From acb0fb24a02b85e3bacb9fccc516920aab57e3e49bbec479485ba794dc6e0e26 Mon Sep 17 00:00:00 2001 From: Olaf Hering Date: Wed, 24 Nov 2021 14:42:52 +0000 Subject: [PATCH] README.vsock_proxy.md OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-nitro-enclaves-cli?expand=0&rev=12 --- aws-nitro-enclaves-cli.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/aws-nitro-enclaves-cli.spec b/aws-nitro-enclaves-cli.spec index 75a6c2c..9c23984 100644 --- a/aws-nitro-enclaves-cli.spec +++ b/aws-nitro-enclaves-cli.spec @@ -65,9 +65,12 @@ System group %ne_system_group for Nitro Enclaves. %autosetup -p1 -a1 %build +ln vsock_proxy/README.md README.vsock_proxy.md tee README.md <<'_EOR_' Nitro Enclaves are "secondary VMs" running in an EC2 instance. -The "primary VM" releases some of its memory and cpu, which is then used by the enclaves. +Their only storage is the memory which is assigned to them. +Their only way to communicate with the primary is the usage of AF_VSOCK. +The "primary VM" releases some of its memory and cpus, which is then assigned to the enclaves. This is done by nitro-enclaves-allocator.service, which uses %_sysconfdir/nitro_enclaves/allocator.yaml as configuration file. This systemd service has to be enabled manually, and started: @@ -82,7 +85,7 @@ How to build and run an example enclave: systemctl enable docker systemctl start docker docker pull opensuse/leap - tee Dockerfile <<_EOF_ + tee Dockerfile <<'_EOF_' FROM opensuse/leap ENV HELLO="Hello from the enclave side!" COPY hello.sh /bin/hello.sh @@ -105,7 +108,6 @@ _EOF_ nitro-cli run-enclave --eif-path hello.eif --cpu-count 2 --memory 512 --debug-mode sleep 1 nitro-cli console --enclave-id $(nitro-cli describe-enclaves | jq -r ".[0].EnclaveID") - _EOR_ %install mkdir .cargo @@ -202,6 +204,7 @@ chown -v '0:%ne_system_group' "${ld}" %files %doc README.md +%doc README.vsock_proxy.md %doc docs/image_signing.md %license LICENSE %license THIRD_PARTY_LICENSES