h]”hŒMFD_EXEC”…””}”(hj¼  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jR  hj¸  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÁ  h³hÇh´K/hj´  ubjÒ  )”}”(hhh]”hþ)”}”(hŒCWhen MFD_EXEC bit is set in the ``flags``, memfd is created with X.”h]”(hŒ When MFD_EXEC bit is set in the ”…””}”(hjÒ  h²hh³Nh´NubjS  )”}”(hŒ	``flags``”h]”hŒflags”…””}”(hjÚ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jR  hjÒ  ubhŒ, memfd is created with X.”…””}”(hjÒ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´K/hjÏ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÑ  hj´  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j»  h³hÇh´K/hjg  h²hubj¼  )”}”(hŒ‹Note:
``MFD_NOEXEC_SEAL`` implies ``MFD_ALLOW_SEALING``. In case that
an app doesn't want sealing, it can add F_SEAL_SEAL after creation.

”h]”(jÂ  )”}”(hŒNote:”h]”hŒNote:”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÁ  h³hÇh´K4hjþ  ubjÒ  )”}”(hhh]”hþ)”}”(hŒƒ``MFD_NOEXEC_SEAL`` implies ``MFD_ALLOW_SEALING``. In case that
an app doesn't want sealing, it can add F_SEAL_SEAL after creation.”h]”(jS  )”}”(hŒ``MFD_NOEXEC_SEAL``”h]”hŒMFD_NOEXEC_SEAL”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jR  hj  ubhŒ	 implies ”…””}”(hj  h²hh³Nh´NubjS  )”}”(hŒ``MFD_ALLOW_SEALING``”h]”hŒMFD_ALLOW_SEALING”…””}”(hj)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jR  hj  ubhŒT. In case that
an app doesnâ€™t want sealing, it can add F_SEAL_SEAL after creation.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´K2hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÑ  hjþ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j»  h³hÇh´K4hjg  h²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¶  hj=  h²hh³hÇh´Nubeh}”(h]”Œuser-api”ah ]”h"]”Œuser api”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K%ubhÉ)”}”(hhh]”(hÎ)”}”(hŒSysctl:”h]”hŒSysctl:”…””}”(hj^  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj[  h²hh³hÇh´K7ubhþ)”}”(hŒ)``pid namespaced sysctl vm.memfd_noexec``”h]”jS  )”}”(hjn  h]”hŒ%pid namespaced sysctl vm.memfd_noexec”…””}”(hjp  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jR  hjl  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´K8hj[  h²hubhþ)”}”(hŒ;The new pid namespaced sysctl vm.memfd_noexec has 3 values:”h]”hŒ;The new pid namespaced sysctl vm.memfd_noexec has 3 values:”…””}”(hjƒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´K:hj[  h²hubhŒblock_quote”“”)”}”(hXn  - 0: MEMFD_NOEXEC_SCOPE_EXEC
       memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
       MFD_EXEC was set.

- 1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL
       memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
       MFD_NOEXEC_SEAL was set.

- 2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED
       memfd_create() without MFD_NOEXEC_SEAL will be rejected.
”h]”j×  )”}”(hhh]”(jÜ  )”}”(hŒu0: MEMFD_NOEXEC_SCOPE_EXEC
     memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
     MFD_EXEC was set.
”h]”j·  )”}”(hhh]”j¼  )”}”(hŒk0: MEMFD_NOEXEC_SCOPE_EXEC
memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_EXEC was set.
”h]”(jÂ  )”}”(hŒ0: MEMFD_NOEXEC_SCOPE_EXEC”h]”hŒ0: MEMFD_NOEXEC_SCOPE_EXEC”…””}”(hj¥  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÁ  h³hÇh´K>hj¡  ubjÒ  )”}”(hhh]”hþ)”}”(hŒOmemfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_EXEC was set.”h]”hŒOmemfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_EXEC was set.”…””}”(hj¶  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´K=hj³  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÑ  hj¡  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j»  h³hÇh´K>hjž  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¶  hjš  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÛ  hj—  ubjÜ  )”}”(hŒƒ1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL
     memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
     MFD_NOEXEC_SEAL was set.
”h]”j·  )”}”(hhh]”j¼  )”}”(hŒy1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL
memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_NOEXEC_SEAL was set.
”h]”(jÂ  )”}”(hŒ!1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL”h]”hŒ!1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL”…””}”(hjç  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÁ  h³hÇh´KBhjã  ubjÒ  )”}”(hhh]”hþ)”}”(hŒVmemfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_NOEXEC_SEAL was set.”h]”hŒVmemfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_NOEXEC_SEAL was set.”…””}”(hjø  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KAhjõ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÑ  hjã  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j»  h³hÇh´KBhjà  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¶  hjÜ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÛ  hj—  ubjÜ  )”}”(hŒd2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED
     memfd_create() without MFD_NOEXEC_SEAL will be rejected.
”h]”j·  )”}”(hhh]”j¼  )”}”(hŒ_2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED
memfd_create() without MFD_NOEXEC_SEAL will be rejected.
”h]”(jÂ  )”}”(hŒ%2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED”h]”hŒ%2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED”…””}”(hj)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÁ  h³hÇh´KEhj%  ubjÒ  )”}”(hhh]”hþ)”}”(hŒ8memfd_create() without MFD_NOEXEC_SEAL will be rejected.”h]”hŒ8memfd_create() without MFD_NOEXEC_SEAL will be rejected.”…””}”(hj:  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KEhj7  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÑ  hj%  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j»  h³hÇh´KEhj"  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¶  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÛ  hj—  ubeh}”(h]”h ]”h"]”h$]”h&]”j)  j*  uh1jÖ  h³hÇh´K<hj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j‘  h³hÇh´K<hj[  h²hubhþ)”}”(hX  The sysctl allows finer control of memfd_create for old software that
doesn't set the executable bit; for example, a container with
vm.memfd_noexec=1 means the old software will create non-executable memfd
by default while new software can create executable memfd by setting
MFD_EXEC.”h]”hX  The sysctl allows finer control of memfd_create for old software that
doesnâ€™t set the executable bit; for example, a container with
vm.memfd_noexec=1 means the old software will create non-executable memfd
by default while new software can create executable memfd by setting
MFD_EXEC.”…””}”(hjl  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KGhj[  h²hubhþ)”}”(hŒßThe value of vm.memfd_noexec is passed to child namespace at creation
time. In addition, the setting is hierarchical, i.e. during memfd_create,
we will search from current ns to root ns and use the most restrictive
setting.”h]”hŒßThe value of vm.memfd_noexec is passed to child namespace at creation
time. In addition, the setting is hierarchical, i.e. during memfd_create,
we will search from current ns to root ns and use the most restrictive
setting.”…””}”(hjz  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KMhj[  h²hubhþ)”}”(hŒ[1] https://crbug.com/1305267”h]”(hŒ[1] ”…””}”(hjˆ  h²hh³Nh´Nubj  )”}”(hŒhttps://crbug.com/1305267”h]”hŒhttps://crbug.com/1305267”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j’  uh1j  hjˆ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KRhj[  h²hubhþ)”}”(hŒe[2] https://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20memfd%20escalation&can=1”h]”(hŒ[2] ”…””}”(hj¥  h²hh³Nh´Nubj  )”}”(hŒahttps://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20memfd%20escalation&can=1”h]”hŒahttps://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20memfd%20escalation&can=1”…””}”(hj­  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j¯  uh1j  hj¥  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KThj[  h²hubhþ)”}”(hŒ$[3] https://lwn.net/Articles/781013/”h]”(hŒ[3] ”…””}”(hjÂ  h²hh³Nh´Nubj  )”}”(hŒ https://lwn.net/Articles/781013/”h]”hŒ https://lwn.net/Articles/781013/”…””}”(hjÊ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jÌ  uh1j  hjÂ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hýh³hÇh´KVhj[  h²hubeh}”(h]”Œsysctl”ah ]”h"]”Œsysctl:”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K7ubeh}”(h]”Œ"introduction-of-non-executable-mfd”ah ]”h"]”Œ"introduction of non-executable mfd”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jì  jé  jX  jU  jä  já  uŒ	nametypes”}”(jì  ‰jX  ‰jä  ‰uh}”(jé  hÊjU  j=  já  j[  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nh²hub.