general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix the error of demos with encrypted fs image

Browse Source
This commit is contained in:
LI Qing 2021-03-01 17:40:35 +08:00 committed by Zongmin.Gu
parent c3a02ffc28
commit 7deeccb03b
5 changed files with 43 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
demos/fish/Occlum.json
View File

@ -1,7 +1,7 @@
{
"resource_limits": {
"user_space_size": "512MB",
"kernel_space_heap_size": "32MB",
"kernel_space_heap_size": "64MB",
"kernel_space_stack_size": "1MB",
"max_num_of_threads": 32
},
@ -29,15 +29,24 @@
"mount": [
{
"target": "/",
"type": "sefs",
"source": "./image",
"type": "unionfs",
"options": {
"integrity_only": true
"layers": [
{
"target": "/",
"type": "sefs",
"source": "./build/mount/__ROOT",
"options": {
"MAC": ""
}
},
{
"target": "/root",
"type": "sefs"
"target": "/",
"type": "sefs",
"source": "./run/mount/__ROOT"
}
]
}
},
{
"target": "/host",
@ -46,7 +55,19 @@
},
{
"target": "/tmp",
"type": "ramfs"
"type": "sefs",
"source": "./run/mount/tmp",
"options": {
"temporary": true
}
},
{
"target": "/proc",
"type": "procfs"
},
{
"target": "/dev",
"type": "devfs"
}
]
}

7
src/libos/src/entry.rs
View File

@ -21,6 +21,8 @@ static mut ENCLAVE_PATH: String = String::new();
lazy_static! {
static ref INIT_ONCE: Once = Once::new();
static ref HAS_INIT: AtomicBool = AtomicBool::new(false);
pub static ref ENTRY_POINTS: RwLock<Vec<PathBuf>> =
RwLock::new(config::LIBOS_CONFIG.entry_points.clone());
}
macro_rules! ecall_errno {
@ -292,8 +294,9 @@ fn validate_program_path(target_path: &PathBuf) -> Result<()> {
}
// Check whether the prefix of the program path matches one of the entry points
let is_valid_entry_point = &config::LIBOS_CONFIG
.entry_points
let is_valid_entry_point = &ENTRY_POINTS
.read()
.unwrap()
.iter()
.any(|valid_path_prefix| target_path.starts_with(valid_path_prefix));
if !is_valid_entry_point {

7
src/libos/src/fs/fs_ops/mount.rs
View File

@ -8,7 +8,7 @@ lazy_static! {
}
pub fn do_mount_rootfs(
mount_configs: &Vec<ConfigMount>,
user_config: &config::Config,
user_key: &Option<sgx_key_128bit_t>,
) -> Result<()> {
debug!("mount rootfs");
@ -17,14 +17,15 @@ pub fn do_mount_rootfs(
return_errno!(EPERM, "rootfs cannot be mounted more than once");
}
let new_root_inode = {
let rootfs = open_root_fs_according_to(mount_configs, user_key)?;
let rootfs = open_root_fs_according_to(&user_config.mount, user_key)?;
rootfs.root_inode()
};
mount_nonroot_fs_according_to(&new_root_inode, mount_configs, user_key)?;
mount_nonroot_fs_according_to(&new_root_inode, &user_config.mount, user_key)?;
MOUNT_ONCE.call_once(|| {
let mut root_inode = ROOT_INODE.write().unwrap();
root_inode.fs().sync().expect("failed to sync old rootfs");
*root_inode = new_root_inode;
*ENTRY_POINTS.write().unwrap() = user_config.entry_points.to_owned();
});
Ok(())
}

5
src/libos/src/fs/syscalls.rs
View File

@ -533,8 +533,7 @@ pub fn do_mount_rootfs(
}
let expected_occlum_json_mac = unsafe { occlum_json_mac_ptr.read() };
let user_config_path = unsafe { format!("{}{}", INSTANCE_DIR, "/build/Occlum.json.protected") };
let user_mount_config =
config::load_config(&user_config_path, &expected_occlum_json_mac)?.mount;
fs_ops::do_mount_rootfs(&user_mount_config, &key)?;
let user_config = config::load_config(&user_config_path, &expected_occlum_json_mac)?;
fs_ops::do_mount_rootfs(&user_config, &key)?;
Ok(0)
}

2
tools/gen_internal_conf/src/main.rs
View File

@ -237,7 +237,7 @@ fn main() {
default_heap_size: occlum_config.process.default_heap_size,
default_mmap_size: occlum_config.process.default_mmap_size,
},
entry_points: occlum_config.entry_points,
entry_points: json!(["/bin"]),
env: occlum_config.env,
mount: gen_sys_mount_config(occlum_conf_init_fs_mac.to_string()),
};