€•<L      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ,/translations/zh_CN/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/zh_TW/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/it_IT/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/ja_JP/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/ko_KR/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/sp_SP/userspace-api/mfd_noexec”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1h¡hhhžhhŸŒF/var/lib/git/docbuild/linux/Documentation/userspace-api/mfd_noexec.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ"Introduction of non-executable mfd”h]”hŒ"Introduction of non-executable mfd”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h KubhŒ
field_list”“”)”}”(hhh]”(hŒfield”“”)”}”(hhh]”(hŒ
field_name”“”)”}”(hŒAuthor”h]”hŒAuthor”…””}”(hhÕhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÓhhÐhŸh³h K ubhŒ
field_body”“”)”}”(hŒEDaniel Verkamp <dverkamp@chromium.org>
Jeff Xu <jeffxu@chromium.org>
”h]”hŒ	paragraph”“”)”}”(hŒDDaniel Verkamp <dverkamp@chromium.org>
Jeff Xu <jeffxu@chromium.org>”h]”(hŒDaniel Verkamp <”…””}”(hhëhžhhŸNh NubhŒ	reference”“”)”}”(hŒdverkamp@chromium.org”h]”hŒdverkamp@chromium.org”…””}”(hhõhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œmailto:dverkamp@chromium.org”uh1hóhhëubhŒ>
Jeff Xu <”…””}”(hhëhžhhŸNh Nubhô)”}”(hŒjeffxu@chromium.org”h]”hŒjeffxu@chromium.org”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œmailto:jeffxu@chromium.org”uh1hóhhëubhŒ>”…””}”(hhëhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h Khhåubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhhÐubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÎhŸh³h KhhËhžhubhÏ)”}”(hhh]”(hÔ)”}”(hŒContributor”h]”hŒContributor”…””}”(hj2  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÓhj/  hŸh³h K ubhä)”}”(hŒ!Aleksa Sarai <cyphar@cyphar.com>
”h]”hê)”}”(hŒ Aleksa Sarai <cyphar@cyphar.com>”h]”(hŒAleksa Sarai <”…””}”(hjD  hžhhŸNh Nubhô)”}”(hŒcyphar@cyphar.com”h]”hŒcyphar@cyphar.com”…””}”(hjL  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œmailto:cyphar@cyphar.com”uh1hóhjD  ubhŒ>”…””}”(hjD  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h Khj@  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj/  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÎhŸh³h K
hhËhžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhh¶hžhhŸh³h Kubhê)”}”(hŒœSince Linux introduced the memfd feature, memfds have always had their
execute bit set, and the memfd_create() syscall doesn't allow setting
it differently.”h]”hŒžSince Linux introduced the memfd feature, memfds have always had their
execute bit set, and the memfd_create() syscall doesnâ€™t allow setting
it differently.”…””}”(hjx  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h Khh¶hžhubhê)”}”(hXÞ  However, in a secure-by-default system, such as ChromeOS, (where all
executables should come from the rootfs, which is protected by verified
boot), this executable nature of memfd opens a door for NoExec bypass
and enables â€œconfused deputy attackâ€.  E.g, in VRP bug [1]: cros_vm
process created a memfd to share the content with an external process,
however the memfd is overwritten and used for executing arbitrary code
and root escalation. [2] lists more VRP of this kind.”h]”hXÞ  However, in a secure-by-default system, such as ChromeOS, (where all
executables should come from the rootfs, which is protected by verified
boot), this executable nature of memfd opens a door for NoExec bypass
and enables â€œconfused deputy attackâ€.  E.g, in VRP bug [1]: cros_vm
process created a memfd to share the content with an external process,
however the memfd is overwritten and used for executing arbitrary code
and root escalation. [2] lists more VRP of this kind.”…””}”(hj†  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h Khh¶hžhubhê)”}”(hX
  On the other hand, executable memfd has its legit use: runc uses memfdâ€™s
seal and executable feature to copy the contents of the binary then
execute them. For such a system, we need a solution to differentiate runc's
use of executable memfds and an attacker's [3].”h]”hX  On the other hand, executable memfd has its legit use: runc uses memfdâ€™s
seal and executable feature to copy the contents of the binary then
execute them. For such a system, we need a solution to differentiate runcâ€™s
use of executable memfds and an attackerâ€™s [3].”…””}”(hj”  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h Khh¶hžhubhŒdefinition_list”“”)”}”(hhh]”hŒdefinition_list_item”“”)”}”(hŒûTo address those above:
- Let memfd_create() set X bit at creation time.
- Let memfd be sealed for modifying X bit when NX is set.
- Add a new pid namespace sysctl: vm.memfd_noexec to help applications in
  migrating and enforcing non-executable MFD.
”h]”(hŒterm”“”)”}”(hŒTo address those above:”h]”hŒTo address those above:”…””}”(hj¯  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j­  hŸh³h K"hj©  ubhŒ
definition”“”)”}”(hhh]”hŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ.Let memfd_create() set X bit at creation time.”h]”hê)”}”(hjË  h]”hŒ.Let memfd_create() set X bit at creation time.”…””}”(hjÍ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h KhjÉ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÇ  hjÄ  ubjÈ  )”}”(hŒ7Let memfd be sealed for modifying X bit when NX is set.”h]”hê)”}”(hjâ  h]”hŒ7Let memfd be sealed for modifying X bit when NX is set.”…””}”(hjä  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h K hjà  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÇ  hjÄ  ubjÈ  )”}”(hŒtAdd a new pid namespace sysctl: vm.memfd_noexec to help applications in
migrating and enforcing non-executable MFD.
”h]”hê)”}”(hŒsAdd a new pid namespace sysctl: vm.memfd_noexec to help applications in
migrating and enforcing non-executable MFD.”h]”hŒsAdd a new pid namespace sysctl: vm.memfd_noexec to help applications in
migrating and enforcing non-executable MFD.”…””}”(hjû  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h K!hj÷  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÇ  hjÄ  ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1jÂ  hŸh³h Khj¿  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j½  hj©  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j§  hŸh³h K"hj¤  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¢  hh¶hžhhŸNh Nubhµ)”}”(hhh]”(hº)”}”(hŒUser API”h]”hŒUser API”…””}”(hj,  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj)  hžhhŸh³h K%ubhê)”}”(hŒ:``int memfd_create(const char *name, unsigned int flags)``”h]”hŒliteral”“”)”}”(hj<  h]”hŒ6int memfd_create(const char *name, unsigned int flags)”…””}”(hj@  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j>  hj:  ubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h K&hj)  hžhubj£  )”}”(hhh]”(j¨  )”}”(hX  ``MFD_NOEXEC_SEAL``
When MFD_NOEXEC_SEAL bit is set in the ``flags``, memfd is created
with NX. F_SEAL_EXEC is set and the memfd can't be modified to
add X later. MFD_ALLOW_SEALING is also implied.
This is the most common case for the application to use memfd.
”h]”(j®  )”}”(hŒ``MFD_NOEXEC_SEAL``”h]”j?  )”}”(hj\  h]”hŒMFD_NOEXEC_SEAL”…””}”(hj^  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j>  hjZ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j­  hŸh³h K,hjV  ubj¾  )”}”(hhh]”hê)”}”(hŒðWhen MFD_NOEXEC_SEAL bit is set in the ``flags``, memfd is created
with NX. F_SEAL_EXEC is set and the memfd can't be modified to
add X later. MFD_ALLOW_SEALING is also implied.
This is the most common case for the application to use memfd.”h]”(hŒ'When MFD_NOEXEC_SEAL bit is set in the ”…””}”(hjt  hžhhŸNh Nubj?  )”}”(hŒ	``flags``”h]”hŒflags”…””}”(hj|  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j>  hjt  ubhŒÂ, memfd is created
with NX. F_SEAL_EXEC is set and the memfd canâ€™t be modified to
add X later. MFD_ALLOW_SEALING is also implied.
This is the most common case for the application to use memfd.”…””}”(hjt  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h K)hjq  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j½  hjV  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j§  hŸh³h K,hjS  ubj¨  )”}”(hŒQ``MFD_EXEC``
When MFD_EXEC bit is set in the ``flags``, memfd is created with X.
”h]”(j®  )”}”(hŒ``MFD_EXEC``”h]”j?  )”}”(hj¦  h]”hŒMFD_EXEC”…””}”(hj¨  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j>  hj¤  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j­  hŸh³h K/hj   ubj¾  )”}”(hhh]”hê)”}”(hŒCWhen MFD_EXEC bit is set in the ``flags``, memfd is created with X.”h]”(hŒ When MFD_EXEC bit is set in the ”…””}”(hj¾  hžhhŸNh Nubj?  )”}”(hŒ	``flags``”h]”hŒflags”…””}”(hjÆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j>  hj¾  ubhŒ, memfd is created with X.”…””}”(hj¾  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h K/hj»  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j½  hj   ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j§  hŸh³h K/hjS  hžhubj¨  )”}”(hŒ‹Note:
``MFD_NOEXEC_SEAL`` implies ``MFD_ALLOW_SEALING``. In case that
an app doesn't want sealing, it can add F_SEAL_SEAL after creation.

”h]”(j®  )”}”(hŒNote:”h]”hŒNote:”…””}”(hjî  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j­  hŸh³h K4hjê  ubj¾  )”}”(hhh]”hê)”}”(hŒƒ``MFD_NOEXEC_SEAL`` implies ``MFD_ALLOW_SEALING``. In case that
an app doesn't want sealing, it can add F_SEAL_SEAL after creation.”h]”(j?  )”}”(hŒ``MFD_NOEXEC_SEAL``”h]”hŒMFD_NOEXEC_SEAL”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j>  hjÿ  ubhŒ	 implies ”…””}”(hjÿ  hžhhŸNh Nubj?  )”}”(hŒ``MFD_ALLOW_SEALING``”h]”hŒMFD_ALLOW_SEALING”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j>  hjÿ  ubhŒT. In case that
an app doesnâ€™t want sealing, it can add F_SEAL_SEAL after creation.”…””}”(hjÿ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h K2hjü  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j½  hjê  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j§  hŸh³h K4hjS  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¢  hj)  hžhhŸh³h Nubeh}”(h]”Œuser-api”ah ]”h"]”Œuser api”ah$]”h&]”uh1h´hh¶hžhhŸh³h K%ubhµ)”}”(hhh]”(hº)”}”(hŒSysctl:”h]”hŒSysctl:”…””}”(hjJ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjG  hžhhŸh³h K7ubhê)”}”(hŒ)``pid namespaced sysctl vm.memfd_noexec``”h]”j?  )”}”(hjZ  h]”hŒ%pid namespaced sysctl vm.memfd_noexec”…””}”(hj\  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j>  hjX  ubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h K8hjG  hžhubhê)”}”(hŒ;The new pid namespaced sysctl vm.memfd_noexec has 3 values:”h]”hŒ;The new pid namespaced sysctl vm.memfd_noexec has 3 values:”…””}”(hjo  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h K:hjG  hžhubhŒblock_quote”“”)”}”(hXn  - 0: MEMFD_NOEXEC_SCOPE_EXEC
       memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
       MFD_EXEC was set.

- 1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL
       memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
       MFD_NOEXEC_SEAL was set.

- 2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED
       memfd_create() without MFD_NOEXEC_SEAL will be rejected.
”h]”jÃ  )”}”(hhh]”(jÈ  )”}”(hŒu0: MEMFD_NOEXEC_SCOPE_EXEC
     memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
     MFD_EXEC was set.
”h]”j£  )”}”(hhh]”j¨  )”}”(hŒk0: MEMFD_NOEXEC_SCOPE_EXEC
memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_EXEC was set.
”h]”(j®  )”}”(hŒ0: MEMFD_NOEXEC_SCOPE_EXEC”h]”hŒ0: MEMFD_NOEXEC_SCOPE_EXEC”…””}”(hj‘  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j­  hŸh³h K>hj  ubj¾  )”}”(hhh]”hê)”}”(hŒOmemfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_EXEC was set.”h]”hŒOmemfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_EXEC was set.”…””}”(hj¢  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h K=hjŸ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j½  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j§  hŸh³h K>hjŠ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¢  hj†  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÇ  hjƒ  ubjÈ  )”}”(hŒƒ1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL
     memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
     MFD_NOEXEC_SEAL was set.
”h]”j£  )”}”(hhh]”j¨  )”}”(hŒy1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL
memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_NOEXEC_SEAL was set.
”h]”(j®  )”}”(hŒ!1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL”h]”hŒ!1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL”…””}”(hjÓ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j­  hŸh³h KBhjÏ  ubj¾  )”}”(hhh]”hê)”}”(hŒVmemfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_NOEXEC_SEAL was set.”h]”hŒVmemfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
MFD_NOEXEC_SEAL was set.”…””}”(hjä  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h KAhjá  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j½  hjÏ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j§  hŸh³h KBhjÌ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¢  hjÈ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÇ  hjƒ  ubjÈ  )”}”(hŒd2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED
     memfd_create() without MFD_NOEXEC_SEAL will be rejected.
”h]”j£  )”}”(hhh]”j¨  )”}”(hŒ_2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED
memfd_create() without MFD_NOEXEC_SEAL will be rejected.
”h]”(j®  )”}”(hŒ%2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED”h]”hŒ%2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j­  hŸh³h KEhj  ubj¾  )”}”(hhh]”hê)”}”(hŒ8memfd_create() without MFD_NOEXEC_SEAL will be rejected.”h]”hŒ8memfd_create() without MFD_NOEXEC_SEAL will be rejected.”…””}”(hj&  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h KEhj#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j½  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j§  hŸh³h KEhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¢  hj
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÇ  hjƒ  ubeh}”(h]”h ]”h"]”h$]”h&]”j  j  uh1jÂ  hŸh³h K<hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j}  hŸh³h K<hjG  hžhubhê)”}”(hX  The sysctl allows finer control of memfd_create for old software that
doesn't set the executable bit; for example, a container with
vm.memfd_noexec=1 means the old software will create non-executable memfd
by default while new software can create executable memfd by setting
MFD_EXEC.”h]”hX  The sysctl allows finer control of memfd_create for old software that
doesnâ€™t set the executable bit; for example, a container with
vm.memfd_noexec=1 means the old software will create non-executable memfd
by default while new software can create executable memfd by setting
MFD_EXEC.”…””}”(hjX  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h KGhjG  hžhubhê)”}”(hŒßThe value of vm.memfd_noexec is passed to child namespace at creation
time. In addition, the setting is hierarchical, i.e. during memfd_create,
we will search from current ns to root ns and use the most restrictive
setting.”h]”hŒßThe value of vm.memfd_noexec is passed to child namespace at creation
time. In addition, the setting is hierarchical, i.e. during memfd_create,
we will search from current ns to root ns and use the most restrictive
setting.”…””}”(hjf  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h KMhjG  hžhubhê)”}”(hŒ[1] https://crbug.com/1305267”h]”(hŒ[1] ”…””}”(hjt  hžhhŸNh Nubhô)”}”(hŒhttps://crbug.com/1305267”h]”hŒhttps://crbug.com/1305267”…””}”(hj|  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j~  uh1hóhjt  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h KRhjG  hžhubhê)”}”(hŒe[2] https://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20memfd%20escalation&can=1”h]”(hŒ[2] ”…””}”(hj‘  hžhhŸNh Nubhô)”}”(hŒahttps://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20memfd%20escalation&can=1”h]”hŒahttps://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20memfd%20escalation&can=1”…””}”(hj™  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j›  uh1hóhj‘  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h KThjG  hžhubhê)”}”(hŒ$[3] https://lwn.net/Articles/781013/”h]”(hŒ[3] ”…””}”(hj®  hžhhŸNh Nubhô)”}”(hŒ https://lwn.net/Articles/781013/”h]”hŒ https://lwn.net/Articles/781013/”…””}”(hj¶  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j¸  uh1hóhj®  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1héhŸh³h KVhjG  hžhubeh}”(h]”Œsysctl”ah ]”h"]”Œsysctl:”ah$]”h&]”uh1h´hh¶hžhhŸh³h K7ubeh}”(h]”Œ"introduction-of-non-executable-mfd”ah ]”h"]”Œ"introduction of non-executable mfd”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jþ  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jØ  jÕ  jD  jA  jÐ  jÍ  uŒ	nametypes”}”(jØ  ‰jD  ‰jÐ  ‰uh}”(jÕ  h¶jA  j)  jÍ  jG  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.