Re: [PATCH 1/2] ima: add policy support for identifying file execute mode bit

From: Lakshmi Ramasubramanian
Date: Wed Apr 29 2020 - 13:22:39 EST

Next message: Lakshmi Ramasubramanian: "Re: [PATCH 2/2] ima: add policy support for the new file open MAY_OPENEXEC flag"
Previous message: Eugeniy Paltsev: "Re: [PATCH] ARC: guard dsp early init against non ARCv2"
In reply to: Mimi Zohar: "[PATCH 1/2] ima: add policy support for identifying file execute mode bit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/29/20 6:38 AM, Mimi Zohar wrote:

Extend the IMA policy language with "mode=IXUGO" to identify files with
the execute mode bit enabled.

Examples:
measure func=FILE_CHECK mode=IXUGO
appraise func=FILE_CHECK appraise_type=imasig mode=IXUGO

Suggested-by: Steve Grubb <sgrubb@xxxxxxxxxx> (based on execute mode bit)
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

Reviewed.

Next message: Lakshmi Ramasubramanian: "Re: [PATCH 2/2] ima: add policy support for the new file open MAY_OPENEXEC flag"
Previous message: Eugeniy Paltsev: "Re: [PATCH] ARC: guard dsp early init against non ARCv2"
In reply to: Mimi Zohar: "[PATCH 1/2] ima: add policy support for identifying file execute mode bit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]