On Wed, Nov 18, 2020 at 11:37:55PM +0200, Jarkko Sakkinen wrote:
> Just checking that I got this right: you want me to port my anon inode
> changes from March to be applied on top of tip and send them?
Well, we need to somehow address the issue when some distros map /dev
noexec and that is conflicting with SGX due to it needing to mmap with
executable permissions but /dev/sgx_enclave is noexec...
I guess the first thing that needs figuring out is why are some distros
mounting /dev noexec.
I mean, you can always do the easiest thing: somewhere in the SGX
docs say that one of the steps towards running SGX enclaves on such
distros is for the admin to map /dev exec. However, does that have other
security implications which would make such exec mounting a security
hazard?
If so, then the SGX code would need changing...
Questions like those.
HTH.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
