On Tue, 2019-03-19 at 10:50 +0300, Igor Zhbanov wrote: > Hi Mimi, > > I guess similar to SELinux function: [snip] Remember IMA relies on LSMs for mandatory access control(MAC). IMA measures, audits, and enforces file integrity. > > The structure vm_area_struct has a pointer vm_file pointing to mapped file > so it could be used what file's xattrs to check. That's fine for when there is a file descriptor, but the file descriptor could have been closed. (Refer to the mmap manpage.) Mimi
