On Fri, May 31, 2024 at 04:50:16PM +0200, Christian Brauner wrote: > So then I propose we just make the deny write stuff during exec > conditional on IMA being active. At the end it's small- vs chicken pox. > > (I figure it won't be enough for IMA to read the executable after it has > been mapped MS_PRIVATE?) do you mean MAP_PRIVATE? If so, you have a misapprehension. We can change the contents of the pagecache after MAP_PRIVATE and that will not cause COW. COW only occurs if someone writes through a MAP_PRIVATE.
