On Tue, Jun 11, 2024 at 9:10 AM Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > On 2024/06/11 5:44, Paul Moore wrote: > >> diff --git a/fs/exec.c b/fs/exec.c > >> index 40073142288f..7ec13b104960 100644 > >> --- a/fs/exec.c > >> +++ b/fs/exec.c > >> @@ -1532,6 +1532,7 @@ static void do_close_execat(struct file *file) > >> > >> static void free_bprm(struct linux_binprm *bprm) > >> { > >> + security_bprm_free(bprm); > >> if (bprm->mm) { > >> acct_arg_size(bprm, 0); > >> mmput(bprm->mm); > >> > > > > Tetsuo, it's been a while since we've heard from you in this thread - > > are you still planning to work on this? If not, would you object if > > someone else took over this patchset? > > You are going to merge static call patches first (though I call it a regression), > aren't you? That is the plan, although we need another revision as the latest draft has a randstruct casting problem. > For me, reviving dynamically appendable hooks (which is about to be > killed by static call patches) has the higher priority than adding > security_bprm_free() hook. Unfortunately, dynamic hooks do not appear to be something we are going to support, at least in the near term. With that understanding, do you expect to be able to work on the security_bprm_free() hook patchset? -- paul-moore.com