Provide proper abstractions for memfd operations. This is especially necessary with the new MFD_EXEC and MFD_NOEXEC_SEAL features of the kernel, which requires all memfd users to update the code to use one of the new flags.
Unfortunately, they decided against providing MFD_NOEXEC, but instead just provide MFD_NOEXEC_SEAL, which is a combination of MFD_ALLOW_SEALING, MFD_NOEXEC, and F_SEAL_EXEC. This is really awkward to use in helpers, but I think I got something that works well enough.
Provide proper abstractions for memfd operations. This is especially necessary with the new
MFD_EXEC
andMFD_NOEXEC_SEAL
features of the kernel, which requires all memfd users to update the code to use one of the new flags.Unfortunately, they decided against providing
MFD_NOEXEC
, but instead just provideMFD_NOEXEC_SEAL
, which is a combination ofMFD_ALLOW_SEALING
,MFD_NOEXEC
, andF_SEAL_EXEC
. This is really awkward to use in helpers, but I think I got something that works well enough.Reported in #322.