SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Stephen Smalley
sds at tycho.nsa.gov
Fri May 17 18:16:11 UTC 2019
On 5/17/19 1:50 PM, Sean Christopherson wrote:
> On Fri, May 17, 2019 at 01:42:50PM -0400, Stephen Smalley wrote:
>> On 5/17/19 1:29 PM, Sean Christopherson wrote:
>>> AIUI, having FILE__WRITE and FILE__EXECUTE on /dev/sgx/enclave would allow
>>> *any* enclave/process to map EPC as RWX. Moving to anon inodes and thus
>>> PROCESS__EXECMEM achieves per-process granularity.
>>>
>>
>> No, FILE__WRITE and FILE__EXECUTE are a check between a process and a file,
>> so you can ensure that only whitelisted processes are allowed both to
>> /dev/sgx/enclave.
>
> Ah, so each process has its own FILE__* permissions for a specific set of
> files?
That's correct.
> Does that allow differentiating between a process making an EPC page RWX
> and a process making two separate EPC pages RW and RX?
Not if they are backed by the same inode, nor if they are all backed by
anon inodes, at least not as currently implemented.
More information about the Linux-security-module-archive
mailing list