Index: lib/libc/sys/Makefile.inc
===================================================================
--- lib/libc/sys/Makefile.inc
+++ lib/libc/sys/Makefile.inc
@@ -234,6 +234,7 @@
 	listen.2 \
 	lseek.2 \
 	madvise.2 \
+	memfd_create.2 \
 	mincore.2 \
 	minherit.2 \
 	mkdir.2 \
Index: lib/libc/sys/memfd_create.2
===================================================================
--- /dev/null
+++ lib/libc/sys/memfd_create.2
@@ -0,0 +1,107 @@
+.\" SPDX-License-Identifier: BSD-2-Clause
+.\"
+.\" Copyright (c) 2019 Kyle Evans <kevans@FreeBSD.org>
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd August 24, 2019
+.Dt MEMFD_CREATE 2
+.Os
+.Sh NAME
+.Nm memfd_create
+.Nd Create anonymous shared memory object
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/mman.h
+.Ft int
+.Fo memfd_create
+.Fa "const char *name"
+.Fa "unsigned int flags"
+.Fc
+.Sh DESCRIPTION
+The
+.Fn memfd_create
+system call
+creates an anonymous shared memory object, identical to that created by
+.Xr shm_open 2
+when
+.Dv SHM_ANON
+is specified.
+Newly created objects start off with a size of zero.
+The size of the object can be adjusted via
+.Xr ftruncate 2 .
+.Pp
+The
+.Fa name
+argument is currently unused.
+The following
+.Fa flags
+may be specified:
+.Bl -tag -width MFD_ALLOW_SEALING
+.It Dv MFD_CLOEXEC
+Set
+.Dv FD_CLOEXEC
+on the resulting file descriptor.
+.It Dv MFD_ALLOW_SEALING
+Allow adding seals to the resulting file descriptor using the
+.Dv F_ADD_SEALS
+.Xr fcntl 2 .
+.It Dv MFD_HUGETLB
+This flag is currently unsupported.
+.El
+.Sh RETURN VALUES
+If successful,
+.Fn memfd_create
+returns the file descriptor for the opened file; otherwise the value \-1 is
+returned and the global variable
+.Va errno
+is set to indicate the error.
+.Fn memfd_
+.Sh ERRORS
+In addition to the errors returned by
+.Xr shm_open 2 ,
+.Fn memfd_create
+will return
+.Bl -tag -width Er
+.It Bq Er EINVAL
+Any flags not listed above were specified.
+.It Bq Er ENOSYS
+.Dv MFD_HUGETLB
+has been specified, and this system does not support forced hugetlb mappings.
+.El
+.Sh SEE ALSO
+.Xr fcntl 2 ,
+.Xr ftruncate 2 ,
+.Xr shm_open 2
+.Sh STANDARDS
+The
+.Fn memfd_create
+system call is expected to be compatible with the Linux system call of
+the same name.
+.Sh HISTORY
+The
+.Fn memfd_create
+function appeared in
+.Fx 13.0 .
Index: sys/compat/freebsd32/syscalls.master
===================================================================
--- sys/compat/freebsd32/syscalls.master
+++ sys/compat/freebsd32/syscalls.master
@@ -1150,5 +1150,6 @@
 569	AUE_NULL	NOPROTO	{ ssize_t copy_file_range(int infd, \
 				    off_t *inoffp, int outfd, off_t *outoffp, \
 				    size_t len, unsigned int flags); }
+570	AUE_NULL	NOPROTO	{ int memfd_create(const char *path, int flags); }
 
 ; vim: syntax=off
Index: sys/conf/files
===================================================================
--- sys/conf/files
+++ sys/conf/files
@@ -3843,6 +3843,7 @@
 kern/sys_capability.c		standard
 kern/sys_generic.c		standard
 kern/sys_getrandom.c		standard
+kern/sys_memfd.c		standard
 kern/sys_pipe.c			standard
 kern/sys_procdesc.c		standard
 kern/sys_process.c		standard
Index: sys/kern/capabilities.conf
===================================================================
--- sys/kern/capabilities.conf
+++ sys/kern/capabilities.conf
@@ -409,6 +409,15 @@
 ## Allow simple VM operations on the current process.
 ##
 madvise
+
+##
+## Creates only anonymous objects via shm_open.
+##
+memfd_create
+
+##
+## Allow simple VM operations on the current process.
+##
 mincore
 minherit
 mlock
Index: sys/kern/sys_memfd.c
===================================================================
--- /dev/null
+++ sys/kern/sys_memfd.c
@@ -0,0 +1,77 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ *
+ * Copyright (c) 2019 Kyle Evans <kevans@FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/capsicum.h>
+#include <sys/param.h>
+#include <sys/fcntl.h>
+#include <sys/filedesc.h>
+#include <sys/malloc.h>
+#include <sys/mman.h>
+#include <sys/proc.h>
+#include <sys/syscallsubr.h>
+#include <sys/sysproto.h>
+
+int kern_memfd_create(struct thread *td, const char *name, int flags);
+
+int
+kern_memfd_create(struct thread *td, const char *name, int flags)
+{
+	struct file *fp;
+	int err, shmflags;
+
+	if ((flags & ~(MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_HUGETLB |
+	    MFD_HUGE_FLAGS)) != 0)
+		return (EINVAL);
+	/* This implementation doesn't currently support HUGETLB */
+	if ((flags & MFD_HUGETLB) != 0)
+		return (ENOSYS);
+	shmflags = O_RDWR;
+	if ((flags & MFD_CLOEXEC) != 0)
+		shmflags |= O_CLOEXEC;
+	err = kern_shm_open(td, SHM_ANON, shmflags, 0, NULL, &fp);
+	/*
+	 * Just need to additionally set FSEALABLE as needed.  We can't handle
+	 * this in kern_shm_open() because FSEALABLE shares a bit with O_TRUNC,
+	 * because it's unused after the initial open call.
+	 */
+	if (err == 0 && (flags & MFD_ALLOW_SEALING) != 0)
+		fp->f_flag |= FSEALABLE;
+
+	fdrop(fp, td);
+	return (err);
+}
+
+int
+sys_memfd_create(struct thread *td, struct memfd_create_args *uap)
+{
+
+	return (kern_memfd_create(td, uap->path, uap->flags));
+}
Index: sys/kern/syscalls.master
===================================================================
--- sys/kern/syscalls.master
+++ sys/kern/syscalls.master
@@ -3185,6 +3185,12 @@
 		    unsigned int flags
 		);
 	}
+570	AUE_NULL	STD {
+		int memfd_create(
+		    _In_z_ const char *path,
+		    unsigned int flags
+		);
+	}
 
 ; Please copy any additions and changes to the following compatability tables:
 ; sys/compat/freebsd32/syscalls.master
Index: sys/sys/mman.h
===================================================================
--- sys/sys/mman.h
+++ sys/sys/mman.h
@@ -176,6 +176,36 @@
  * Anonymous object constant for shm_open().
  */
 #define	SHM_ANON		((char *)1)
+
+/*
+ * Flags for memfd_create()
+ */
+#define	MFD_CLOEXEC			0x00000001
+#define	MFD_ALLOW_SEALING		0x00000002
+
+/* UNSUPPORTED */
+#define	MFD_HUGETLB			0x00000004
+
+#define	MFD_HUGE_SHIFT			26
+#define	MFD_HUGE_64KB			(16 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_512KB			(19 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_1MB			(20 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_2MB			(21 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_8MB			(23 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_16MB			(24 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_32MB			(25 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_256MB			(28 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_512MB			(29 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_1GB			(30 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_2GB			(31 << MFD_HUGE_SHIFT)
+#define	MFD_HUGE_16GB			(34 << MFD_HUGE_SHIFT)
+
+/* memfd_create(2) interfaces checks this for validity of flags */
+#define	MFD_HUGE_FLAGS							\
+    (MFD_HUGE_64KB | MFD_HUGE_512KB | MFD_HUGE_1MB | MFD_HUGE_2MB |	\
+    MFD_HUGE_8MB | MFD_HUGE_16MB | MFD_HUGE_32MB | MFD_HUGE_256MB |	\
+    MFD_HUGE_512MB | MFD_HUGE_1GB | MFD_HUGE_2GB | MFD_HUGE_16GB)
+
 #endif /* __BSD_VISIBLE */
 
 /*
@@ -283,6 +313,9 @@
 int	shm_open(const char *, int, mode_t);
 int	shm_unlink(const char *);
 #endif
+#if __BSD_VISIBLE
+int	memfd_create(const char *, unsigned int);
+#endif
 __END_DECLS
 
 #endif /* !_KERNEL */