pub fn classify_memfd(name: &str, is_executable: bool) -> boolExpand description
Classify whether a memfd_create file is suspicious.
Executable anonymous memory is always suspicious. Empty names and names matching known rootkit patterns are also flagged.