Re: [PATCH v7 7/7] ima: add policy support for the new file open MAY_OPENEXEC flag

On Thu, Jul 23, 2020 at 07:12:27PM +0200, Mickaël Salaün wrote: > From: Mimi Zohar > > The kernel has no way of differentiating between a file containing data > or code being opened by an interpreter. The proposed O_MAYEXEC > openat2(2) flag bridges this gap by defining and enabling the > MAY_OP

[PATCH v7 7/7] ima: add policy support for the new file open MAY_OPENEXEC flag

From: Mimi Zohar The kernel has no way of differentiating between a file containing data or code being opened by an interpreter. The proposed O_MAYEXEC openat2(2) flag bridges this gap by defining and enabling the MAY_OPENEXEC flag. This patch adds IMA policy support for the new MAY_OPENEXEC fl