[−][src]Function pentacle::ensure_sealed
pub fn ensure_sealed() -> Result<()>
Ensure the currently running program is a sealed anonymous file.
If /proc/self/exe
is not a sealed anonymous file, a new anonymous file is created,
/proc/self/exe
is copied to it, the file is sealed, and CommandExt::exec
is called. When
the program begins again, this function will detect /proc/self/exe
as a sealed anonymous
file and return Ok(())
.
You should call this function at the beginning of main
. This function has the same
implications as CommandExt::exec
: no destructors on the current stack or any other thread’s
stack will be run.
Errors
An error is returned if /proc/self/exe
fails to open, memfd_create(2)
fails, the fcntl(2)
F_ADD_SEALS
command fails, or copying from /proc/self/exe
to the anonymous file fails.