Thread (61 messages) 61 messages, 10 authors, 2024-02-28

Re: [PATCH v1 0/8] x86_64 SandBox Mode arch hooks

From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Date: 2024-02-14 19:19:34
Also in: lkml

On Wed, 2024-02-14 at 19:32 +0100, Petr Tesařík wrote:
quoted
What use case needs to have the sandbox both protected from the
kernel
(trusted operations) and non-privileged (the kernel protected from
it
via CPL3)? It seems like opposite things.
I think I have mentioned one: parsing keys for the trusted keyring.
The
parser is complex enough to be potentially buggy, but the security
folks have already dismissed the idea to run it as a user mode
helper.
Ah, I didn't realize the kernel needed to be protected from the key
parsing part because you called it out as a trusted operation. So on
the protect-the-kernel-side it's similar to the microkernel security
reasoning.

Did I get the other part wrong - that you want to protect the sandbox
from the rest of kernel as well?
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help