Hello everyone,

I wanted to run Dovecot inside Gramine [1]. Gramine is a tool to let normal Linux binaries run with the help of the Intel Software Guard Extensions (SGX) technology [2] in a secure enclave to which the operating system doesn't have an access to.

Most parts of Dovecot now run fine, however, Dovecot uses the SCM_RIGHTS flag for the sendmsg system call to exchange file descriptors over Unix sockets [3]. Normally, this feature is available in every Unix, but in Gramine, this is currently not supported [4]. So, according to the logs, the authentication works, but after that, the imap-login process cannot exchange the file descriptor with the imap process.

Therefore I wanted to ask if there is a possibility to make Dovecot work without this feature or if this would need fundamental changes in the code structure.

Thanks for your help in advance!

Best regards, Gabriel

References: [1] https://gramineproject.io/ [2] https://de.wikipedia.org/wiki/Software_Guard_Extensions [3] https://github.com/dovecot/core/blob/main/src/lib/fdpass.c#L128 [4] https://github.com/gramineproject/gramine/discussions/1013#discussioncomment...