Systemd has bug

You are mixing up things: we are not making use of the executable fd so far much, because we don't actually use execveat() unless you set ENABLE_FEXECVE macro, which nobody does. The code to use this was added a while back, in hopeful preparation that some day we could use execveat() properly, but that future never came, so nothing else was moved over to using only the executable fd, because that would be dead code.

It's like arguing: we don't need washing machines, because everyone washes their clothes by hand. Of course they do, if they have no washing machine!

In systemd we are moving the codebase bit by bit over to reference things by fds rather than by paths, i.e. for new stuff we generally only use O_PATH, openat() and friends. For old code we port things over, but we'll never be able to do that properly for execveat(), since it's so unusable right now.

I am not going to comment on the SMACK stuff, it's contributed code by SMACK folks, I have no comprehensive understanding of that.

Lennart