Hello, I’m trying to launch apps, that heavily relay on SGX, in LXD containers. Apps are already inside docker-images, so I need pass SGX through LXD to Docker.
I’ve tryied profile with:
path: /dev/isgx
source: /dev/isgx
type: disk
But it failed.
What you can advice in such case?
Most likely you need unix-char here instead of disk.
Khm…
lxc mycontainer 20210401165223.727 ERROR apparmor - lsm/apparmor.c:apparmor_prepare:1099 - If you really want to start this container, set
lxc mycontainer 20210401165223.727 ERROR apparmor - lsm/apparmor.c:apparmor_prepare:1100 - lxc.apparmor.allow_incomplete = 1
lxc mycontainer 20210401165223.727 ERROR apparmor - lsm/apparmor.c:apparmor_prepare:1101 - in your container configuration file
lxc mycontainer 20210401165223.727 ERROR start - start.c:lxc_init:832 - Failed to initialize LSM
lxc mycontainer 20210401165223.727 ERROR start - start.c:__lxc_start:1945 - Failed to initialize container "mycontainer"
lxc mycontainer 20210401165224.261 ERROR conf - conf.c:run_buffer:314 - Script exited with status 1
lxc mycontainer 20210401165224.261 ERROR start - start.c:lxc_end:958 - Failed to run lxc.hook.post-stop for container "mycontainer"
lxc mycontainer 20210401165224.261 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:851 - No such file or directory - Failed to receive the container state
lxc 20210401165224.262 WARN commands - commands.c:lxc_cmd_rsp_recv:126 - Connection reset by peer - Failed to receive response for command "get_state"
How to set lxc.apparmor.allow_incomplete = 1?
That’s a good question. And were you ever able to get the SGX device available inside the containers?