On 2019-07-10 08:49, Sean Christopherson wrote:
> On Sun, Jul 07, 2019 at 04:41:34PM -0700, Cedric Xing wrote:
>> selinux_enclave_init() determines if an enclave is allowed to launch, using the
>> criteria described earlier. This implementation does NOT accept SIGSTRUCT in
>> anonymous memory. The backing file is also cached in struct
>> file_security_struct and will serve as the base for decisions for anonymous
>> pages.
> 
> Did we ever reach a consensus on whether sigstruct must reside in a file?

This would be inconvenient for me, but I guess I can create a memfd?

--
Jethro Beekman | Fortanix