Occlum-Compatible Executable Binaries
The hello_world
demo is based on musl libc with recompiling. But Occlum actually can support both musl libc
and glibc
based executable binaries without recompiling if they meet below three principles.
No fork syscall
By design, Occlum doesn’t support fork
syscall. If there is fork
syscall in the application, users have to assess if the fork
could be replaced by vfork + exec
or posix spawn
. If yes, code modification and recompiling is inevitable.
libc version compatibility
No recompiling doesn’t mean the original libc
libraries can be directly used in Occlum. To run in Occlum TEE environment, customized libc
libraries are provided in the Occlum development docker image.
libc | Compatible Version in Occlum | Path in Occlum Docker Image |
---|---|---|
musl libc | <=1.1.24 (default version in Alpine:3.11) |
/usr/local/occlum/x86_64-linux-musl/lib/ |
glibc | <=2.31 (default version in Ubuntu:20.04) |
/opt/occlum/glibc/lib/ |
Actually, the original libc
libraries are to be replaced silently in Occlum build
stage by copy_bom
tool.
Compiled with PIE (Position-Independent-Executable)
Current Ubuntu:20.04 and Alpine:3.11 enable PIE
in default.