On Sat, Nov 30, 2024 at 04:55:09PM +1100, Aleksa Sarai wrote: > On 2024-11-29, Kees Cook <kees@xxxxxxxxxx> wrote: > > Zbigniew mentioned at Linux Plumber's that systemd is interested in > > switching to execveat() for service execution, but can't, because the > > contents of /proc/pid/comm are the file descriptor which was used, > > instead of the path to the binary. This makes the output of tools like > > top and ps useless, especially in a world where most fds are opened > > CLOEXEC so the number is truly meaningless. > > > > When the filename passed in is empty (e.g. with AT_EMPTY_PATH), use the > > dentry's filename for "comm" instead of using the useless numeral from > > the synthetic fdpath construction. This way the actual exec machinery > > is unchanged, but cosmetically the comm looks reasonable to admins > > investigating things. > > > > Instead of adding TASK_COMM_LEN more bytes to bprm, use one of the unused > > flag bits to indicate that we need to set "comm" from the dentry. > > Looks reasonable to me, feel free to take my > > Reviewed-by: Aleksa Sarai <cyphar@xxxxxxxxxx> Thank you for making another version of the patch. I tested this with systemd compiled to use fexecve and everything seems to work as expected (the filename in /proc//comm). Zbyszek
