Skip to content

I
inclavare-containers

openanolis / inclavare-containers

通知 4
Star 7
Fork 0
I
inclavare-containers
切换分支/标签
查找文件 普通视图历史永久链接Permalink
init.go 893 字节
Newer Older
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
1 2 3 4 5 
package libenclave // import "github.com/opencontainers/runc/libenclave"

import (
	"github.com/opencontainers/runc/libcontainer/configs"
	"github.com/opencontainers/runc/libenclave/intelsgx"
jia zhang's avatar
rune/libenclave: Initialize nss libraries in Glibc  
jia zhang 已提交
6 7 
	"net"
	"os/user"
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 
)

var (
	enclaveHwType string = ""
)

func IsEnclaveEnabled(e *configs.Enclave) bool {
	if e == nil {
		return false
	}

	if !IsEnclaveHwEnabled(e.Type) {
		return false
	}

	return true
}

// Check whether enclave-based hardware is supported or not
func IsEnclaveHwEnabled(etype string) bool {
	if etype == "" && enclaveHwType != "" {
		return true
	}

	return etype == enclaveHwType
}

func init() {
jia zhang's avatar
rune/libenclave: Initialize nss libraries in Glibc  
jia zhang 已提交
36 37 38 39 40 
	// initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
	// environment not in the chroot from untrusted files.
	_, _ = user.Lookup("")
	_, _ = net.LookupHost("")
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
41 42 43 44 
	if intelsgx.IsSgxSupported() {
		enclaveHwType = configs.EnclaveHwIntelSgx
	}
}