We really shouldn't create fds ever that have the flag unset.
if (!g)
return -ENOMEM;
- r = memfd_create(g, MFD_ALLOW_SEALING);
+ r = memfd_create(g, MFD_ALLOW_SEALING|MFD_CLOEXEC);
if (r < 0)
return -errno;
}
}
- fd = memfd_create(name, MFD_ALLOW_SEALING);
+ fd = memfd_create(name, MFD_ALLOW_SEALING | MFD_CLOEXEC);
if (fd < 0)
return -errno;
#endif
#ifndef MFD_ALLOW_SEALING
-#define MFD_ALLOW_SEALING 0x0002ULL
+#define MFD_ALLOW_SEALING 0x0002U
+#endif
+
+#ifndef MFD_CLOEXEC
+#define MFD_CLOEXEC 0x0001U
#endif
#ifndef IP_FREEBIND