Update README to explain the new Occlum.json format
This commit is contained in:
Tate, Hongliang Tian
parent
ffbae880f2
commit
37ca75da47
40
README.md
40
README.md
@ -65,10 +65,16 @@ The `occlum run` command starts up an Occlum SGX enclave, which, behind the scen
|
|||||||
Occlum can be configured easily via a config file named `Occlum.json`, which is generated by the `occlum init` command in the Occlum context directory. The user can modify `Occlum.json` to config Occlum. A sample of `Occlum.json` is shown below. Some comments are added to provide a brief explanation.
|
Occlum can be configured easily via a config file named `Occlum.json`, which is generated by the `occlum init` command in the Occlum context directory. The user can modify `Occlum.json` to config Occlum. A sample of `Occlum.json` is shown below. Some comments are added to provide a brief explanation.
|
||||||
```
|
```
|
||||||
{
|
{
|
||||||
// Virtual memory
|
// Resource limits
|
||||||
"vm": {
|
"resource_limits": {
|
||||||
// The size of memory available for use by LibOS processes
|
// The total size of enclave memory available to LibOS processes
|
||||||
"user_space_size": "128MB"
|
"user_space_size": "256MB",
|
||||||
|
// The heap size of LibOS kernel
|
||||||
|
"kernel_space_heap_size": "32MB",
|
||||||
|
// The stack size of LibOS kernel
|
||||||
|
"kernel_space_stack_size": "1MB",
|
||||||
|
// The max number of LibOS threads/processes
|
||||||
|
"max_num_of_threads": 32
|
||||||
},
|
},
|
||||||
// Process
|
// Process
|
||||||
"process": {
|
"process": {
|
||||||
@ -79,6 +85,14 @@ Occlum can be configured easily via a config file named `Occlum.json`, which is
|
|||||||
// The max size of memory by mmap syscall
|
// The max size of memory by mmap syscall
|
||||||
"default_mmap_size": "32MB"
|
"default_mmap_size": "32MB"
|
||||||
},
|
},
|
||||||
|
// Entry points
|
||||||
|
//
|
||||||
|
// Entry points specify all valid path prefixes for <path> in `occlum run
|
||||||
|
// <path> <args>`. This prevents outside attackers from executing arbitrary
|
||||||
|
// commands inside an Occlum-powered enclave.
|
||||||
|
"entry_points": [
|
||||||
|
"/bin"
|
||||||
|
],
|
||||||
// Environment variables
|
// Environment variables
|
||||||
//
|
//
|
||||||
// This gives a list of environment variables for the "root"
|
// This gives a list of environment variables for the "root"
|
||||||
@ -96,14 +110,16 @@ Occlum can be configured easily via a config file named `Occlum.json`, which is
|
|||||||
"EXAMPLE"
|
"EXAMPLE"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
// Entry points
|
// Enclave metadata
|
||||||
//
|
"metadata": {
|
||||||
// Entry points specify all valid path prefixes for <path> in `occlum run
|
// Enclave signature structure's ISVPRODID field
|
||||||
// <path> <args>`. This prevents outside attackers from executing arbitrary
|
"product_id": 0,
|
||||||
// commands inside an Occlum-powered enclave.
|
// Enclave signature structure's ISVSVN field
|
||||||
"entry_points": [
|
"version_number": 0,
|
||||||
"/bin"
|
// Whether the enclave is debuggable through special SGX instructions.
|
||||||
],
|
// For production enclave, it is IMPORTANT to set this value to false.
|
||||||
|
"debuggable": true
|
||||||
|
},
|
||||||
// Mount points and their file systems
|
// Mount points and their file systems
|
||||||
//
|
//
|
||||||
// Limitation: configuring mount points by modifying this config file is not
|
// Limitation: configuring mount points by modifying this config file is not
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user