[PATCH v3 0/5] Add support for RESOLVE_MAYEXEC

James Morris jmorris at namei.org
Fri May 1 03:53:50 UTC 2020

On Tue, 28 Apr 2020, Mickaël Salaün wrote:

> Furthermore, the security policy can also be delegated to an LSM, either
> a MAC system or an integrity system.  For instance, the new kernel
> MAY_OPENEXEC flag closes a major IMA measurement/appraisal interpreter
> integrity gap by bringing the ability to check the use of scripts [1].
> Other uses are expected, such as for openat2(2) [2], SGX integration
> [3], bpffs [4] or IPE [5].

Confirming that this is a highly desirable feature for the proposed IPE 

James Morris
<jmorris at namei.org>

More information about the Linux-security-module-archive mailing list