Gramine GSC - Docker Container Communication via Docker DNS

Tiago

unread,

Jul 10, 2023, 9:57:39 AMJul 10

to us...@gramineproject.io

Hello I have a question regarding Gramine Shielded Containers,

I managed to build and sign a container using gsc.

Now I am trying to reach another container in this graminized docker using another container name as hostname, and I am getting the following error:

hostname resolving error (lookup another-container on 168.63.129.16:53: no such host)

Question:

For communication between containers do both of them need to be build and signed using gsc?

I guess an gsc container can't reach a standard docker container?

In that case, if all need to be built and signed by gsc, can at least the "another-container" not use sgx at all? Because I don't have that requirement, can be a graminized docker container but without sgx support?

Thank you!

Looking forward for your reply,

Best regards,

Tiago

Kenny

unread,

Aug 2, 2023, 3:29:21 AMAug 2

to Gramine Users

Hi,

At first a Docker image has to be graminized via the gsc build command. When the graminized image should run within an Intel SGX enclave, the image has to be signed via a gsc sign-image command. Subsequently, the image can be run using docker run.

Refer link for more information.

Regards,

Ken

Kenny

unread,

Aug 3, 2023, 9:57:53 PMAug 3

to Gramine Users

Hi,

I hope the information I provided was helpful to you. Do you need further help with this issue?

Please inform us if you have any questions. Thank you.

Regards,

Ken

Michał Kowalczyk

unread,

Aug 16, 2023, 3:10:14 AMAug 16

to Tiago, us...@gramineproject.io

This looks like a network problem. It should work correctly if you use https://gramine.readthedocs.io/en/latest/manifest-syntax.html#domain-names-configuration option, if it doesn't then you'll need some DNS config debugging :)