diff --git a/glfw/memfd.h b/glfw/memfd.h
new file mode 100644
index 000000000..06686314a
--- /dev/null
+++ b/glfw/memfd.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2018 Kovid Goyal <kovid at kovidgoyal.net>
+ *
+ * Distributed under terms of the GPL3 license.
+ */
+
+#pragma once
+
+#if defined(__linux__)
+
+#define _GNU_SOURCE
+#include <unistd.h>
+#include <sys/syscall.h>
+static inline int memfd_create(const char *name, unsigned int flags) {
+    return syscall(__NR_memfd_create, name, flags);
+}
+
+#ifndef F_LINUX_SPECIFIC_BASE
+#define F_LINUX_SPECIFIC_BASE 1024
+#endif
+
+#ifndef F_ADD_SEALS
+#define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9)
+#define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10)
+
+#define F_SEAL_SEAL     0x0001  /* prevent further seals from being set */
+#define F_SEAL_SHRINK   0x0002  /* prevent file from shrinking */
+#define F_SEAL_GROW     0x0004  /* prevent file from growing */
+#define F_SEAL_WRITE    0x0008  /* prevent writes */
+#endif
+
+#ifndef MFD_CLOEXEC
+#define MFD_CLOEXEC		0x0001U
+#define MFD_ALLOW_SEALING	0x0002U
+#endif
+
+#else
+
+static inline int
+createTmpfileCloexec(char* tmpname)
+{
+    int fd;
+
+    fd = mkostemp(tmpname, O_CLOEXEC);
+    if (fd >= 0)
+        unlink(tmpname);
+
+    return fd;
+}
+
+#endif
diff --git a/glfw/wl_window.c b/glfw/wl_window.c
index 0fd07dc04..525b3d959 100644
--- a/glfw/wl_window.c
+++ b/glfw/wl_window.c
@@ -28,6 +28,7 @@
 
 #include "internal.h"
 #include "backend_utils.h"
+#include "memfd.h"
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -115,18 +116,6 @@ static const struct wl_shell_surface_listener shellSurfaceListener = {
     handlePopupDone
 };
 
-static int
-createTmpfileCloexec(char* tmpname)
-{
-    int fd;
-
-    fd = mkostemp(tmpname, O_CLOEXEC);
-    if (fd >= 0)
-        unlink(tmpname);
-
-    return fd;
-}
-
 /*
  * Create a new, unique, anonymous file of the given size, and
  * return the file descriptor for it. The file descriptor is set
@@ -150,11 +139,21 @@ createTmpfileCloexec(char* tmpname)
 static int
 createAnonymousFile(off_t size)
 {
+    int ret;
+#if defined(__linux__)
+    int fd = memfd_create("glfw-shared", MFD_CLOEXEC | MFD_ALLOW_SEALING);
+    if (fd < 0) return -1;
+    // We can add this seal before calling posix_fallocate(), as the file
+    // is currently zero-sized anyway.
+    //
+    // There is also no need to check for the return value, we couldn’t do
+    // anything with it anyway.
+    fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_SEAL);
+#else
     static const char template[] = "/glfw-shared-XXXXXX";
     const char* path;
     char* name;
     int fd;
-    int ret;
 
     path = getenv("XDG_RUNTIME_DIR");
     if (!path)
@@ -173,6 +172,7 @@ createAnonymousFile(off_t size)
 
     if (fd < 0)
         return -1;
+#endif
     ret = posix_fallocate(fd, 0, size);
     if (ret != 0)
     {