memfd_secret introduced in kernel 5.14. For more information see https://lwn.net/Articles/865256/
According to https://lwn.net/Articles/865256/, "memfd_secret() was disabled by default and a command-line option (secretmem_enable=) was added to enable it at boot time." $ cat /proc/cmdline BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.15.0-0.rc4.33.fc36.x86_64 root=UUID=6fd107e8-438a-48a2-915e-651e43fb438e ro rootflags=subvol=root rhgb quiet secretmem.enable=y $ cat memfd_secret.c #define _GNU_SOURCE #include <unistd.h> #include <sys/syscall.h> #include <fcntl.h> #include <err.h> #include <stdio.h> #include <errno.h> int main(void){ printf("memfd_secret demo prog\n"); int fd; fd = syscall(SYS_memfd_secret, O_CLOEXEC); printf("fd = %d\n", fd); printf("errno = %d\n", errno); return 0; } $ gcc -o test memfd_secret.c $ ./test memfd_secret demo prog fd = 3 errno = 0
Fixed in commit 8e4f7ba372b4.