This demo will show Occlum's support in shell script.
Occlum now only supports FISH (the friendly interactive shell, https://github.com/fish-shell/fish-shell) for now
because FISH initially use posix_spawn()
to create process.
This shell script works with BusyBox (the Swiss army knife of embedded Linux, https://busybox.net/). BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc.
This shell script contains executable binaries, pipe symbols and output redirection like this:
command echo "Hello-world-from-fish" | awk '$1=$1' FS="-" OFS=" " > /root/output.txt
cat /root/output.txt
which is defined in fish_script.sh
. awk
will replace -
to space
and should output result
string Hello world from fish
and store in /root/output.txt
of Occlum SEFS and can only be read
inside Occlum. echo
, awk
, cat
here are actually symbolic files linked to busybox and in this way, we don't need
to write busybox
prefix. The command
keyword tells FISH that echo
is an external command because FISH also provides
builtin echo
command.
The script can be executed by Occlum directly as shown below:
occlum run /bin/fish_script.sh
As demonstrated here, Occlum supports executing any script file that begins with a shebang at its first line by invoking the interpreter program specified with the shebang.
Download FISH and busybox and build them with Occlum tool chain:
./download_and_build.sh
Run command to prepare context and execute script:
./run_fish_test.sh
Or if this demo is running on non-SGX platform, use:
SGX_MODE=SIM ./run_fish_test.sh
And you should see Hello world from fish
.
Resource configuration for application running in Occlum is done only in Occlum.json
. And only default size (mmap, heap, stack) can be
configured. Since Occlum will claim all the memory space at initializtion, if an application doesn't really need the size as big as defined
in Occlum.json
, the exceeding memory space is wasted. If two applications are running, one of which needs only a small amount of space while
the other needs a lot more, it is better to run with per-process resource configuration.
We achieve this with help of prlimit
syscall (https://man7.org/linux/man-pages//man2/prlimit.2.html) and FISH shell built-in command
ulimit
(https://fishshell.com/docs/current/cmds/ulimit.html). Thus, the application must be run in shell script. An example could be like this:
#! /usr/bin/fish
ulimit -a
# ulimit defined below will override configuration in Occlum.json
ulimit -Ss 10240 # stack size 10M
ulimit -Sd 40960 # heap size 40M
ulimit -Sv 102400 # virtual memory size 100M (including heap, stack, mmap size)
echo "ulimit result:"
ulimit -a
# Run applications with the new resource limits
...
Below steps illustrate this usage:
Run command:
./run_per_process_config_test.sh --without-ulimit
This test will fail because ulimit
commands are commented out and the default memory size defined in Occlum.json is too small for application to run.
Run command:
./run_per_process_config_test.sh
With the resource limits updated by ulimit
command, the test can now pass.