On 16/07/2020 16:59, Randy Dunlap wrote: > On 7/16/20 7:40 AM, Mickaël Salaün wrote: >> >> On 15/07/2020 22:40, Kees Cook wrote: >>> On Tue, Jul 14, 2020 at 08:16:38PM +0200, Mickaël Salaün wrote: >>>> From: Mimi Zohar <zohar@xxxxxxxxxxxxx> >>>> >>>> The kernel has no way of differentiating between a file containing data >>>> or code being opened by an interpreter. The proposed O_MAYEXEC >>>> openat2(2) flag bridges this gap by defining and enabling the >>>> MAY_OPENEXEC flag. >>>> >>>> This patch adds IMA policy support for the new MAY_OPENEXEC flag. >>>> >>>> Example: >>>> measure func=FILE_CHECK mask=^MAY_OPENEXEC >>>> appraise func=FILE_CHECK appraise_type=imasig mask=^MAY_OPENEXEC >>>> >>>> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> >>>> Reviewed-by: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx> >>>> Acked-by: Mickaël Salaün <mic@xxxxxxxxxxx> >>> >>> (Process nit: if you're sending this on behalf of another author, then >>> this should be Signed-off-by rather than Acked-by.) >> >> I'm not a co-author of this patch. >> > > from Documentation/process/submitting-patches.rst: > > The Signed-off-by: tag indicates that the signer was involved in the > development of the patch, or that he/she was in the patch's delivery path. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > OK, I though such tag had to go along with the From/Author, the Committer or a Co-developed-by tag, but there is also this specific case. I'll fix that in the next series.