Previously, the apploader.sh entrypoint bash script spawned Gramine as a child process (i.e. a simple gramine-sgx app ...). This resulted in the Gramine process not catching the SIGTERM signal that was e.g. sent via docker stop. That's because in a bash script, signals are not delivered to child processes.
This commit fixes this problem by replacing the bash-script process with the Gramine process, instead of spawning a child.
Description of the changes
Previously, the
apploader.shentrypoint bash script spawned Gramine as a child process (i.e. a simplegramine-sgx app ...). This resulted in the Gramine process not catching the SIGTERM signal that was e.g. sent viadocker stop. That's because in a bash script, signals are not delivered to child processes.This commit fixes this problem by replacing the bash-script process with the Gramine process, instead of spawning a child.
See https://github.com/gramineproject/gramine/discussions/1560 for more discussions.
How to test this PR?
Test manually on some long-running workload (e.g. OpenVINO) and
docker stop.This change is