On Wed, Jul 10, 2019 at 11:19:30PM +0300, Jarkko Sakkinen wrote: > Still, we need a documentation reference to reflect the narrative > for these changes, seriously. It cannot be that SELinux is widely > deployed and it completely lacks documentation for its basic > objects, can it? I found one good reference: https://selinuxpTroject.org/page/ObjectClassesPerms It describes EXECMOD as: "Make executable a file mapping that has been modified by copy-on-write. (Text relocation)" This makes me wonder how EXECMOD even connects to this discussion? Enclave is never a COW mapping. Seems like there is a huge diff on how SELinux's official documentation describes it and how it is described here... /Jarkko
