* Matthew Wilcox: > On Wed, Dec 12, 2018 at 09:17:07AM +0100, Mickaël Salaün wrote: >> The goal of this patch series is to control script interpretation. A >> new O_MAYEXEC flag used by sys_open() is added to enable userland script >> interpreter to delegate to the kernel (and thus the system security >> policy) the permission to interpret scripts or other files containing >> what can be seen as commands. > > I don't have a problem with the concept, but we're running low on O_ bits. > Does this have to be done before the process gets a file descriptor, > or could we have a new syscall? Since we're going to be changing the > interpreters anyway, it doesn't seem like too much of an imposition to > ask them to use: > > int verify_for_exec(int fd) > > instead of adding an O_MAYEXEC. Will this work for auditing? Maybe add an interface which explicitly upgrades O_PATH descriptors, and give that a separate flag argument? I suppose that would be more friendly to auditing. Thanks, Florian
