On Fri, May 31, 2019 at 04:31:57PM -0700, Sean Christopherson wrote: > Do not allow an enclave page to be mapped with PROT_EXEC if the source > page is backed by a file on a noexec file system. > > Signed-off-by: Sean Christopherson <sean.j.christopher...@intel.com>
Why don't you just check in sgx_encl_add_page() that whether the path comes from noexec and deny if SECINFO contains X? /Jarkko
