From ebd3608e4a1c93079b95b04bd66c4f5f4eaa328a Mon Sep 17 00:00:00 2001
From: "Tate, Hongliang Tian" <tate.thl@antfin.com>
Date: Sat, 12 Oct 2019 05:27:46 +0000
Subject: [PATCH] Start up AESM service automatically in Docker

---
 README.md                  | 14 +++++---------
 tools/docker/Dockerfile    |  8 ++++++++
 tools/docker/start_aesm.sh |  5 +++++
 3 files changed, 18 insertions(+), 9 deletions(-)
 create mode 100755 tools/docker/start_aesm.sh

diff --git a/README.md b/README.md
index 7a4122fa..8a3d4cd9 100644
--- a/README.md
+++ b/README.md
@@ -114,28 +114,24 @@ Step 1-4 are to be done on the host OS:
     ```
 Step 5-9 are to be done on the guest OS running inside the container:
 
-5. Start the AESM service required by Intel SGX SDK
-    ```
-    /opt/intel/sgxpsw/aesm/aesm_service &
-    ```
-6. (Optional) Try the sample code of Intel SGX SDK
+5. (Optional) Try the sample code of Intel SGX SDK
     ```
     cd /opt/intel/sgxsdk/SampleCode/SampleEnclave && make && ./app
     ```
-7. Prepare the submodules required by Occlum LiboS
+6. Prepare the submodules required by Occlum LiboS
     ```
     cd /root/occlum/ && make submodule
     ```
-8. Compile and test Occlum LibOS
+7. Compile and test Occlum LibOS
     ```
     cd /root/occlum && make && make test
     ```
-9. Install Occlum LibOS
+8. Install Occlum LibOS
     ```
     cd /root/occlum && sudo make install
     ```
    which will install the occlum command-line tool.
-10. Try the Hello World sample project
+9. Try the Hello World sample project
     ```
     cd /root/occlum/demo/hello_world && make test
     ```
diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
index 38a57ff3..cd62ee1d 100644
--- a/tools/docker/Dockerfile
+++ b/tools/docker/Dockerfile
@@ -72,4 +72,12 @@ WORKDIR /tmp/gcc
 RUN ./build.sh
 ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
 
+# Start AESM service automatically
+#
+# To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
+# as a "real" service since the pid 1 is not systemd in Docker. So we start
+# up AESM service when an user login with an interative shell.
+COPY docker/start_aesm.sh /root
+RUN echo './root/start_aesm.sh' >> /root/.bashrc
+
 WORKDIR /root
diff --git a/tools/docker/start_aesm.sh b/tools/docker/start_aesm.sh
new file mode 100755
index 00000000..a5f4108b
--- /dev/null
+++ b/tools/docker/start_aesm.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+# Start AESM service required by Intel SGX SDK if it is not running
+if ! pgrep "aesm_service" > /dev/null ; then
+    /opt/intel/sgxpsw/aesm/aesm_service
+fi