On Wed, Nov 7, 2018 at 7:07 PM Matthew Bobrowski <mbobrowski@xxxxxxxxxxxxxx> wrote: > > A new event mask FAN_OPEN_EXEC has been defined so that users have the > ability to receive events specifically when a file has been opened with > the intent to be executed. Events of FAN_OPEN_EXEC type will be > generated when a file has been opened using either execve(), execveat() > or uselib() system calls. > > The feature is implemented within fsnotify_open() by generating the > FAN_OPEN_EXEC event type if __FMODE_EXEC is set within file->f_flags. > I think this needs some clarification. In particular: Do current kernels generate some other fanotify on execve or do they generate no event at all? What is the intended use case? What semantics do you provide for the opening of the ELF loader? Are those semantics useful? How are users of this mechanism expected to handle DSOs? --Andy
