update to Occlum NGO - Githubissues

confidential-containers / enclave-cc

Process-based Confidential Container Runtime

Apache License 2.0

75 stars 40 forks source link

update to Occlum NGO #112

Open mythi opened 1 year ago

mythi commented 1 year ago

[ ] adapt shim-rune to per pod unix-domain-socket (#18)
[ ] update agent-instance and boot-instance builds to install official Occlum debian packages

mythi commented 1 year ago

@qzheng527 what's the latest on Occlum NGO/1.0?

qzheng527 commented 1 year ago

@mythi Pending on the EDMM feature. From Occlum side, EDMM feature introduces many changes which are on developing and verfification stage . Besides, Occlum is waiting for the stable intel SGX SDK (current 2.19 has some issues, Occlum reported to intel) to support EDMM. So Occlum NGO/1.0 may not be ready in 1H 2023. What is your requirement for Occlum on enclave-cc? If it is the runtime-boot feature, we can merge it to the Occlum master branch. Is it Ok for you?

mythi commented 1 year ago

If it is the runtime-boot feature, we can merge it to the Occlum master branch. Is it Ok for you?

@qzheng527 NGO is not urgent. I'm primarily interested in #126 (i.e., get your enclave-cc branch rebased to the latest release and have deb packages available just like we have today for the older version)

qzheng527 commented 1 year ago

If it is the runtime-boot feature, we can merge it to the Occlum master branch. Is it Ok for you?

@qzheng527 NGO is not urgent. I'm primarily interested in #126 (i.e., get your enclave-cc branch rebased to the latest release and have deb packages available just like we have today for the older version)

@mythi Ok, I will follow this after International Worker's Day holiday.

mythi commented 1 year ago

@qzheng527 does 0.29.6 include the runtime-boot functionality we are using in enclave-cc?

qzheng527 commented 1 year ago

@mythi Yes, the runtime boot functionality is in this release. The deb package building is WIP, hopefully it is will be done tomorrow (China time). But please note, the runtime boot functionality in this release is a little bit different from the one you used. Main differences are:

The runtime boot struct user_rootfs_config. The release version could support passing envs.
The way to generate runtime rootfs. The release version uses "sefs" instead of the previous "unionfs".

Details please refer to the runtime_boot demo.

mythi commented 1 year ago

@qzheng527 thanks a lot! We will look into the necessary adjustments