Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)

(off-list ancestor, not in this archive)
SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-15
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · James Morris <jmorris@namei.org> · 2019-05-15
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-15
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · James Morris <jmorris@namei.org> · 2019-05-15
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-15
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-16
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-17
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Linus Torvalds <torvalds@linux-foundation.org> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Linus Torvalds <torvalds@linux-foundation.org> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · James Morris <jmorris@namei.org> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Dr. Greg <hidden> · 2019-05-20
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-15
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Haitao Huang <hidden> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-16
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-16
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-20
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-20
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-17
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-20
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-20
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-21
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jethro Beekman <hidden> · 2019-05-21
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-21
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-22
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-24
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-25
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-26
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-26
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-28
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-28
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-28
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-29
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Dr. Greg <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-03
RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Xing, Cedric <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-30
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-04
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-06-03
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Dr. Greg <hidden> · 2019-05-25
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@kernel.org> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Andy Lutomirski <luto@amacapital.net> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Stephen Smalley <hidden> · 2019-05-24
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-27
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Sean Christopherson <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-27
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-27
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-23
Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support) · Jarkko Sakkinen <hidden> · 2019-05-20

From: James Morris <jmorris@namei.org>
Date: 2019-05-15 22:47:10
Also in: lkml, selinux

On Wed, 15 May 2019, Andy Lutomirski wrote:

quoted

Why not just use an xattr, like security.sgx ?

Wouldn't this make it so that only someone with CAP_MAC_ADMIN could
install an enclave?  I think that this decision should be left up the
administrator, and it should be easy to set up a loose policy where
anyone can load whatever enclave they want.  That's what would happen
in my proposal if there was no LSM loaded or of the LSM policy didn't
restrict what .sigstruct files were acceptable.

You could try user.sigstruct, which does not require any privs.

-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help