[PATCH 1/2] ima: add policy support for identifying file execute mode bit
Lakshmi Ramasubramanian
nramas at linux.microsoft.com
Wed Apr 29 17:22:36 UTC 2020
On 4/29/20 6:38 AM, Mimi Zohar wrote:
> Extend the IMA policy language with "mode=IXUGO" to identify files with
> the execute mode bit enabled.
>
> Examples:
> measure func=FILE_CHECK mode=IXUGO
> appraise func=FILE_CHECK appraise_type=imasig mode=IXUGO
>
> Suggested-by: Steve Grubb <sgrubb at redhat.com> (based on execute mode bit)
> Signed-off-by: Mimi Zohar <zohar at linux.ibm.com>
Reviewed.
More information about the Linux-security-module-archive
mailing list