We are using SRM builds (without enabling any security feature/McAfee solidification features). One of the scripts (shell/python) to be modified and test the functionality but if we modify, these scripts are not getting executed. Only if we rebuild the image and install, then only working.
it is the IMA (Integrity Measurement Architecture) that prevents the execution of the modified and therefore not correctly signed scripts.
Normally the binaries (executables, scripts) get IMA signed during the host build. If you change the binary content or its metadata (e.g. location of the binary) on the target, you can also sign it on the target.
You can sign the binary on the target with the evmctl command for example: