hardened_malloc icon indicating copy to clipboard operation
hardened_malloc copied to clipboard
verified publisher icon GrapheneOS

linux: make use of mseal(2)

Open cgzones opened this issue 1 year ago • 3 comments

Instead of protecting the global read-only data structure after startup via the read-only flag, which can be reverted, use the in Linux 6.10 introduced irreversible syscall mseal(2).

cgzones avatar Jul 24 '24 15:07 cgzones

I've been running this for about a week now without issue.

SkewedZeppelin avatar Aug 19 '24 15:08 SkewedZeppelin

Will get to this eventually, it's just very low priority due to low impact.

thestinger avatar Oct 16 '24 21:10 thestinger

Kindly ping

cgzones avatar Sep 21 '25 10:09 cgzones