- 02 6月, 2020 1 次提交
-
-
由 jia zhang 提交于
If the program launched by rune exec is terminated, runelet process is unstoppable. Just kick off it through the channel notifyExit. Signed-off-by: NXiaozhe Wang <wangxiaozhe@linux.alibaba.com> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 30 5月, 2020 2 次提交
-
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 YiLin.Li 提交于
1. Given the signature file of an Enclave, runectl gen-token command can generate the corresponding token file from Intel aesmd service. 2. runectl attest command can allow users to challenge the enclave with the help of Intel Attestation Service through remote attestation requests. runectl command will open soon. Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 27 5月, 2020 2 次提交
-
-
由 jia zhang 提交于
Unlike what is done in the process of initialization of container entrypoint, the exec fifo fd is not closed without closing it explicitly, resulting in rune start cannot be terminated. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 jia zhang 提交于
It was intended to have fds without close-on-exec with the side effect of dup(), but acutally all fds staged are already close-on-exec clear. Thus dup() makes extra duplications of fds passed to init-runelet. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 26 5月, 2020 2 次提交
-
-
由 hustliyilin 提交于
If the enclave devices doesn't exist, don't add them into the default device list and cgroup whitelist. Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-
由 hustliyilin 提交于
Instead using the hard code "off". Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-
- 22 5月, 2020 1 次提交
-
-
由 tianjia 提交于
The prototype declaration of pal_init() is wrong, this is a copy-paste error, this patch fixes it. Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
-
- 15 5月, 2020 3 次提交
-
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 jia zhang 提交于
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
由 Yilin Li 提交于
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-
- 12 5月, 2020 2 次提交
-
-
由 jia zhang 提交于
inclavare-containers is a set of tools for running trusted applications in containers with the hardware-assisted enclave technology. Enclave, referred to as a protected execution environment, prevents the untrusted entity from accessing the sensitive and confidential assets in use. Currently, inclavare-containers consists of two core components: rune and enclave runtime. rune is a CLI tool for spawning and running enclaves in containers according to the OCI specification. The codebase of rune is a fork of runc, so rune can be used as runc if enclave is not configured or available. Enclave runtime is the backend of rune, which is responsible for loading and running applications inside enclaves. The interface between rune and enclave runtime is Enclave Runtime PAL API, which allows invoking enclave runtime through well-defined functions. The software for confidential computing may benefit from this interface to interact with OCI runtime. Additionally, this commit includes additional information about the use of inclavare-containers. - Run sample enclave runtime skeleton with rune - Run enclave runtime Occlum with rune See README.md for more details. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com> Signed-off-by: NXiaozhe Wang <wangxiaozhe@linux.alibaba.com> Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
-
由 Alibaba OSS 提交于
-