Remove fish and busybox binaries from entrypoints to make it more secure

demos/fish/README.md

@@ -21,6 +21,13 @@ inside Occlum. `echo`, `awk`, `cat` here are actually symbolic files linked to b
 to write `busybox` prefix. The `command` keyword tells FISH that `echo` is an external command because FISH also provides
 builtin `echo` command.
 
+The script can be executed by Occlum directly as shown below:
+```
+occlum run /bin/fish_script.sh
+```
+As demonstrated here, Occlum supports executing any script file that begins with a [shebang](https://en.wikipedia.org/wiki/Shebang_(Unix))
+at its first line by invoking the interpreter program specified with the shebang.
+
 ## Step 1:
 Downlaod FISH and busybox and build them with Occlum tool chain:
 ```

demos/fish/fish_script.sh

@@ -1,3 +1,3 @@
-#! /bin/fish
+#! /usr/bin/fish
 command echo "Hello-world-from-fish" | awk '$1=$1' FS="-" OFS=" " > /root/output.txt
 cat /root/output.txt

demos/fish/run_fish_test.sh

@@ -4,16 +4,17 @@ set -e
 rm -rf occlum-context
 mkdir occlum-context && cd occlum-context
 occlum init
+mkdir -p image/usr/bin
 cp ../Occlum.json .
-cp ../fish-shell/build/fish image/bin
+cp ../fish-shell/build/fish image/usr/bin
-cp ../busybox/busybox image/bin
+cp ../busybox/busybox image/usr/bin
-cp ../fish_script.sh image
+cp ../fish_script.sh image/bin
 pushd image/bin
-ln -s /bin/busybox cat
+ln -s /usr/bin/busybox cat
-ln -s /bin/busybox echo
+ln -s /usr/bin/busybox echo
-ln -s /bin/busybox awk
+ln -s /usr/bin/busybox awk
 popd
 
 occlum build
 echo -e "\nBuild done. Running fish script ..."
-occlum run /bin/fish /fish_script.sh
+occlum run /bin/fish_script.sh