Run the Image

Once you’ve successfully created the Docker image you can use the docker run command to launch it:

$ docker run -it --rm --device /dev/sgx/enclave --device /dev/sgx/provision myname/my-anjuna-runtime

Docker launches the image and displays a bash prompt. When you run bash in the Docker image this way, you are logged in as root inside the Docker container.

For more information about how to interact with the Docker image, see the Docker command line documentation.

For more information about working with your new install of the Anjuna Runtime, see the First Steps section.

Using the bash prompt you should be able to run the tools provided by the Anjuna SGX Runtime. For example, you can check the current version of the Anjuna SGX Runtime like this:

# anjuna-sgxrun --version
Anjuna Runtime version release-1.38.0007

You can also run a standard Linux command-line tool, like ls:

# anjuna-sgxrun ls -al

When you run ls this way, you’ll see much more output than usual. The Anjuna SGX Runtime sets up a secure enclave in which to run the command. The extra output is produced as the Anjuna SGX Runtime generates configuration files, sets up the enclave, and prepares to run the command in the protected context.

At the end of the output from the Anjuna SGX Runtime, you’ll see the normal output of the ls command.

Following is an example of what the output looks like:

# anjuna-sgxrun ls -al
"manifest.template.yaml" created
Compiled manifest written to ls.manifest.sgx
"ls.manifest.sgx" created
"ls.sig" created
Starting "/bin/ls" in Anjuna Runtime
+ exec Runtime/anjuna-runtime --dev /bin/ls -al
[   25] Anjuna Runtime version release-1.38.0007, Copyright (C) Anjuna Security, Inc. All rights reserved.
[   25] Enclave initialized:
[   25]     Enclave base address:           0x0000000800000000
[   25]     Enclave size:                   2GB
[   25]     Maximum number of threads:      64
[   25]     Enclave attributes:             0x0000000000000006
[   25]     Enclave SSA frame size:         1
[   25]     Enclave MRSIGNER:               c0566a320edb50671e19dc3f05f62d04b6d7d3e25abeda5713df5ebc0258e3ac
[   25]     Enclave MRENCLAVE:              3dc36a2411cf8e5da934ecbd3c207bbbf3c035be9c2f516228a1842e0de6769c
/bin/ls: .profile: Function not implemented
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnss_compat.so.2
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnss_compat.so.2
Dev Mode - mapping untrusted library: /lib/x86_64-linux-gnu/libnss_nis-2.27.so
Dev Mode - mapping untrusted library: /lib/x86_64-linux-gnu/libnss_nis-2.27.so
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnsl.so.1
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnsl.so.1
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnss_files.so.2
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnss_files.so.2
[   25] mmap: runtime does not permit direct file I/O (MAP_SHARED)
[   25] mmap: runtime does not permit direct file I/O (MAP_SHARED)
total 40
drwx------ 1 root root  4096 Nov 25 17:15 .
drwxr-xr-x 1 root root  4096 Nov 25 17:14 ..
-rw-r--r-- 1 root root  3106 Apr  9  2018 .bashrc
-rw-r--r-- 1 root root   148 Aug 17  2015 .profile
lrwxrwxrwx 1 root root    19 Nov 25 17:15 Runtime -> /anjuna/bin/Runtime
-rw------- 1 root root  1006 Nov 25 17:15 ls.manifest.sgx
-rw------- 1 root root  1808 Nov 25 17:15 ls.sig
-rw-r--r-- 1 root root 10887 Nov 25 17:15 manifest.template.yaml