memfd_secret¶

Intro¶

memfd_secret - creates an anonymous file backed by memory, with the ability to lock a portion of the file.

Description¶

The memfd_secret() system call creates a file descriptor that refers to an anonymous, in-memory file. It differs from memfd_create() in that it has a secret option, which allows a portion of the file to be locked in memory, preventing it from being swapped to disk. This can be useful for sensitive data, such as cryptographic key material, which should not be written to persistent storage.

The flags argument determines how the file is created, and is a bitmask of permission bits. It can be used to control whether read and write operations are allowed on the file.

Arguments¶

flags: unsigned int[K] - bitmask of permission bits to control whether read and write operations are allowed on the file.

Available Tags¶

K - Originated from kernel-space.

Hooks¶

memfd_secret¶

Type¶

Kprobe

Purpose¶

To monitor and log when the system call is called.

Example Use Case¶

This system call can be used to create a file that is stored in memory, with the ability to lock a portion of the file. This could be used to store sensitive data, such as cryptographic keys, preventing it from being written to persistent storage.

Issues¶

None known.

memfd_create() - creates an anonymous file backed by memory

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.

memfd_secret¶

Intro¶

Description¶

Arguments¶

Available Tags¶

Hooks¶

memfd_secret¶

Type¶

Purpose¶

Example Use Case¶

Issues¶

Related Events¶