License	PublicDomain
Maintainer	phlummox2@gmail.com
Portability	non-portable (requires Linux)
Safe Haskell	None
Language	Haskell2010

System.Linux.MemFd

Contents

memFdCreate
Low-level access

Description

Create anonymous, memory-backed files with the Linux memfd_create syscall.

Synopsis

memFdCreate

memFdCreate :: String -> [MemFdCreateFlag] -> IO Fd Source #

memFdCreate name flags creates an anonymous in-memory file and return a file descriptor referring to it.

name is used as a filename for debugging purposes, and will be displayed as the target of the corresponding symbolic link in the directory /proc/self/fd/. The displayed name is always prefixed with the string "memfd:". Names do not affect the behavior of the file descriptor, and multiple files can therefore have the same name without any side effects.

The file behaves like a regular file, and so can be modified, truncated, memory-mapped, and so on. However, unlike a regular file, it lives in RAM and has a volatile backing storage. Once all OS references to the file are dropped, it is automatically released.

A list of flags may be passed in flags.

If the CloseOnExec flag is passed, then the descriptor will be automatically and atomically closed when any of the exec family functions succeed.

If the AllowSealing flag is passed, then the file can be sealed using the fcntl functions (see https://hackage.haskell.org/package/unix-fcntl for bindings to fcntl.)

As a convenience, memFdSeal is provided, which is a simplified interface to the fcntl function.

A path to the file is available via the /proc fileystem, at /proc/self/fd/myfd (where "myfd" is the value of the file descriptor -- this file can be opened etc. like any other file using typical Haskell IO functions.

Furthermore, as long as the CloseOnExec flag is not passed, the file descriptor (and associated "/proc" path) will remain available to forked and execed child processes -- see the "Examples" directory for sample usage.

Can also be used for "zero-trust" IPC -- see https://github.com/a-darwish/memfd-examples

Example:

>>> import System.Posix.IO (fdWrite)
>>> fd <- memFdCreate "myfile" []
>>> _ <- fdWrite fd "The quality of mercy is not strained"
>>> let fname = "/proc/self/fd/" ++ show fd
>>> readFile fname >>= print
"The quality of mercy is not strained"

data MemFdCreateFlag Source #

Correspond to the unsigned int flags from memfd.h.

Constructors

CloseOnExec	MFD_CLOEXEC: close file descriptor if any `exec` family functions are successfully called
AllowSealing	MFD_ALLOW_SEALING: allow file descriptor to be sealed using `fcntl`

Instances

Eq MemFdCreateFlag Source #
Methods (==) :: MemFdCreateFlag -> MemFdCreateFlag -> Bool # (/=) :: MemFdCreateFlag -> MemFdCreateFlag -> Bool #

Low-level access

Access to the C-level functions and constants.

c_memfd_create :: CString -> CUInt -> IO Fd Source #

Wrapper around int memfd_create(const char *name, unsigned int flags)

c_MFD_CLOEXEC :: CUInt Source #

MFD_CLOEXEC

c_MFD_ALLOW_SEALING :: CUInt Source #

MFD_ALLOW_SEALING