Re: [Linux-ima-devel] [PATCH] IMA: Add support for IMA validation after credentials are committed

[Matthew G. <mj...@go...>]

On Fri, Sep 8, 2017 at 10:43 AM, Matthew Garrett <mj...@go...> wrote:
> It may be desirable to perform appraisal after credentials are
> committed, for instance in the case where validation is only required if
> the binary has transitioned into a privileged security context. Add an
> additional call into IMA in the committed_credentials security hook and
> abort execution if it fails.

Hi,

Any feedback on this?