[GIT PULL] IPE update for 6.19
Fan Wu
wufan at kernel.org
Wed Dec 3 04:01:24 UTC 2025
Hi Linus,
Please merge this PR for the IPE (Integrity Policy Enforcement) update for 6.19.
This PR contains three commits. The primary change is the addition of
support for the AT_EXECVE_CHECK flag. This allows interpreters to
signal the kernel to perform IPE security checks on script files
before execution, extending IPE enforcement to indirectly executed
scripts.
These commits have been tested for several weeks in linux-next without
any issues.
Thanks,
Fan
--
The following changes since commit 7d0a66e4bb9081d75c82ec4957c50034cb0ea449:
Linux 6.18 (2025-11-30 14:42:10 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/wufan/ipe.git
tags/ipe-pr-20251202
for you to fetch changes up to d7ba853c0e47d57805181f5269ba250270d2adde:
ipe: Update documentation for script enforcement (2025-12-02 19:37:10 -0800)
----------------------------------------------------------------
ipe/stable-6.19 PR 20251202
----------------------------------------------------------------
Borislav Petkov (AMD) (1):
ipe: Drop a duplicated CONFIG_ prefix in the ifdeffery
Yanzhu Huang (2):
ipe: Add AT_EXECVE_CHECK support for script enforcement
ipe: Update documentation for script enforcement
Documentation/admin-guide/LSM/ipe.rst | 17 ++++++++++++++---
security/ipe/audit.c | 1 +
security/ipe/hooks.c | 29 ++++++++++++++++++++++++++++-
security/ipe/hooks.h | 3 +++
security/ipe/ipe.c | 1 +
5 files changed, 47 insertions(+), 4 deletions(-)
More information about the Linux-security-module-archive
mailing list