On Tue, Aug 26, 2025 at 08:30:41AM -0400, Theodore Ts'o wrote: > Is there a single, unified design and requirements document that > describes the threat model, and what you are trying to achieve with > AT_EXECVE_CHECK and O_DENY_WRITE? I've been looking at the cover > letters for AT_EXECVE_CHECK and O_DENY_WRITE, and the documentation > that has landed for AT_EXECVE_CHECK and it really doesn't describe > what *are* the checks that AT_EXECVE_CHECK is trying to achieve: > > "The AT_EXECVE_CHECK execveat(2) flag, and the > SECBIT_EXEC_RESTRICT_FILE and SECBIT_EXEC_DENY_INTERACTIVE > securebits are intended for script interpreters and dynamic linkers > to enforce a consistent execution security policy handled by the > kernel."
