Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Date: Fri, 17 May 2019 14:16:11 -0400
Cc: "Xing, Cedric" <cedric.xing@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, "Serge E. Hallyn" <serge@xxxxxxxxxx>, LSM List <linux-security-module@xxxxxxxxxxxxxxx>, Paul Moore <paul@xxxxxxxxxxxxxx>, Eric Paris <eparis@xxxxxxxxxxxxxx>, "selinux@xxxxxxxxxxxxxxx" <selinux@xxxxxxxxxxxxxxx>, Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>, Jethro Beekman <jethro@xxxxxxxxxxxx>, "Hansen, Dave" <dave.hansen@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, "Dr. Greg" <greg@xxxxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, "linux-sgx@xxxxxxxxxxxxxxx" <linux-sgx@xxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, "nhorman@xxxxxxxxxx" <nhorman@xxxxxxxxxx>, "npmccallum@xxxxxxxxxx" <npmccallum@xxxxxxxxxx>, "Ayoun, Serge" <serge.ayoun@xxxxxxxxx>, "Katz-zamir, Shay" <shay.katz-zamir@xxxxxxxxx>, "Huang, Haitao" <haitao.huang@xxxxxxxxx>, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>, "Svahn, Kai" <kai.svahn@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, "Huang, Kai" <kai.huang@xxxxxxxxx>, David Rientjes <rientjes@xxxxxxxxxx>
In-reply-to: <20190517175036.GD15006@linux.intel.com>
References: <CALCETrX2ovRx3Rre+1_xC-q6CiybyLjQ-gmB4FZF_qCZ-Qd+4A@mail.gmail.com> <960B34DE67B9E140824F1DCDEC400C0F654E38CD@ORSMSX116.amr.corp.intel.com> <CALCETrUfmyQ7ivNzQic0FyPXe1fmAnoK093jnz0i8DRn2LvdSA@mail.gmail.com> <960B34DE67B9E140824F1DCDEC400C0F654E3FB9@ORSMSX116.amr.corp.intel.com> <6a97c099-2f42-672e-a258-95bc09152363@tycho.nsa.gov> <20190517150948.GA15632@linux.intel.com> <ca807220-47e2-5ec2-982c-4fb4a72439c6@tycho.nsa.gov> <80013cca-f1c2-f4d5-7558-8f4e752ada76@tycho.nsa.gov> <20190517172953.GC15006@linux.intel.com> <7de94229-f223-64bd-de11-7a601ec26938@tycho.nsa.gov> <20190517175036.GD15006@linux.intel.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

On 5/17/19 1:50 PM, Sean Christopherson wrote:

On Fri, May 17, 2019 at 01:42:50PM -0400, Stephen Smalley wrote:

On 5/17/19 1:29 PM, Sean Christopherson wrote:

AIUI, having FILE__WRITE and FILE__EXECUTE on /dev/sgx/enclave would allow
*any* enclave/process to map EPC as RWX.  Moving to anon inodes and thus
PROCESS__EXECMEM achieves per-process granularity.


No, FILE__WRITE and FILE__EXECUTE are a check between a process and a file,
so you can ensure that only whitelisted processes are allowed both to
/dev/sgx/enclave.


Ah, so each process has its own FILE__* permissions for a specific set of
files?


That's correct.

Does that allow differentiating between a process making an EPC page RWX
and a process making two separate EPC pages RW and RX?

Not if they are backed by the same inode, nor if they are all backed byanon inodes, at least not as currently implemented.

References:
- Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Andy Lutomirski
- RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Xing, Cedric
- Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Andy Lutomirski
- RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Xing, Cedric
- Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Stephen Smalley
- Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Sean Christopherson
- Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Stephen Smalley
- Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Stephen Smalley
- Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Sean Christopherson
- Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Stephen Smalley
- Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
  - From: Sean Christopherson

Prev by Date: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Next by Date: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Previous by thread: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Next by thread: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Index(es):
- Date
- Thread

[Index of Archives] [Selinux Refpolicy] [Linux SGX] [Fedora Users] [Fedora Desktop] [Yosemite Photos] [Yosemite Camping] [Yosemite Campsites] [KDE Users] [Gnome Users]