tree-wide: add MFD_EXEC and MFD_NOEXEC_SEAL flags to memfd_create

[kdrag0n]

Since Linux kernel 6.3, one of these flags must be passed to avoid a warning being printed in the kernel log:

[    1.229444] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=851 'lxd'

Fixes #4315

[lxc-jenkins]

This pull request didn't trigger Jenkins as its author isn't in the allow list.

An organization member must perform one of the following:

• To have this branch tested by Jenkins, use the "ok to test" command.
• To have a one time test done, use the "test this please" command.

Those commands are simple Github comments of the format: "jenkins: COMMAND"

[stgraber]

test-proc-sys: test-proc-sys: ../src/lxc/parse.c: lxc_file_for_each_line_mmap: 64 Invalid argument - Failed to create memory file

That sounds like a regression :)

[kdrag0n]

Ah, looks like this will need runtime checks for either kernel version or memfd_create's accepted flags...

[mihalicyn]

Hi @kdrag0n

Do you have a plan to update this? May be you need some help from my side with this?

[kdrag0n]

@mihalicyn Would be great if you could help out with checking the flags and adding a runtime switch! If not, I might be able to look at this in a month or two.