[Feature request] enclave-runner: redirect/prefix stdout+stderr #729
Description
Description
Could you please add a way to redirect/process the stdout and stderr of the enclaves, or add a prefix to every line outputted by the enclave?
Problem or Motivation:
I have one runner process running multiple enclaves. Unfortunately this makes it hard to see which output comes from which enclave. Having the ability to redirect the enclave stdout/stderr or adding a prefix to every line would help a lot with that.
Proposed solution:
let mut builder = enclave_builder.build(&mut device)?;
builder.args(args);
builder.stdout_prefix("[prefix]".to_owned()); // New
builder.stderr_prefix("[prefix]".to_owned()); // New
// builder.stdout(writer); // More flexible alternative
// builder.stderr(writer); // More flexible alternative
builder.run()Which should result in the following output:
Line printed by host
[prefix] Line printed by enclave
[prefix] Line printed by enclave
Line printed by host
Benefits:
It allows marking output as belonging to the enclave (and to which one). Depending on which methods are provided it can even be more flexible and, for example, allow redirecting that output to a file, without needing a custom user extension or a tcp channel (e.g. for logging).
Additional context:
My main purpose for this is logging and debugging (most of the data and all of the code is not confidential and logging thus won't leak information). Since multiple enclaves are running in the same process I can't distinguish outputs between them without additional context. The only other way to do this at the moment is giving the prefix to the enclave (e.g. as cli argument) and include it in the printed message itself.
Yes, in practice you'd likely want to avoid them (extra overhead to copy the bytes, timestamp issues, ...), but having logs (even if disabled in most cases) from within the enclave can significantly improve debug-ability. Especially in regards to panic messages (std::panic::set_hook) or other situations that almost never happen.