On Tue, 2021-09-14 at 07:36 +0200, Paolo Bonzini wrote: > On 13/09/21 23:13, Jarkko Sakkinen wrote: > > > Apart from reclaiming, /dev/sgx_vepc might disappear between the first > > > open() and subsequent ones. > > > > If /dev/sgx_vepc disappears, why is it a problem *for the software*, and > > not a sysadmin problem? > > Rather than disappearing, it could be that a program first gets all the > resources it needs before it gets malicious input, and then enter a > restrictive sandbox. In this case open() could be completely forbidden. > > I will improve the documentation and changelogs when I post the non-RFC > version; that could have been done better, sorry. > No worries, just trying to get bottom of the actual issue. /Jarkko
