/proc/PID/map_files are protected by the global CAP_SYS_ADMIN, so we
need to avoid using them to support user namespaces.

We are going to use memfd_create() to get the first file descriptor and
then all others processes will able to open it via /proc/PID/fd/X.

In this patch memfd_create() is used to get a file descriptor, which is
associated with a shared memory region.

If memfd_create() isn't supported, the old scheme will be used.

v2: don't set a name for memfd. It isn't required.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>