On Tue, 17 Oct 2023 at 11:20, Theo de Raadt deraadt@openbsd.org wrote:
The only case where the immutable marker is ignored is during address space teardown as a result of process termination.
.. and presumably also execve()?
I do like us starting with just "mimmutable()", since it already exists. Particularly if chrome already knows how to use it.
Maybe add a flag field (require it to be zero initially) just to allow any future expansion. Maybe the chrome team has *wanted* to have some finer granularity thing and currently doesn't use mimmutable() in some case?
Linus