+ * @bprm_post_apply_creds:
+ * Runs after bprm_apply_creds with the task_lock dropped, so that
+ * functions which cannot be called safely under the task_lock can
+ * be used. This hook is a good place to perform state changes on
+ * the process such as closing open file descriptors to which access
+ * is no longer granted if the attributes were changed.
+ * Note that a security module might need to save state between
+ * bprm_apply_creds and bprm_post_apply_creds to store the decision
+ * on whether the process may proceed.
+ * @bprm contains the linux_binprm structure.