On Mon, Feb 17, 2020 at 09:52:25AM +0100, Jethro Beekman wrote: > On 2020-02-15 08:24, Jarkko Sakkinen wrote: > > On Thu, Feb 13, 2020 at 03:10:24PM +0100, Jethro Beekman wrote: > >>>> There are other scenarios where it's not just the permissions on > >>>> /dev/sgx/enclave that are the problem but using the filesystem in general > >>>> that is. Maybe you've used seccomp to disable file operations, etc. > >>> > >>> Andy and Jarkko, thoughts? > >> > >> Folks, any more thoughts on how to resolve the issue that you need to > >> call open() for every enclave? > > > > Why is it an issue? > > Already discussed in https://www.spinics.net/lists/linux-sgx/msg02075.html Not anyone has to have access to open /dev/sgx/enclave in order to use enclaves. It is as much a problem as for practically any driver that provides devices for some use. /Jarkko
