On Wed, 2024-01-24 at 11:22 -0800, Kees Cook wrote:

After commit 978ffcbf00d8 ("execve: open the executable file before
doing anything else"), current->in_execve was no longer in sync with the
open(). This broke AppArmor and TOMOYO which depend on this flag to
distinguish "open" operations from being "exec" operations.

Instead of moving around in_execve, switch to using __FMODE_EXEC, which
is where the "is this an exec?" intent is stored. Note that TOMOYO still
uses in_execve around cred handling.

It solves the AppArmor issue I was experiencing and I don't notice any
other issues.

Tested-by: Kevin Locke <redacted>

Thanks!
Kevin