Skip to content

I
inclavare-containers

openanolis / inclavare-containers

通知 4
Star 7
Fork 0
I
inclavare-containers
切换分支/标签
查找文件 普通视图历史永久链接Permalink
enclave_runtime.go 2.4 KB
Newer Older
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
1 2 3 4 5 6 7 8 9 
package runtime // import "github.com/opencontainers/runc/libenclave/internal/runtime"

import (
	"github.com/opencontainers/runc/libenclave/configs"
	core "github.com/opencontainers/runc/libenclave/internal/runtime/core"
	pal "github.com/opencontainers/runc/libenclave/internal/runtime/pal"
	"github.com/sirupsen/logrus"
	"os"
	"os/exec"
jia zhang's avatar
rune: Code cleanup  
jia zhang 已提交
10 
	"strings"
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
11 12 13 14 
)

type EnclaveRuntime interface {
	Init(args string, logLevel string) error
Y
rune/libenclave: Support to IAS remote attestation when Enclave Runtime started.  
YiLin.Li 已提交
15 
	Attest(string, string, uint32, uint32) error
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 
	Exec(cmd []string, envp []string, stdio [3]*os.File) (int32, error)
	Kill(sig int, pid int) error
	Destroy() error
}

type EnclaveRuntimeWrapper struct {
	runtime EnclaveRuntime
}

func StartInitialization(config *configs.InitEnclaveConfig, logLevel string) (*EnclaveRuntimeWrapper, error) {
	logrus.Debugf("enclave init config retrieved: %+v", config)

	var (
		runtime EnclaveRuntime
		err     error
	)
	runtime, err = core.StartInitialization(config)
	if err != nil {
		runtime, err = pal.StartInitialization(config)
		if err != nil {
			return nil, err
		}
	}
J
rune/libenclave: Use unified pal api interface  
jack.wxz 已提交
40 
	logrus.Infof("Initializing enclave runtime")
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
41 42 43 44 45 46 47 48 49 50 51 
	err = runtime.Init(config.Args, logLevel)
	if err != nil {
		return nil, err
	}

	rt := &EnclaveRuntimeWrapper{
		runtime: runtime,
	}
	return rt, nil
}
Y
rune/libenclave: Support to IAS remote attestation when Enclave Runtime started.  
YiLin.Li 已提交
52 
func (rt *EnclaveRuntimeWrapper) LaunchAttestation(spid string, subscriptionKey string, product uint32, quoteType uint32) error {
J
rune/libenclave: Use unified pal api interface  
jack.wxz 已提交
53 
	logrus.Debugf("attesting enclave runtime")
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
54
Y
rune/libenclave: Support to IAS remote attestation when Enclave Runtime started.  
YiLin.Li 已提交
55 
	return rt.runtime.Attest(spid, subscriptionKey, product, quoteType)
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
56 57 58 
}

func (rt *EnclaveRuntimeWrapper) ExecutePayload(cmd []string, envp []string, stdio [3]*os.File) (int32, error) {
jia zhang's avatar
rune: Code cleanup  
jia zhang 已提交
59 
	logrus.Debugf("enclave runtime %s executing payload with commandline", strings.Join(cmd, " "))
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
60 61 62 63 64 65 66 67 68 69 70 

	// The executable may not exist in container at all according
	// to the design of enclave runtime, such as Occlum, which uses
	// an invisible filesystem to the container. In this case, the
	// lookup will fail.
	if fullPath, err := exec.LookPath(cmd[0]); err == nil {
		cmd[0] = fullPath
	}
	return rt.runtime.Exec(cmd, envp, stdio)
}
T
rune/libenclave: Move pal_kill to Enclave Runtime PAI API v2  
Tianjia Zhang 已提交
71 
func (rt *EnclaveRuntimeWrapper) KillPayload(pid int, sig int) error {
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
72 
	if pid != -1 {
J
rune/libenclave: Use unified pal api interface  
jack.wxz 已提交
73 
		logrus.Debugf("enclave runtime killing payload %d with signal %d", pid, sig)
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
74 
	} else {
J
rune/libenclave: Use unified pal api interface  
jack.wxz 已提交
75 
		logrus.Debugf("enclave runtime killing all payloads with signal %d", sig)
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
76 77 
	}
T
rune/libenclave: Move pal_kill to Enclave Runtime PAI API v2  
Tianjia Zhang 已提交
78 
	return rt.runtime.Kill(pid, sig)
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
79 80 81 
}

func (rt *EnclaveRuntimeWrapper) DestroyInstance() error {
J
rune/libenclave: Use unified pal api interface  
jack.wxz 已提交
82 
	logrus.Debugf("Destroying enclave runtime")
jia zhang's avatar
inclavare-containers: an implementation of protected container  
jia zhang 已提交
83 84 85 

	return rt.runtime.Destroy()
}