Using shared memory

When an application attempts to use shared memory inside an enclave, you may see an error like one of the following:

/dev/shm (No such file or directory)
could not create shared memory segment
failed to open shm
OMP: Error #179: Function Can’t open SHM2 failed

These errors occur because AWS Nitro Enclaves do not have a shared memory filesystem by default. You can create one with the following instructions.

Add the following section to the command section of your enclave configuration file:

command:
  - "/bin/sh"
  - "-c"
  - "mkdir /dev/shm && mount -t tmpfs -O noexec,nodev,nosuid,size=2Gi shm /dev/shm && ./start_app.sh"

Change ./start_app.sh to your application’s actual command, and update size=2Gi to change the size of the shared memory available.

This code sets up a temporary filesystem in memory (tmpfs) mounted to the /dev/shm directory with restrictions on execution, device access, and suid/sgid bits.

The shared memory is taken from the memory allocated to the enclave.