termux-packages/root-packages/runc/memfd.patch

diff --git a/libcontainer/dmz/cloned_binary_linux.go b/libcontainer/dmz/cloned_binary_linux.go
index 1c034e4e..d77dbf37 100644
--- a/libcontainer/dmz/cloned_binary_linux.go
+++ b/libcontainer/dmz/cloned_binary_linux.go
@@ -47,8 +47,12 @@ func sealMemfd(f **os.File) error {
 	// errors because they are not needed and we want to continue
 	// to work on older kernels.
 	fd := (*f).Fd()
+	// Prior to kernel Linux 5.5 F_SEAL_FUTURE_WRITE has bug which maps memory as shared
+	// between processes even if it is set as private.
+	// https://github.com/torvalds/linux/commit/05d351102dbe4e103d6bdac18b1122cd3cd04925
+	// https://github.com/opencontainers/runc/pull/4641
 	// F_SEAL_FUTURE_WRITE -- Linux 5.1
-	_, _ = unix.FcntlInt(fd, unix.F_ADD_SEALS, unix.F_SEAL_FUTURE_WRITE)
+	// _, _ = unix.FcntlInt(fd, unix.F_ADD_SEALS, unix.F_SEAL_FUTURE_WRITE)
 	// F_SEAL_EXEC -- Linux 6.3
 	const F_SEAL_EXEC = 0x20 //nolint:revive // this matches the unix.* name
 	_, _ = unix.FcntlInt(fd, unix.F_ADD_SEALS, F_SEAL_EXEC)