[RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Fri Jul 5 16:05:49 UTC 2019
On Wed, Jun 19, 2019 at 03:23:49PM -0700, Sean Christopherson wrote:
I still don't get why we need this whole mess and do not simply admit
that there are two distinct roles:
1. Creator
2. User
In the SELinux context Creator needs FILE__WRITE and FILE__EXECUTE but
User does not. It just gets the fd from the Creator. I'm sure that all
the SGX2 related functionality can be solved somehow in this role
playing game.
An example would be the usual case where enclave is actually a loader
that loads the actual piece of software that one wants to run. Things
simply need to be designed in a way the Creator runs the loader part.
These are non-trivial problems but oddball security model is not going
to make them disappear - on the contrary it will make designing user
space only more complicated.
I think this is classical example of when something overly complicated
is invented in the kernel only to realize that it should be solved in
the user space.
It would not be like the only use case where some kind of privileged
daemon is used for managing some a kernel provided resource.
I think a really good conclusion from this discussion that has taken two
months is to realize that nothing needs to be done in this area (except
*maybe* noexec check).
/Jarkko
More information about the Linux-security-module-archive
mailing list