Living without fdpass / SCM_RIGHTS
Dengler, Gabriel
gabriel.dengler at fau.de
Tue Jan 10 01:22:03 UTC 2023
Hello everyone,
I wanted to run Dovecot inside Gramine [1]. Gramine is a tool to let
normal Linux binaries run with the help of the Intel Software Guard
Extensions (SGX) technology [2] in a secure enclave to which the
operating system doesn't have an access to.
Most parts of Dovecot now run fine, however, Dovecot uses the SCM_RIGHTS
flag for the sendmsg system call to exchange file descriptors over Unix
sockets [3]. Normally, this feature is available in every Unix, but in
Gramine, this is currently not supported [4]. So, according to the logs,
the authentication works, but after that, the imap-login process cannot
exchange the file descriptor with the imap process.
Therefore I wanted to ask if there is a possibility to make Dovecot work
without this feature or if this would need fundamental changes in the
code structure.
Thanks for your help in advance!
Best regards,
Gabriel
References:
[1] https://gramineproject.io/
[2] https://de.wikipedia.org/wiki/Software_Guard_Extensions
[3] https://github.com/dovecot/core/blob/main/src/lib/fdpass.c#L128
[4]
https://github.com/gramineproject/gramine/discussions/1013#discussioncomment-4571427
More information about the dovecot
mailing list