shm: use MFD_NOEXEC_SEAL for shared memory

Rudi Heitbaum requested to merge heitbaum/pulseaudio:memfd into master

Since kernel 6.3 the error memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=2996 'pactl' appears in the kernel logs. Include this patch as a followup to #1394 (closed) and !751 (merged)


The new MFD_NOEXEC_SEAL and MFD_EXEC flags allows application to set executable bit at creation time (memfd_create).

When MFD_NOEXEC_SEAL is set, memfd is created without executable bit (mode:0666), and sealed with F_SEAL_EXEC, so it can't be chmod to be executable (mode: 0777) after creation.

when MFD_EXEC flag is set, memfd is created with executable bit (mode:0777), this is the same as the old behavior of memfd_create.

Merge request reports