[PATCH v3 3/5] fs: Enable to enforce noexec mounts or file exec through RESOLVE_MAYEXEC
James Morris
jmorris at namei.org
Fri May 1 18:05:53 UTC 2020
On Fri, 1 May 2020, Mickaël Salaün wrote:
>
> However, for fully controlled distros such as CLIP OS, it make sense to
> enforce such restrictions at kernel build time. I can add an alternative
> kernel configuration to enforce a particular policy at boot and disable
> this sysctl.
Sounds good.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list