On Thu, Sep 24, 2020 at 01:54:09PM -0700, Dave Hansen wrote: > On 9/24/20 1:25 PM, Sean Christopherson wrote: > ... > >> Why don't we just declare enclave memory as "out of scope for noexec" in > >> the same way that anonymous memory is, and just discard this patch? > >> That doesn't seem too much of a stretch. > > > > Because we lose line of sight to LSM support. Without enforcing "declare perms > > at load time" in the initial series, we would create an ABI where userspace > > could load an enclave page with only READ permissions and then map the enclave > > with whatever permissions it wants, without any convenient way for SGX to call > > into the LSM. > > This argument holds no water for me. LSMs are all about taking what > would otherwise be perfectly acceptable behavior and breaking them in > the name of security. They fundamentally break applications that used > to work just fine and also did totally sane things. Well, I see that having this gives a better assets for a separate loader. It can load and initialize the enclave and a consumer can then use it but cannot override its permissions. I don't even remember exactly how SELinux permissions played together. I don't think it is required as an argument for this patch. /Jarkko
