On Mon, Jul 08, 2019 at 10:29:30AM -0700, Sean Christopherson wrote: > On Fri, Jul 05, 2019 at 07:05:49PM +0300, Jarkko Sakkinen wrote: > > On Wed, Jun 19, 2019 at 03:23:49PM -0700, Sean Christopherson wrote: > > > > I still don't get why we need this whole mess and do not simply admit > > that there are two distinct roles: > > > > 1. Creator > > 2. User > > Because SELinux has existing concepts of EXECMEM and EXECMOD. What is the official documentation for those? I've only found some explanations from discussions and some RHEL sysadmin guides. > That being said, we can do so without functional changes to the SGX uapi, > e.g. add reserved fields so that the initial uapi can be extended *if* we > decide to go with the "userspace provides maximal protections" path, and > use the EPCM permissions as the maximal protections for the initial > upstreaming. > > That'd give us a minimal implemenation for initial upstreaming and would > eliminate Cedric's blocking complaint. The "whole mess" of whitelisting, > blacklisting and SGX2 support would be deferred until post-upstreaming. I'd like that approach more too. /Jarkko
