[PATCH v3 0/5] Add support for RESOLVE_MAYEXEC
jmorris at namei.org
Fri May 1 03:53:50 UTC 2020
On Tue, 28 Apr 2020, Mickaël Salaün wrote:
> Furthermore, the security policy can also be delegated to an LSM, either
> a MAC system or an integrity system. For instance, the new kernel
> MAY_OPENEXEC flag closes a major IMA measurement/appraisal interpreter
> integrity gap by bringing the ability to check the use of scripts .
> Other uses are expected, such as for openat2(2) , SGX integration
> , bpffs  or IPE .
Confirming that this is a highly desirable feature for the proposed IPE
<jmorris at namei.org>
More information about the Linux-security-module-archive