+     * the risk of leaking capabilities outside their original address-space.
+     */
+    if (system_supports_morello() && ((flags & MAP_TYPE) == 0x02 /* MAP_PRIVATE */))

Could we potentially include <uapi/linux/mman.h> instead of
<uapi/asm/mman.h> to get MAP_PRIVATE, or is the header soup too bad for
that?

uapi/linux/mman.h includes asm/mman.h (i.e. this file). Also, uapi/asm/mman.h is needed for BTI and MTE. I think I could move the implementations out of the headers and include everything properly, but they wouldn't be inline anymore...