-
Notifications
You must be signed in to change notification settings - Fork 193
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[LibOS] Add
sys.disallowed_syscalls = [ ... ]
manifest option
This commit adds the manifest syntax `sys.disallowed_syscalls = [ ... ]` to specify system calls that will be disallowed to be executed in Gramine (i.e. a denylist). This resembles, though significantly less flexible, seccomp profiles. Signed-off-by: Dmitrii Kuvaiskii <[email protected]>
- Loading branch information
Showing
12 changed files
with
175 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
#define _GNU_SOURCE | ||
#include <err.h> | ||
#include <errno.h> | ||
#include <stdint.h> | ||
#include <stdio.h> | ||
#include <stdlib.h> | ||
#include <sys/eventfd.h> | ||
#include <sys/types.h> | ||
#include <unistd.h> | ||
|
||
int main(void) { | ||
int ret; | ||
|
||
errno = 0; | ||
ret = eventfd(0, 0); | ||
if (ret != -1 && errno != ENOSYS) | ||
errx(1, "expected eventfd to fail with -ENOSYS but it returned ret=%d errno=%d", ret, | ||
errno); | ||
|
||
errno = 0; | ||
ret = fork(); | ||
if (ret != -1 && errno != ENOSYS) | ||
errx(1, "expected fork to fail with -ENOSYS but it returned ret=%d errno=%d", ret, errno); | ||
|
||
errno = 0; | ||
ret = getpid(); | ||
if (ret < 0) | ||
errx(1, "expected getpid to succeed but it returned ret=%d errno=%d", ret, errno); | ||
|
||
errno = 0; | ||
ret = gettid(); | ||
if (ret < 0) | ||
errx(1, "expected gettid to succeed but it returned ret=%d errno=%d", ret, errno); | ||
|
||
puts("TEST OK"); | ||
return 0; | ||
} |
32 changes: 32 additions & 0 deletions
32
libos/test/regression/disallowed_syscalls.manifest.template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
loader.entrypoint = "file:{{ gramine.libos }}" | ||
libos.entrypoint = "{{ entrypoint }}" | ||
|
||
loader.env.LD_LIBRARY_PATH = "/lib" | ||
|
||
fs.mounts = [ | ||
{ path = "/lib", uri = "file:{{ gramine.runtimedir(libc) }}" }, | ||
{ path = "/{{ entrypoint }}", uri = "file:{{ binary_dir }}/{{ entrypoint }}" }, | ||
] | ||
|
||
sys.disallowed_syscalls = [ | ||
# even though glibc wrapper is called eventfd, glibc translates it into eventfd2; | ||
# we specify both syscall variants to be on the safe side | ||
"eventfd", | ||
"eventfd2", | ||
|
||
# even though glibc wrapper is called fork, glibc translates it into clone; | ||
# we specify all syscall variants to be on the safe side | ||
"fork", | ||
"vfork", | ||
"clone", | ||
"clone3", | ||
] | ||
|
||
sgx.debug = true | ||
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} | ||
|
||
sgx.trusted_files = [ | ||
"file:{{ gramine.libos }}", | ||
"file:{{ gramine.runtimedir(libc) }}/", | ||
"file:{{ binary_dir }}/{{ entrypoint }}", | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters