general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Substitute ramFS with a temporary SEFS at "/tmp"

Browse Source
This commit is contained in:
LI Qing 2020-07-21 13:56:08 +08:00 committed by Tate, Hongliang Tian
parent b04aa2d7ea
commit 3f6bcec1c5
9 changed files with 53 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -152,7 +152,10 @@ Occlum can be configured easily via a config file named `Occlum.json`, which is
},
{
"target": "/tmp",
"type": "ramfs"
"type": "sefs",
"options": {
"temporary": true
}
}
]
}

2
deps/sefs vendored

@ -1 +1 @@
Subproject commit fcb81443be49344e26fc1017534f1a6eec397d49
Subproject commit f06c02dfc5fa91cb9be7574f1882cdab863673f1

5
etc/template/Occlum.json
View File

@ -54,7 +54,10 @@
},
{
"target": "/tmp",
"type": "ramfs"
"type": "sefs",
"options": {
"temporary": true
}
}
]
}

4
src/libos/src/config.rs
View File

@ -131,6 +131,7 @@ pub struct ConfigMountOptions {
pub integrity_only: bool,
pub mac: Option<sgx_aes_gcm_128bit_tag_t>,
pub layers: Option<Vec<ConfigMount>>,
pub temporary: bool,
}
impl Config {
@ -249,6 +250,7 @@ impl ConfigMountOptions {
integrity_only,
mac,
layers,
temporary: input.temporary,
})
}
}
@ -385,4 +387,6 @@ struct InputConfigMountOptions {
pub mac: Option<String>,
#[serde(default)]
pub layers: Option<Vec<InputConfigMount>>,
#[serde(default)]
pub temporary: bool,
}

12
src/libos/src/fs/rootfs.rs
View File

@ -111,7 +111,8 @@ fn mount_nonroot_fs_according_to(mount_config: &Vec<ConfigMount>, root: &MNode)
return_errno!(EINVAL, "Source is expected for SEFS");
}
let source_path = mc.source.as_ref().unwrap();
let sefs = {
let sefs = if !mc.options.temporary {
{
SEFS::open(
Box::new(SgxStorage::new(source_path, false, None)),
&time::OcclumTimeProvider,
@ -124,7 +125,14 @@ fn mount_nonroot_fs_according_to(mount_config: &Vec<ConfigMount>, root: &MNode)
&time::OcclumTimeProvider,
&SgxUuidProvider,
)
})?;
})?
} else {
SEFS::create(
Box::new(SgxStorage::new(source_path, false, None)),
&time::OcclumTimeProvider,
&SgxUuidProvider,
)?
};
mount_fs_at(sefs, &root, target_dirname)?;
}
TYPE_HOSTFS => {

12
src/libos/src/fs/sefs/sgx_storage.rs
View File

@ -8,6 +8,7 @@ use std::io::{Read, Seek, SeekFrom, Write};
use std::path::{Path, PathBuf};
use std::sgxfs::{remove, OpenOptions, SgxFile};
use std::sync::{Arc, SgxMutex as Mutex};
use std::untrusted::fs;
pub struct SgxStorage {
path: PathBuf,
@ -157,6 +158,17 @@ impl Storage for SgxStorage {
fn is_integrity_only(&self) -> bool {
self.integrity_only
}
fn clear(&self) -> DevResult<()> {
for child in fs::read_dir(&self.path).expect("faild to read dir") {
let child = child.expect("faild to get dir entry");
remove(&child.path()).expect("failed to remove SgxFile");
}
// clear cache
let mut caches = self.file_cache.lock().unwrap();
caches.clear();
Ok(())
}
}
#[derive(Clone)]

5
test/Occlum.json
View File

@ -57,7 +57,10 @@
},
{
"target": "/tmp",
"type": "ramfs"
"type": "sefs",
"options": {
"temporary": true
}
}
]
}

1
tools/occlum
View File

@ -236,6 +236,7 @@ cmd_build() {
fi
mkdir -p "$context_dir/run/mount/__ROOT"
mkdir -p "$context_dir/run/mount/tmp"
ln -s $occlum_dir/build/bin/occlum_exec_client $context_dir/build/bin/occlum_exec_client
ln -s $occlum_dir/build/bin/occlum_exec_server $context_dir/build/bin/occlum_exec_server

6
tools/occlum-gen-default-occlum-json
View File

@ -44,7 +44,11 @@ cat <<EOF
},
{
"target": "/tmp",
"type": "ramfs"
"type": "sefs",
"source": "$OCCLUM_INSTANCE_DIR/run/mount/tmp",
"options": {
"temporary": true
}
}
],
"env": $OCCLUM_CONF_ENV,