Hi Pratyush, On 2026-05-29T14:40:44+0200, Pratyush Yadav wrote: > From: "Pratyush Yadav (Google)" > > F_SEAL_EXEC was added in Linux v6.3. It seals the exec bits of the > memfd. Document it. > > Signed-off-by: Pratyush Yadav (Google) > --- > > Notes: > I discovered this was missing when working on [0]. I had to look at the > code to figure out how it was supposed to behave. > > Disclaimer: I used help from Gemini to write this patch, mainly because > I don't know the man page syntax. If the man-pages project also uses the > AI-assisted tags as Linux, feel free to add: > > Assisted-by: Gemini:gemini-3.1-pro $ head -n13 CONTRIBUTING.d/ai Name AI - artificial intelligence policy Description It is expressly forbidden to contribute to this project any content that has been created or derived with the assistance of AI tools. This includes AI assistive tools used in the contributing process, even if such tools do not directly generate the contributed code but are used to derive the contribution. For example, AI linters, AI static analyzers, and AI tools that summarize input are forbidden. If you only used it for formatting, and the text is entirely yours, I guess you'll be able to write it again from scratch easily (it's not a lot of text, anyway). To proceed clean, you should remove the patch entirely, and write it again from scratch, only looking at surrounding code and other pages, but not looking at the contaminated patch. If you have any doubts about the man(7) language, I can help, or even fix things for you (as long as it's reasonably easy to do so). Thanks! Have a lovely day! Alex > > [0] https://lore.kernel.org/linux-mm/20260505133922.797635-1-pratyush@kernel.org/ > > man/man2const/F_GET_SEALS.2const | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > > diff --git a/man/man2const/F_GET_SEALS.2const b/man/man2const/F_GET_SEALS.2const > index 175025c10..2de8009a8 100644 > --- a/man/man2const/F_GET_SEALS.2const > +++ b/man/man2const/F_GET_SEALS.2const > @@ -176,6 +176,25 @@ will fail with > Using this seal, > one process can create a memory buffer that it can continue to modify > while sharing that buffer on a "read-only" basis with other processes. > +.TP > +.BR F_SEAL_EXEC " (since Linux 6.3)" > +If this seal is set, the execute bits in the file mode cannot be modified. > +Any attempt to modify these bits via > +.BR chmod (2), > +.BR fchmod (2), > +or similar calls will fail with > +.BR EPERM . > +This preserves the execute bits as they were at the time of sealing, > +making the file either permanently executable or permanently unexecutable. > +.IP > +If this seal is applied to a file that is already executable, > +the kernel also implicitly applies > +.BR F_SEAL_SHRINK , > +.BR F_SEAL_GROW , > +.BR F_SEAL_WRITE , > +and > +.BR F_SEAL_FUTURE_WRITE , > +preventing any further modifications to the contents of the file. > .SH RETURN VALUE > .TP > .B F_GET_SEALS > > base-commit: 9db8ca91f920b9aba40ed68de6b8da0ca9dbefaa > -- > 2.54.0.1013.g208068f2d8-goog > > --