Unable to use JVM (openjdk-15) inside enclave

[spalberg]

Hi SGX-LKL developers,

I am struggling to run a minimal JVM inside the enclave. To be precise:
I am able to run the JVM based of the docker image openjdk:8-jre-alpine3.9.
I now want to run a minimal JVM of a newer Java version (v15 in my case).

This is my Dockerfile to build the image:

FROM openjdk:15-alpine
RUN apk add binutils
RUN jlink --strip-debug --add-modules java.base --output /java

FROM alpine:3.10
COPY --from=0 /java /java
ENV LD_LIBRARY_PATH="/java:/java/bin:/java/lib:/java/lib/server"
CMD ["/java/bin/java", "-version"]

I build and run the image using:

$ docker build -t jvm-15 .
...

$ docker run --rm -it jvm-15
openjdk version "15-ea" 2020-09-15
OpenJDK Runtime Environment (build 15-ea+31)

However, this does not work when I try to use the image with SGX-LKL:

$ sgx-lkl-disk create --cleanup --force --size="100M" --docker="jvm-15" disk.img
...

$ sgx-lkl-cfg create --disk disk.img --host-cfg host-cfg.json --enclave-cfg enclave-cfg.json
...

$ env SGXLKL_ETHREADS=8 sgx-lkl-run-oe --hw-debug --host-config=host-cfg.json --enclave-config=enclave-cfg.json
Invalid argument
Error: trying to exec /java/bin/java.
Check if file exists and permissions are set correctly.

This happens with both --sw-debug and --hw-debug.
The displayed error (Error: trying to exec /java/bin/java. Check if file exists and permissions are set correctly) is thrown by the JVM (see https://github.com/AdoptOpenJDK/openjdk-jdk11/blob/19fb8f93c59dfd791f62d41f332db9e306bc1422/src/java.base/unix/native/libjli/java_md_solinux.c#L471 , https://github.com/AdoptOpenJDK/openjdk-jdk11/blob/master/src/java.base/share/native/libjli/emessages.h#L94) and seems to have something to do with SETENV_REQUIRED and LD_LIBRARY_PATH but I don't know enough about this.

Do you have any ideas why this happens and how to fix this?
Thanks in advance!