> On Nov 18, 2020, at 1:54 PM, Borislav Petkov <bp@xxxxxxxxx> wrote: > > On Wed, Nov 18, 2020 at 11:37:55PM +0200, Jarkko Sakkinen wrote: >> Just checking that I got this right: you want me to port my anon inode >> changes from March to be applied on top of tip and send them? > > Well, we need to somehow address the issue when some distros map /dev > noexec and that is conflicting with SGX due to it needing to mmap with > executable permissions but /dev/sgx_enclave is noexec... > > I guess the first thing that needs figuring out is why are some distros > mounting /dev noexec. > > I mean, you can always do the easiest thing: somewhere in the SGX > docs say that one of the steps towards running SGX enclaves on such > distros is for the admin to map /dev exec. However, does that have other > security implications which would make such exec mounting a security > hazard? > > If so, then the SGX code would need changing... > > Questions like those. I thought we had determined that this was solvable entirely in userspace. Udev can handle this, no? > > HTH. > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette
