> Patch looks mostly good. Why do you use ~PROT_WRITE instead of PROT_READ|PROT_EXEC as in your example?

Because I'm not sure that PROT_EXEC is supported by all platforms. See
http://pubs.opengroup.org/onlinepubs/007908799/xsh/mmap.html :
"The implementation will support at least the following values of
prot: PROT_NONE, PROT_READ, PROT_WRITE, and the inclusive OR of
PROT_READ and PROT_WRITE."
If PROT_EXEC is defined but unsupported, it's likely to be defined as
0, so passing PROT_READ|PROT_EXEC will just pass PROT_READ (which is
catched by the current version), whereas with ~PROT_WRITE we're sure
that the PROT_WRITE bit won't be set.

> (I'm unsure whether a POSIX implementation could refuse such a value)

Me neither. I'd guess that the syscall just performs bitwise AND to
check the bits that are set, but you never know :-)
Maybe we could try this and see if a builbot complains ?