anjuna.posix Python module

Many Python modules execute shell commands (as child processes) to determine information about the system. Python runs these processes using standard library functions like subprocess.Popen or os.posix_spawn. These functions will fork a new child process and call execve to run the command.

In an enclave, this flow can be very expensive. Forking a new process will create a new enclave and copy its memory, which is a costly operation. Then when execve is called, that enclave is immediately thrown away when the new process is created. This can cause very long startup times when running child processes.

The anjuna.posix Python module replaces this inefficient flow with a better one. Instead of creating a new enclave and immediately destroying it, anjuna.posix automatically spawns child processes outside of an enclave.

Using the anjuna.posix module

First, install the Anjuna Python package.

Then, in the first line of your Python application, before any other imports or code, add the following line:

import anjuna.posix

This installs Anjuna hooks into various modules that would inefficiently create unused enclaves, and redirects them to use the more efficient Anjuna posix_spawn implementation.

You can also use the posix_spawn command directly by calling anjuna.posix.posix_spawn. The usage of this function is identical to os.posix_spawn.

Importing this module in applications that are running outside of the Anjuna SGX Runtime will print a warning and will not change the environment.

Security implications of using anjuna.posix

To maintain the confidentiality of your application, do not expose sensitive information in environment variables or command-line arguments, because the operating system will have access to this data when executing posix_spawn.

By default, existing file descriptors (including sockets) are also shared between applications. The child application can do file operations, like moving the offset, or writing data. To prevent this, you can use the Python standard library’s fcntl to set the FD_CLOEXEC flag.

The parent enclave’s internal memory remains secure and inaccessible to any other application, including any child applications.

Trusted children

In some cases, you may want to run child applications in enclaves. You can configure anjuna.posix to spawn enclaves by adding the signature file of the child executable to the trusted_children field of the parent’s manifest file.

See Trusting applications launched by the enclave for more information on trusted_children.