On Mon, Oct 14, 2024 at 09:39:52AM +0200, Mickaël Salaün wrote: > On Sat, Oct 12, 2024 at 10:04:16PM -0500, Serge E. Hallyn wrote: > > On Fri, Oct 11, 2024 at 08:44:17PM +0200, Mickaël Salaün wrote: > > > Add a new AT_CHECK flag to execveat(2) to check if a file would be > > > > Apologies for both bikeshedding and missing earlier discussions. > > > > But AT_CHECK sounds quite generic. How about AT_EXEC_CHECK, or > > AT_CHECK_EXEC_CREDS? (I would suggest just AT_CHECK_CREDS since > > it's for use in execveat(2), but as it's an AT_ flag, it's > > probably worth being more precise). > > As Amir pointed out, we need at least to use the AT_EXECVE_CHECK_ > prefix, and I agree with the AT_EXECVE_CHECK name because it's about > checking the whole execve request, not sepcifically a "creds" part. Well, not the whole. You are explicitly not checking the validity of the files. But ok. With that, Reviewed-by: Serge Hallyn <sergeh@xxxxxxxxxx> thanks, -serge
