tldr: Is there some way to ask IMA not to open (execute) unknown binaries Hi all, I saw some comments on RFC for WhiteEgret LSM. Someone on the same thread said that IMA could be used for whitelisting as well. Based on a couple of hours with IMA, it seems to me that IMA can only stop execution of (altered) binaries whose hash/sign was earlier measured. If a user installs a new (unknown) application, it seems like IMA is going to allow that application to run since IMA can't find any integrity loss since IMA doesn't have any 'good' value against the new application. Is this correct? Or is there some other option to ask IMA not to execute any unknown binary? Kind regards, m3hm00d
