On 6/18/19 9:55 AM, Sean Christopherson wrote:
On Tue, Jun 18, 2019 at 09:38:19AM -0400, Stephen Smalley wrote:
On 6/17/19 6:24 PM, Sean Christopherson wrote:
My original plan was for my next RFC to be an implementation of Andy's
proposed "dynamic tracking" model. I actually finished the tracking
portion, but was completely flummoxed by the auditing[1]. Since Cedric's
RFC is essentially a variation of the dynamic tracking model, it too has
the same auditing complexities. End result, I ended back at the "make
userspace state its intentions" approach.
Except for patch 12 (see below), the SGX changes have been fully tested,
including updating the kernel's selftest as well as my own fork of (an old
version of) Intel's SDK to use the new UAPI. The LSM changes have been
smoke tested, but I haven't actually configured AppArmor or SELinux to
verify the permissions work as intended.
Was dropping linux-security-module and selinux lists intentional for this
RFC? Not recommended.
Yes, my thought was to keep the noise to the sgx list until we at least
agree on a direction for the SGX UAPI. I am fully expecting that whatever
LSM and SELinux patches we end up with will go through a lot more scrutiny
when Jarkko sends them with his SGX series.
Anyways, would you like me to resend the series to Cc the aforementioned
lists?
I guess it depends on how soon you plan to spin another version. If
soon, then you can wait on the next round. But I wouldn't wait until
everything else is fully baked because the LSM discussion might chase
out issues that require changes elsewhere.
Is the entire series aside from patch 12 available in a public tree
somewhere?
I pushed tag 'sgx-lsm-v3' to https://github.com/sean-jc/linux.git.
Ultimately we'll want additions to the selinux-testsuite that exercise each
of the new permissions, both a permission denied scenario and a permission
allowed scenario.
