diff options
Diffstat (limited to 'clang-tools-extra/docs/clang-tidy/checks/android-cloexec-memfd-create.rst')
-rw-r--r-- | clang-tools-extra/docs/clang-tidy/checks/android-cloexec-memfd-create.rst | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-memfd-create.rst b/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-memfd-create.rst deleted file mode 100644 index a45321d64b3..00000000000 --- a/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-memfd-create.rst +++ /dev/null @@ -1,18 +0,0 @@ -.. title:: clang-tidy - android-cloexec-memfd-create - -android-cloexec-memfd-create -============================ - -``memfd_create()`` should include ``MFD_CLOEXEC`` in its type argument to avoid -the file descriptor leakage. Without this flag, an opened sensitive file would -remain open across a fork+exec to a lower-privileged SELinux domain. - -Examples: - -.. code-block:: c++ - - memfd_create(name, MFD_ALLOW_SEALING); - - // becomes - - memfd_create(name, MFD_ALLOW_SEALING | MFD_CLOEXEC); |