Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC

[PATCH v3 0/5] Add support for RESOLVE_MAYEXEC · Mickaël Salaün <mic@digikod.net> · 2020-04-28
[PATCH v3 2/5] fs: Add a MAY_EXECMOUNT flag to infer the noexec mount property · Mickaël Salaün <mic@digikod.net> · 2020-04-28
Re: [PATCH v3 2/5] fs: Add a MAY_EXECMOUNT flag to infer the noexec mount property · James Morris <jmorris@namei.org> · 2020-05-01
Re: [PATCH v3 2/5] fs: Add a MAY_EXECMOUNT flag to infer the noexec mount property · Mickaël Salaün <mic@digikod.net> · 2020-05-01
[PATCH v3 3/5] fs: Enable to enforce noexec mounts or file exec through RESOLVE_MAYEXEC · Mickaël Salaün <mic@digikod.net> · 2020-04-28
Re: [PATCH v3 3/5] fs: Enable to enforce noexec mounts or file exec through RESOLVE_MAYEXEC · James Morris <jmorris@namei.org> · 2020-05-01
Re: [PATCH v3 3/5] fs: Enable to enforce noexec mounts or file exec through RESOLVE_MAYEXEC · Mickaël Salaün <mic@digikod.net> · 2020-05-01
Re: [PATCH v3 3/5] fs: Enable to enforce noexec mounts or file exec through RESOLVE_MAYEXEC · James Morris <jmorris@namei.org> · 2020-05-01
[PATCH v3 5/5] doc: Add documentation for the fs.open_mayexec_enforce sysctl · Mickaël Salaün <mic@digikod.net> · 2020-04-28
[PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on openat2(2) · Mickaël Salaün <mic@digikod.net> · 2020-04-28
Re: [PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on openat2(2) · James Morris <jmorris@namei.org> · 2020-05-01
Re: [PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on openat2(2) · Mickaël Salaün <mic@digikod.net> · 2020-05-01
[PATCH v3 4/5] selftest/openat2: Add tests for RESOLVE_MAYEXEC enforcing · Mickaël Salaün <mic@digikod.net> · 2020-04-28
Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC · Jann Horn <jannh@google.com> · 2020-04-28
Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC · Aleksa Sarai <hidden> · 2020-04-30
Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC · Christian Brauner <hidden> · 2020-04-30
Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC · Mickaël Salaün <mic@digikod.net> · 2020-04-30
Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC · Lev R. Oshvang . <hidden> · 2020-04-30
Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC · James Morris <jmorris@namei.org> · 2020-05-01

From: James Morris <jmorris@namei.org>
Date: 2020-05-01 03:55:13
Also in: linux-api, linux-fsdevel, lkml

On Tue, 28 Apr 2020, Mickaël Salaün wrote:

Furthermore, the security policy can also be delegated to an LSM, either
a MAC system or an integrity system.  For instance, the new kernel
MAY_OPENEXEC flag closes a major IMA measurement/appraisal interpreter
integrity gap by bringing the ability to check the use of scripts [1].
Other uses are expected, such as for openat2(2) [2], SGX integration
[3], bpffs [4] or IPE [5].

Confirming that this is a highly desirable feature for the proposed IPE 
LSM.

-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help