On Tue, Mar 31, 2020 at 4:44 AM Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > > When creating an enclave attach it to an anonymous file. This prepares the > code to have a separate interface at runtime, which can be published to the > user space after the enclave has been fully initialized. This isn't an objection per se, but I can't shake the feeling that this seems ridiculous. This changes the type of object returned by open() because, without this change, the old type was problematic. So I have some questions: - Can sgx just ignore the fs noexec option on the chardev inode's fs instead? - Would SELinux users *want* to put a useful label on the inode? if so, can they still accomplish whatever they were trying to accomplish with this patch applied? --Andy
