> +#ifdef HAVE_MEMFD_CLOEXEC
> +# ifdef HAVE_MEMFD_NOEXEC_SEAL
> + fd = memfd_create(description, MFD_CLOEXEC | MFD_NOEXEC_SEAL);
> +# endif /* HAVE_MEMFD_NOEXEC_SEAL */
> + /* memfd_create exists in kernel 3.17 (2014) and glibc 2.27 (2018). */
> + fd = memfd_create(description, MFD_CLOEXEC);
> +#endif /* HAVE_MEMFD_CLOEXEC */
> +
> +#ifdef HAVE_O_TMPFILE
> + fd = open("/dev/shm", O_TMPFILE | O_CLOEXEC | O_RDWR, 0600);
> + fd = open("/tmp", O_TMPFILE | O_CLOEXEC | O_RDWR, 0600);
> +#endif
> +
> +#ifdef HAVE_MKOSTEMP_CLOEXEC
> + fd = mkostemp("libxfsXXXXXX", O_CLOEXEC);
> + if (fd >= 0)
> + goto got_fd;
> +#endif
Is there any point in supporting pre-3.17 kernels here and not
just use memfd_create unconditionally? And then just ifdef on
MFD_NOEXEC_SEAL instead of adding a configure check?
