On 2019-07-10 08:49, Sean Christopherson wrote:
On Sun, Jul 07, 2019 at 04:41:34PM -0700, Cedric Xing wrote:selinux_enclave_init() determines if an enclave is allowed to launch, using the criteria described earlier. This implementation does NOT accept SIGSTRUCT in anonymous memory. The backing file is also cached in struct file_security_struct and will serve as the base for decisions for anonymous pages.Did we ever reach a consensus on whether sigstruct must reside in a file?
This would be inconvenient for me, but I guess I can create a memfd? -- Jethro Beekman | Fortanix
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
