rune/libenclave: Preload libsgx_launch.so

Due to the design of runelet, the Enclave Runtime PAL is loaded in host but launched in container. The fact that certain libraries from Intel SGX PSW would use dlopen() to further load libsgx_launch.so, which means the container has to have it. In order to ensure all libraries dependent by Enclave Runtime PAL are completely loaded in host, preload them prior to switch into container. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>

rune/libenclave: Preload libsgx_launch.so
Due to the design of runelet, the Enclave Runtime PAL is loaded in host but launched in container. The fact that certain libraries from Intel SGX PSW would use dlopen() to further load libsgx_launch.so, which means the container has to have it. In order to ensure all libraries dependent by Enclave Runtime PAL are completely loaded in host, preload them prior to switch into container. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
207a059f · jia zhang · 7a24a609 · 207a059f
隐藏空白更改
内联并排

Showing with 29 addition and 0 deletion

rune/libenclave/intelsgx/device_linux.go rune/libenclave/intelsgx/device_linux.go +29 -0

未找到文件。
--- a/rune/libenclave/intelsgx/device_linux.go
+++ b/rune/libenclave/intelsgx/device_linux.go
+package intelsgx // import "github.com/opencontainers/runc/libenclave/intelsgx"
+
+/*
+#cgo linux LDFLAGS: -ldl
+#include <stdlib.h>
+#include <dlfcn.h>
+*/
+import "C"
+
+import (
+	"unsafe"
+)
+
+// Due to the design of runelet, the Enclave Runtime PAL is loaded
+// in host but launched in container. The fact that certain libraries
+// from Intel SGX PSW would use dlopen() to further load
+// libsgx_launch.so, which means the container has to have it. In
+// order to ensure all libraries dependent by Enclave Runtime PAL
+// are completely loaded in host, preload them prior to switch
+// into container.
+func preloadSgxPswLib() {
+	path := C.CString("libsgx_launch.so")
+	C.dlopen(path, C.RTLD_NOW)
+	C.free(unsafe.Pointer(path))
+}
+
+func init() {
+	preloadSgxPswLib()
+}