> On Apr 3, 2020, at 3:08 PM, Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > > On Fri, Apr 03, 2020 at 08:50:08AM -0700, Casey Schaufler wrote: >>> How does smackfs interact with namespaces? >> >> Smack attributes are global. Aside from privilege issues, namespaces >> ignore and are ignored by Smack. > > Okay. > > For SGX, I foresee things as: > > 1. Existing files are global. > 2. If a policy of any kind is ever added it needs to be *per container*. > I'm not sure whether PID or user namespace is the right choice here, > but does not matter right now as the feature is not in the queue. > > To summarize: > > 1. We have a heterogeneous set of files (i.e. 'enclave' and 'provision' > are not "different sames"). > 2. The files probably will have heterogeneous visibility requirements. > > I think based on these premises own file system would be a more decent > choice than populating /dev. Beside, SGX hasn't been a driver for a > while. > > Andy, what do you think of this? Probably okay. There are two semantic questions you’ll have to address, though: - What happens if you mount sgxfs twice? Do you get two copies that can diverge from each other, or do you get two views of the same thing? - Can it be instantiated from outside the root initns? It’s certainly conceptually simpler to stick with device nodes. Why exactly is Ubuntu noexecing /dev? > > /Jarkko
