Closed jethrogb closed 3 years ago
This happens if you set ENTRYPOINT
but not ENV
or CMD
in your Dockerfile.
This happens if you set ENTRYPOINT but not ENV or CMD in your Dockerfile.
@jethrogb: I think you just helped us debug this: https://github.com/aws/aws-nitro-enclaves-cli/issues/188 Thank you
This happens if you set ENTRYPOINT but not ENV or CMD in your Dockerfile.
Not yet convinced this is the whole story.
Are there supposed to be two EifSectionRamdisk sections in the Eif?
I think there's some issue with initrd concatenation.
This works:
# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
FROM busybox
RUN truncate -s $((300*1024*1024)) /large_file
ENV HELLO="Hello from the enclave side!"
CMD ["/bin/sh", "-c", "while true; do echo \"$HELLO\"; sleep 10; done"]
This doesn't:
# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
FROM busybox
RUN truncate -s $((350*1024*1024)) /large_file
ENV HELLO="Hello from the enclave side!"
CMD ["/bin/sh", "-c", "while true; do echo \"$HELLO\"; sleep 10; done"]
@jethrogb: You pointed to the exact error, the problem is the following you allocated to the enclave less memory than the linux kernel needs to unpack the ramfs.
If you look at the kernel logs with the console command you would probably first see "Failed to unpack initiramfs"
As of now the guideline is that the enclave should have allocated at least 4 times more memory than the size of the EIF.
Logging an issue, to get a proper error and enforce this in the nitro-cli.
Indeed it says:
[ 0.268206] Unpacking initramfs...
[ 0.586559] Initramfs unpacking failed: write error
But that happens in the middle of a lot of other kernel messages, so yes some more diagnostics around this would be helpful.
The IP corresponds to fclose. You can't call fclose(NULL).