termux-packages/root-packages/runc/memfd.patch

diff --git a/libcontainer/dmz/cloned_binary_linux.go b/libcontainer/dmz/cloned_binary_linux.go
index 1c034e4e..d77dbf37 100644
--- a/libcontainer/dmz/cloned_binary_linux.go
+++ b/libcontainer/dmz/cloned_binary_linux.go
@@ -52,9 +52,13 @@
 	// stronger F_SEAL_WRITE (and is buggy on Linux <5.5 -- see kernel commit
 	// 05d351102dbe and <https://github.com/opencontainers/runc/pull/4640>).
 
+	// Prior to kernel Linux 5.5 F_SEAL_FUTURE_WRITE has bug which maps memory as shared
+	// between processes even if it is set as private.
+	// https://github.com/torvalds/linux/commit/05d351102dbe4e103d6bdac18b1122cd3cd04925
+	// https://github.com/opencontainers/runc/pull/4641
 	// F_SEAL_EXEC -- Linux 6.3
-	const F_SEAL_EXEC = 0x20 //nolint:revive // this matches the unix.* name
-	_, _ = unix.FcntlInt(fd, unix.F_ADD_SEALS, F_SEAL_EXEC)
+	// const F_SEAL_EXEC = 0x20 //nolint:revive // this matches the unix.* name
+	// _, _ = unix.FcntlInt(fd, unix.F_ADD_SEALS, F_SEAL_EXEC)
 
 	// Apply all original memfd seals.
 	_, err := unix.FcntlInt(fd, unix.F_ADD_SEALS, baseMemfdSeals)