How to use gramine-sgx container (with gsc) and named pipes? #1669
Replies: 1 comment 2 replies
-
Named pipes between a Gramine process and a non-Gramine process are impossible. This is due to security reasons. Pipes are inter-process communication primitives. Named pipes are just pipes that have an associated inode (file on the file system). Pipes are transparently encrypted by Gramine. So named pipes are also transparently encrypted by Gramine. The encryption key is generated inside Gramine processes (enclaves) and is securely shared among Gramine processes. Clearly, a non-Gramine process cannot participate in such inter-Gramine communication. That would mean either (1) the pipes would not be encrypted by Gramine, and all data would be in plaintext and not protected, or (2) the non-Gramine process would get access to the encryption key, which would imply that an untrusted host gets access to the encryption key and destroys all security guarantees of Gramine. Therefore, Gramine opts for an obvious choice: pipe communication between Gramine and non-Gramine processes is disallowed. |
Beta Was this translation helpful? Give feedback.
-
Description of the problem
I am using GSC to run a python application in a docker container inside a SGX Enclave. This container should be able to write to a named pipe and read from another, so it can communicate with another proccess.
After building and signing the image, I run:
sudo docker run --device=/dev/sgx_enclave -v /tmp/named_pipes:/tmp/named_pipes gsc-yanalmeida91/sgx-blockchain-pull:latest
If there are no named pipes in /tmp/named_pipes, the application tries to create them. It does not throw any errors, but the command "open(WRITE_NAMED_PIPE_PATH, 'w')" throws an error of invalid arg.
If I create the named pipes beforehand, the command "os.path.exists()" returns False, but when the enclave tries to create it, receives Permission Denied error. If I remove the creation part of the code, I get the same Permission Denied error when trying to open the named pipes (both in read and write mode).
What is happening?
UPDATE: I found out that it's working for regular files. The problem is accessing the named pipes. Why? Is something missing in the manifest?
My manifest file:
loader.env.READ_PIPE_PATH = "/tmp/named_pipes/write_pipe"
loader.env.WRITE_PIPE_PATH = "/tmp/named_pipes/read_pipe"
sgx.allowed_files = ["file:/tmp/named_pipes/write_pipe", "file:/tmp/named_pipes/read_pipe"]
sgx.enclave_size = "4G"
sgx.thread_num = 8
Steps to reproduce
You can try to reproduce it by graminizing my base docker image: yanalmeida91/sgx-blockchain-pull:latest and trying to run it.
I'm graminizing it in virtual machines in azure, running a bootstraping script:
Expected results
Named pipes created and working with the enclave
Actual results
Errors or named pipes created but not appearing on host folder via docker volume
Beta Was this translation helpful? Give feedback.
All reactions