[Zoup]

yeah you are missing --exec there, which feels a bit useless that you have to mention it, but I prefer things explicit and use all LSM can provide, I can imagine cases where --exec isn't really required. like `cat`.

either case have a look at latest release, it's a bit cleaner.

[mikedelfino]

Could you please help me understand why exec is required for this touch example? Is it necessary to actually launch the touch binary? Or touch itself exec()s something else?

[extraduder_ire]

This might be related to needing execute permissions (filesystem x bit) on the directory to modify files within.

[mikedelfino]

Got it. I thought it had to do with execve() syscall.