[PATCH 1/2] ima: add policy support for identifying file execute mode bit

Lakshmi Ramasubramanian nramas at linux.microsoft.com
Wed Apr 29 17:22:36 UTC 2020

On 4/29/20 6:38 AM, Mimi Zohar wrote:

> Extend the IMA policy language with "mode=IXUGO" to identify files with
> the execute mode bit enabled.
> Examples:
> measure func=FILE_CHECK mode=IXUGO
> appraise func=FILE_CHECK appraise_type=imasig mode=IXUGO
> Suggested-by: Steve Grubb <sgrubb at redhat.com> (based on execute mode bit)
> Signed-off-by: Mimi Zohar <zohar at linux.ibm.com>


More information about the Linux-security-module-archive mailing list