pentacle is a library for executing programs as sealed anonymous files on Linux, using memfd_create(2)
.
This is useful for executing programs that execute untrusted programs with root permissions, or ensuring a cryptographically-verified program is not tampered with after verification but before execution.
This library is based on runc's cloned_binary.c.