Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp632900ybz;
        Wed, 29 Apr 2020 06:43:56 -0700 (PDT)
X-Google-Smtp-Source: APiQypJhMA2S8TLxU+MrHmIImMjoIZzUjfgX+S6EOfuHO+IwbG7w17kin9z4XIyIwLWwfFjd50H1
X-Received: by 2002:a50:c487:: with SMTP id y7mr2516356edf.312.1588167836489;
        Wed, 29 Apr 2020 06:43:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1588167836; cv=none;
        d=google.com; s=arc-20160816;
        b=ykRzU9cp0O5r1+VYPY1LkmsKlx75V1A9CMCvQ32lrVfAkamm2MB/0SoDva84huNwSp
         l7cLGJQtgMOYdBtPiacz25Z5SUDcDSptftK7zaJa1KpW/E2INYIWP0fLTtfFwXzp8Rbr
         aL7Jna9ZE5cYuwT2++zMG0ozqUtxeK4Iul9oXotLjQEdaLCmskl+4CoctWhOUai/UNek
         BUMwsu+zR8FtPF5Iy4pH1Hlcj6MkdlLIohqdnua/ewBF7qSR28eiXfe5Dwjc1o237a9P
         nt88ySeqjfzTmEMaF5VKGpBooMlxF+dbyeheC0oD9rEYoTYzrmlNLilp4PypV4ta30g6
         FXdg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from;
        bh=OKEF0NY1FOBgMjGeH/W4NY4EnGskDHk2Ib2C9H7PQds=;
        b=ikQjCKT2r1iLx+COWLXpSjxM9bWOT3/GQD40pNXjSJ/76vtQBStmoE6bsGJCLGCNfr
         prLqZ3d5W7M12w7b3Tz4H4ho0Qi7g8cX0YZyLsg8w5HeQ5l2qiGjszJE6L+66Jqt7hwX
         ZJE99p4yWbXk8nFB3puUPon6RDH5cRb1X7KRoywLHByvAjvtH+aXEyWkry3COM5M7hvy
         iGLJNwj9Sg8WRI30tt5PhTUnY8lIcq4ivXu7y8I2hcbTG5PJMt+nILxyt9+AKiaHLQEy
         TNgLavyCCjNls4IBTaNQItiocTg8PlToP6OqPE3LSStjmR/Bd/5ug1ogwb+WTo331NDJ
         SQHA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id p10si3405673edq.609.2020.04.29.06.43.32;
        Wed, 29 Apr 2020 06:43:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728316AbgD2NjG (ORCPT <rfc822;ahaning.tech@gmail.com>
        + 99 others); Wed, 29 Apr 2020 09:39:06 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:24646 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728308AbgD2NjF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 Apr 2020 09:39:05 -0400
Received: from pps.filterd (m0098409.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03TDW8Jl120025;
        Wed, 29 Apr 2020 09:39:00 -0400
Received: from pps.reinject (localhost [127.0.0.1])
        by mx0a-001b2d01.pphosted.com with ESMTP id 30mggvqc0s-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Wed, 29 Apr 2020 09:38:59 -0400
Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1])
        by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 03TDWFfq120723;
        Wed, 29 Apr 2020 09:38:59 -0400
Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70])
        by mx0a-001b2d01.pphosted.com with ESMTP id 30mggvqbwh-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Wed, 29 Apr 2020 09:38:58 -0400
Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1])
        by ppma01fra.de.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 03TDUmZn003743;
        Wed, 29 Apr 2020 13:38:55 GMT
Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198])
        by ppma01fra.de.ibm.com with ESMTP id 30mcu8duh6-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Wed, 29 Apr 2020 13:38:55 +0000
Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62])
        by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 03TDcrwb54132832
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Wed, 29 Apr 2020 13:38:53 GMT
Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 322BEAE051;
        Wed, 29 Apr 2020 13:38:53 +0000 (GMT)
Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 2BDF9AE055;
        Wed, 29 Apr 2020 13:38:52 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.85.162.91])
        by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Wed, 29 Apr 2020 13:38:52 +0000 (GMT)
From:   Mimi Zohar <zohar@linux.ibm.com>
To:     linux-integrity@vger.kernel.org
Cc:     Mimi Zohar <zohar@linux.ibm.com>, Mickael Salaun <mic@digikod.net>,
        Steve Grubb <sgrubb@redhat.com>, Jann Horn <jannh@google.com>,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 0/2] ima: extending IMA policy to support interpreters
Date:   Wed, 29 Apr 2020 09:38:41 -0400
Message-Id: <1588167523-7866-1-git-send-email-zohar@linux.ibm.com>
X-Mailer: git-send-email 2.7.5
X-TM-AS-GCONF: 00
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.676
 definitions=2020-04-29_05:2020-04-29,2020-04-29 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 spamscore=0
 suspectscore=1 mlxscore=0 lowpriorityscore=0 adultscore=0 phishscore=0
 bulkscore=0 priorityscore=1501 malwarescore=0 clxscore=1015
 mlxlogscore=883 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2003020000 definitions=main-2004290110
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On file open, the kernel has no way of differentiating between files
containing data and those with code that will be executed.  Only the
interpreter knows how the file will be used.  To bridge this gap, this
patch set extends the IMA policy language:

- to identify files with the executable mode bit set
- to support the new file open flag MAY_OPENEXEC introduced by Mickael
  Salaun's "[PATCH v3 0/5] Add support for RESOLVE_MAYEXEC" patch set.

Mimi

Mimi Zohar (2):
  ima: add policy support for identifying file execute mode bit
  ima: add policy support for the new file open MAY_OPENEXEC flag

 Documentation/ABI/testing/ima_policy |  7 ++++---
 security/integrity/ima/ima_main.c    |  3 ++-
 security/integrity/ima/ima_policy.c  | 33 +++++++++++++++++++++++++++------
 3 files changed, 33 insertions(+), 10 deletions(-)

-- 
2.7.5