[RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM

Jarkko Sakkinen jarkko.sakkinen at linux.intel.com
Thu Jul 11 09:26:09 UTC 2019


On Wed, Jul 10, 2019 at 04:16:42PM -0700, Xing, Cedric wrote:
> > Still puzzling with EXECMOD given that how it is documented in
> > https://selinuxproject.org/page/ObjectClassesPerms. If anything in that
> > document is out of date, would be nice if it was updated.
> 
> If you search for "EXECMOD" in security/selinux/hooks.c in the latest
> (Linux-5.2) master, you'll find only one occurrence - at line 3702.
> 
> The logic over there, if translated into English, basically says
> FILE__EXECMOD is required (on the backing file) if mprotect() is called to
> request X on a private file mapping that has been modified by the calling
> process. That's what Sean meant by "W->X".

Looking at that part of code, there is this comment:

/*
 * We are making executable a file mapping that has
 * had some COW done. Since pages might have been
 * written, check ability to execute the possibly
 * modified content.  This typically should only
 * occur for text relocations.
 */

There is no COW done with enclaves, never. Thus, EXECMOD does not
connect in any possible way to SGX. OR, that comment is false.

Which one is it?

Also the official documentation for SELinux speaks only about COW
mappings.

Also the condition supports all this as a *private* file mapping ends up
to the anon_vma list when it gets written. We have a *shared* file
mapping

Nothing that you say makes sense to me, sorry...

/Jarkko



More information about the Linux-security-module-archive mailing list