[RFC PATCH v2 0/3] security/x86/sgx: SGX specific LSM hooks
Xing, Cedric
cedric.xing at intel.com
Sat Jul 6 05:04:31 UTC 2019
On 7/3/2019 4:16 PM, Jarkko Sakkinen wrote:
> On Thu, Jun 27, 2019 at 11:56:18AM -0700, Cedric Xing wrote:
>
> I think it is fine to have these patch sets as a discussion starters but
> it does not make any sense to me to upstream LSM changes with the SGX
> foundations.
Guess LSM is a gating factor, because otherwise SGX could be abused to
make executable EPC from pages that are otherwise not allowed to be
executable. Am I missing anything?
>
> This is exactly the same situation as with KVM changes. The patch set is
> already way too big to fit to the standards [1].
>
> The eye should be on whether the uapi (e.g. device files, ioctl's) will
> work for LSM's in a legit way. Do we need more of these different
> flavors of experimental LSM changes or can we make some conclusions with
> the real issue we are trying to deal with?
>
> [1] "Do not send more than 15 patches at once to the vger mailing lists!!!"
> https://www.kernel.org/doc/html/v4.17/process/submitting-patches.html#select-the-recipients-for-your-patch
>
> /Jarkko
>
More information about the Linux-security-module-archive
mailing list