[RFC PATCH v2 0/3] security/x86/sgx: SGX specific LSM hooks

Jarkko Sakkinen jarkko.sakkinen at linux.intel.com
Wed Jul 3 23:16:50 UTC 2019


On Thu, Jun 27, 2019 at 11:56:18AM -0700, Cedric Xing wrote:

I think it is fine to have these patch sets as a discussion starters but
it does not make any sense to me to upstream LSM changes with the SGX
foundations.

This is exactly the same situation as with KVM changes. The patch set is
already way too big to fit to the standards [1].

The eye should be on whether the uapi (e.g. device files, ioctl's) will
work for LSM's in a legit way. Do we need more of these different
flavors of experimental LSM changes or can we make some conclusions with
the real issue we are trying to deal with?

[1] "Do not send more than 15 patches at once to the vger mailing lists!!!"
    https://www.kernel.org/doc/html/v4.17/process/submitting-patches.html#select-the-recipients-for-your-patch

/Jarkko



More information about the Linux-security-module-archive mailing list