shared: memfd_create: try MFD_NOEXEC_SEAL

Effective from Linux 6.3 onward, this creates the memfd without execute
permissions and prevents that setting from ever being changed. A
run-time fallback is made to not using MFD_NOEXEC_SEAL when
weston compiled on Linux >= 6.3 is run on Linux < 6.3.

Signed-off-by: Sami Uddin <sami.uddin@astc-design.com>

shared/os-compatibility.c

@@ -40,6 +40,11 @@
 
 #define READONLY_SEALS (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)
 
+/* Fallback to no flag when missing the definition */
+#ifndef MFD_NOEXEC_SEAL
+#define MFD_NOEXEC_SEAL 0
+#endif
+
 int
 os_fd_clear_cloexec(int fd)
 {
@@ -184,7 +189,21 @@ os_create_anonymous_file(off_t size)
 	int ret;
 
 #ifdef HAVE_MEMFD_CREATE
-	fd = memfd_create("weston-shared", MFD_CLOEXEC | MFD_ALLOW_SEALING);
+	/*
+	* Linux kernels older than 6.3 reject MFD_NOEXEC_SEAL with EINVAL.
+	* Try first *with* it, and if that fails, try again *without* it.
+	*/
+	errno = 0;
+	fd = memfd_create(
+		"weston-shared",
+		MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_NOEXEC_SEAL);
+
+	if (fd < 0 && errno == EINVAL && MFD_NOEXEC_SEAL != 0) {
+		fd = memfd_create(
+			"weston-shared",
+			MFD_CLOEXEC | MFD_ALLOW_SEALING);
+	}
+
 	if (fd >= 0) {
 		/* We can add this seal before calling posix_fallocate(), as
 		 * the file is currently zero-sized anyway.