运行 docker-compose 时出现分段错误

tag-icon tag-icon docker docker-compose
运行 docker-compose 时出现分段错误

我遇到了一个棘手的问题,需要解决。

以下是上下文。首先,我使用的 Dockerfile:

#######################################################################
# BUILDER
# Builds Toolset, SDK/PSW installer
#######################################################################
FROM ubuntu:20.04 as builder
ENV TZ=Europe/Paris
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN apt-get update -qq && apt-get install  -y -qq \
    autoconf \
    automake \
    build-essential \
    cmake \
    curl \
    debhelper \
    git \
    libcurl4-openssl-dev \
    libprotobuf-dev \
    libssl-dev \
    libtool \
    lsb-release \
    ocaml \
    ocamlbuild \
    protobuf-compiler \
    python \
    wget \
    unzip
RUN mkdir -p /opt/intel

# retrieve SDK source from repo
RUN git clone https://github.com/intel/linux-sgx.git
WORKDIR /linux-sgx

# prepare toolset
RUN make preparation
RUN ls -lisa external/toolset/ubuntu20.04
RUN cp /linux-sgx/external/toolset/ubuntu20.04/as /usr/local/bin
RUN cp /linux-sgx/external/toolset/ubuntu20.04/ld /usr/local/bin
RUN cp /linux-sgx/external/toolset/ubuntu20.04/ld.gold /usr/local/bin
RUN cp /linux-sgx/external/toolset/ubuntu20.04/objdump /usr/local/bin

# build SDK from source
RUN make sdk_install_pkg_no_mitigation

# install the SDK
WORKDIR /opt/intel
RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin'

# build PSW from source
WORKDIR /linux-sgx
RUN make psw_install_pkg


#######################################################################
# AESM
# Retrieves PSW installer from BUILDER, installs it and starts
# AESM service
#######################################################################
FROM ubuntu:20.04 as aesm
RUN apt-get update && apt-get install -y libcurl4 libprotobuf17 libssl1.1 make
WORKDIR /installer
COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./
RUN ./sgx_linux_x64_psw*.bin --no-start-aesm
USER aesmd
WORKDIR /opt/intel/sgxpsw/aesm/
ENV LD_LIBRARY_PATH=.
CMD ./aesm_service --no-daemon

到目前为止,它运行得非常好。然后是 docker-compose 文件:

version: '3.7'

services:
  aesm:
    build:
      context: .
      dockerfile: DockerfileNew
      network: host
    image: aesm
    user: aesmd
    devices:
      - /dev/isgx
    environment:
      - http_proxy
      - https_proxy
    volumes:
      - aesmd-socket:/var/run/aesmd
    stdin_open: true
    tty: true

volumes:
  aesmd-socket:
    driver: local
    driver_opts:
      type: "tmpfs"
      device: "tmpfs"
      o: "rw"

当我使用 运行它时docker-compose -f mydockercomposefile.yaml up --remove-orphans,我立即从容器中得到一个分段错误,而没有其他任何错误。

但是!有趣的部分来了……当我使用这些命令时,容器工作正常:

docker build --target aesm \
             --build-arg https_proxy=$https_proxy \
             --build-arg http_proxy=$http_proxy \
              -t sgx_aesm -f ./DockerfileNew .

docker volume create --driver local \
                     --opt type=tmpfs \
                     --opt device=tmpfs \
                     --opt o=rw aesmd-socket

docker run --env http_proxy \
           --env https_proxy \
           --device=/dev/isgx \
           -v /dev/log:/dev/log \
           -v aesmd-socket:/var/run/aesmd \ 
           -it sgx_aesm

这真的让我抓狂。有人能帮忙吗?

相关内容