How to obtain a sealing capability on Morello Linux purecap?

My understanding is that to seal a capability I require a sealer cap which has address that fits into the object ID of the capability to be sealed, i.e it's address is < 64KBytes.

How to obtain a suitable capability on Linux purecap?  Is there a new system call available to get one?

I am temporarily using DDC, and this works, e.g something like this:

void* __capability sealed_cap = cheri_seal(ptr_to_seal, (uint8_t*)cheri_ddc_get() + (ptrdiff_t)0x1234);

But obviously I need a proper sealing capability, mmap() / malloc() are likely to give something with a lower bound too high.  I suppose I could reduce the bounds of DDC but this sounds like a hack.

Please advise how it is supposed to be done!