In kernels ≥ 6.3 there's a warning generated when you create a memfd without setting one of MFD_NOEXEC_SEAL or MFD_EXEC. Since we don't need to be able to execute our shm buffers, set MFD_NOEXEC_SEAL when:
We're built against sufficiently new kernel headers, and
The kernel we're running on is sufficiently new.
memfd_create will return EINVAL if it doesn't understand MFD_NOEXEC_SEAL (ie: if it's too old), so it's easy to fallback.
In kernels ≥ 6.3 there's a warning generated when you create a memfd without setting one of
MFD_NOEXEC_SEALorMFD_EXEC. Since we don't need to be able to execute our shm buffers, setMFD_NOEXEC_SEALwhen:memfd_createwill returnEINVALif it doesn't understandMFD_NOEXEC_SEAL(ie: if it's too old), so it's easy to fallback.