On 13/09/21 23:13, Jarkko Sakkinen wrote:
Apart from reclaiming, /dev/sgx_vepc might disappear between the first
open() and subsequent ones.
If /dev/sgx_vepc disappears, why is it a problem *for the software*, and
not a sysadmin problem?
Rather than disappearing, it could be that a program first gets all the
resources it needs before it gets malicious input, and then enter a
restrictive sandbox. In this case open() could be completely forbidden.
I will improve the documentation and changelogs when I post the non-RFC
version; that could have been done better, sorry.
Paolo
