From cfcd9603e857db59f6546301fc23a219fedf7df5 Mon Sep 17 00:00:00 2001
From: john xu <john@taiko.xyz>
Date: Mon, 30 Sep 2024 18:38:24 +0800
Subject: [PATCH] feat(sgx): update sgx-guest.docker.manifest.template

Add mount info for /proc/self/mountinfo and /proc/self/cgroup, and /sys/fs/cgroup/ to the allowed files in the sgx-guest.docker.manifest.template file. Also, increase the maximum threads to 512.
---
 provers/sgx/config/sgx-guest.docker.manifest.template | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/provers/sgx/config/sgx-guest.docker.manifest.template b/provers/sgx/config/sgx-guest.docker.manifest.template
index eb436752..8ec9eb11 100644
--- a/provers/sgx/config/sgx-guest.docker.manifest.template
+++ b/provers/sgx/config/sgx-guest.docker.manifest.template
@@ -25,6 +25,9 @@ fs.mounts = [
 ]
 sgx.allowed_files = [
   "file:/root/.config/raiko/config",
+  "file:/proc/self/mountinfo",
+  "file:/proc/self/cgroup",
+  "file:/sys/fs/cgroup/",
 ]
 sgx.debug = false
 sgx.edmm_enable = {{ 'true' if env.get('EDMM', '1') == '1' else 'false' }}
@@ -37,7 +40,7 @@ sgx.trusted_files = [
   "file:/usr/lib/ssl/certs/",
   "file:sgx-guest",
 ]
-sgx.max_threads = 32
+sgx.max_threads = 512
 sgx.remote_attestation = "dcap"
 sys.enable_extra_runtime_domain_names_conf = true
 sys.insecure__allow_eventfd = true