Michał Kowalczyk

Thanks! I don't know anyone planning to work on it, but let's ping @dimakuv and @kailun-qin so they can check their teams.

> Gramine should pick up the limits from the env. What do you mean? Env variables? That's not how it works on Linux? > The proposed manifest syntax may look...

> write protection, which is very efficient when handled in the write protection fault handler. It definitely isn't, remember we aren't in ring0, and moreover, we need to send the...

Please don't paste text as screenshots. Also, from your description I don't see why the test fails. It tries to put a lot of data into the pipe and checks...

I'm not sure if I understand what's the problem. How is our implementation different from Linux with pipe size being 4096? Is the problem that in our case the write...

Ok, I see then. But hmm, looking at `man` this behavior is only guaranteed with `O_DIRECT`? Do you have any real-world application which relies on this behavior without `O_DIRECT`?

Please change the `log_level` in the manifest to `trace` and paste the line in the logs with the failed rename syscall invocation.

> For the sake of curiosity, I would like to ask you why the renaming of directories is not supported, while that of files is? Honestly, I don't remember, you'd...

Hi, I think this is because the untrusted shared memory was implemented just to support some very specific use-cases (and yes, the docs are missing the explanation about it). You...

> There're still two files that are needed to start gramine(-sgx): `.manifest` and `.sig`. Can we invent a new file that will contain both? Like, prepend hex-encoded sigstruct to the...