Sealing a shared memory object

Updated: April 19, 2023

Sealing a shared memory object is a way for the creator of the object to prevent other processes from changing the object's physical layout, even if they're allowed to change the memory contents.

The layout includes the size of the object, backing memory, and anything else that can be modified via shm_ctl(). To do this, the creator of the object specifies the SHMCTL_SEAL flag when calling shm_ctl(). Once the object is sealed, no process (including the object's creator) can use shm_ctl() to modify the object's layout or flags, and attempts to do so fail with an error of EPERM.

Note: A sealed object isn't write-protected. Anyone who has write access can still change the content of the object; they just can't shrink or extend it or otherwise make it point to memory not already referenced by it.

You can call shm_ctl() with the SHMCTL_GET_FLAGS flag to get a shared memory object's flags, whether or not the object is sealed. One use for this is to determine if the object has been sealed; for example, the recipient could decide that it doesn't want to work with an unsealed object.