-
Notifications
You must be signed in to change notification settings - Fork 193
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[LibOS,PAL,Docs] Introduce etc passthrough
The first `etc` passthrough file is the `/etc/hostname`. Gramine reads the option to global PAL state, and LibOS uses it to create a pseudo file with its content. Gramine sanitizes hostname. It requires that it is a valid domain. This is a difference from Linux, as Linux accepts any hostname value. That said, Linux doesn't assume that the root user tries to exploit it through hostname, and Gramine should. Gramine uses pseudofs for `etc` passthrough. Signed-off-by: Mariusz Zaborski <[email protected]>
- Loading branch information
Showing
29 changed files
with
489 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
/* SPDX-License-Identifier: LGPL-3.0-or-later */ | ||
/* Copyright (C) 2022 Intel Corporation | ||
* Mariusz Zaborski <[email protected]> | ||
*/ | ||
|
||
/* | ||
* This file contains the implementation of `etc` passthrough. | ||
*/ | ||
|
||
#include "libos_checkpoint.h" | ||
#include "libos_fs.h" | ||
#include "libos_fs_pseudo.h" | ||
|
||
static int provide_etc_hostname(struct libos_dentry* dent, char** out_data, size_t* out_size) { | ||
__UNUSED(dent); | ||
/* Use the string (without null terminator) as file data */ | ||
size_t size = strlen(g_pal_public_state->hostname); | ||
char* data = malloc(size); | ||
if (!data) | ||
return -ENOMEM; | ||
memcpy(data, g_pal_public_state->hostname, size); | ||
*out_data = data; | ||
*out_size = size; | ||
return 0; | ||
} | ||
|
||
int init_etc(void) { | ||
pseudo_add_str(NULL, "hostname", &provide_etc_hostname); | ||
return 0; | ||
} | ||
|
||
int init_mount_etc(void) { | ||
int ret; | ||
|
||
if (!g_pal_public_state->passthrough_etc_files) | ||
return 0; | ||
|
||
ret = mount_fs(&(struct libos_mount_params){ | ||
.type = "pseudo", | ||
.path = "/etc/hostname", | ||
.uri = "hostname", | ||
}); | ||
if (ret < 0) | ||
return ret; | ||
|
||
return 0; | ||
} | ||
|
||
BEGIN_CP_FUNC(etc_info) { | ||
__UNUSED(size); | ||
__UNUSED(obj); | ||
__UNUSED(objp); | ||
|
||
/* Propagate hostname */ | ||
size_t off = ADD_CP_OFFSET(sizeof(g_pal_public_state->hostname) + | ||
sizeof(g_pal_public_state->passthrough_etc_files)); | ||
char* new_hostname = (char*)(base + off); | ||
memcpy(new_hostname, g_pal_public_state->hostname, sizeof(g_pal_public_state->hostname)); | ||
|
||
/* Propagate passthrough_etc_files */ | ||
bool* new_passthrough_etc_files = (bool*)(new_hostname + | ||
sizeof(g_pal_public_state->hostname)); | ||
*new_passthrough_etc_files = g_pal_public_state->passthrough_etc_files; | ||
ADD_CP_FUNC_ENTRY(off); | ||
} | ||
END_CP_FUNC(etc_info) | ||
|
||
BEGIN_RS_FUNC(etc_info) { | ||
__UNUSED(offset); | ||
__UNUSED(rebase); | ||
|
||
const char* hostname = (const char*)(base + GET_CP_FUNC_ENTRY()); | ||
memcpy(&g_pal_public_state->hostname, hostname, sizeof(g_pal_public_state->hostname)); | ||
|
||
g_pal_public_state->passthrough_etc_files = *(bool*)(hostname + | ||
sizeof(g_pal_public_state->hostname)); | ||
} | ||
END_RS_FUNC(etc_info) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
#define _DEFAULT_SOURCE BSD /* This is required for gethostname */ | ||
|
||
#include <sys/wait.h> | ||
#include <errno.h> | ||
#include <fcntl.h> | ||
#include <stdio.h> | ||
#include <stdlib.h> | ||
#include <string.h> | ||
#include <unistd.h> | ||
|
||
static void test_fork(const char* tag, const char* name, void (*f)(const char*, const char*)) { | ||
int status; | ||
|
||
pid_t pid = fork(); | ||
if (pid == -1) { | ||
printf("Unable to fork %s\n", tag); | ||
exit(1); | ||
} | ||
|
||
if (pid == 0) { | ||
f(tag, name); | ||
exit(0); | ||
} | ||
|
||
if (wait(&status) == -1) { | ||
printf("Wait failed %s\n", tag); | ||
exit(1); | ||
} | ||
|
||
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { | ||
printf("Test failed %s\n", tag); | ||
exit(1); | ||
} | ||
} | ||
|
||
static void test_gethostname(const char* tag, const char* name) { | ||
char buf[512] = {0}; | ||
|
||
if (gethostname(buf, sizeof(buf)) != 0) { | ||
printf("%sgethostname: failed %d\n", tag, errno); | ||
exit(1); | ||
} | ||
|
||
if (strcmp(buf, name) != 0) { | ||
printf("%sgethostname dosen't match hostname (expected: %s, got: %s)\n", | ||
tag, name, buf); | ||
exit(1); | ||
} | ||
} | ||
|
||
static void test_etc_hostname(const char* tag, const char* name) { | ||
char buf[512] = {0}; | ||
int fd; | ||
|
||
fd = open("/etc/hostname", O_RDONLY); | ||
|
||
/* | ||
* If the etc hostname was not provided, assume that etc shouldn't exists. | ||
*/ | ||
if (strcmp(name, "") == 0) { | ||
if (fd != -1 || errno != ENOENT) { | ||
printf("The etc file shouldn't exists, but exists\n"); | ||
exit(1); | ||
} | ||
return; | ||
} | ||
|
||
if (fd == -1) { | ||
printf("Unable to open /etc/hostname in %s\n", tag); | ||
exit(1); | ||
} | ||
|
||
int ret = read(fd, buf, sizeof(buf)); | ||
if (ret <= 0) { | ||
printf("Unable to read /etc/hostname in %s\n", tag); | ||
exit(1); | ||
} | ||
|
||
/* | ||
* Sometimes etc hostname might have a trailing '\n', gramine is romving it, | ||
* do the same in the test. | ||
*/ | ||
size_t len = strlen(buf); | ||
if (len > 0 && buf[len - 1] == '\n') { | ||
buf[len - 1] = '\0'; | ||
} | ||
|
||
if (strcmp(buf, name) != 0) { | ||
printf("%s etc don't have a expected value (expected: %s, got: %s)\n", | ||
tag, name, buf); | ||
exit(1); | ||
} | ||
} | ||
|
||
int main(int argc, char** argv) { | ||
if (argc != 3) { | ||
printf("Usage: %s [hostname] [etc_hostname]\n", argv[0]); | ||
return 1; | ||
} | ||
|
||
test_gethostname("", argv[1]); | ||
test_etc_hostname("", argv[2]); | ||
test_fork("fork gethostname", argv[1], test_gethostname); | ||
test_fork("fork etc gethostname", argv[2], test_etc_hostname); | ||
|
||
printf("hostname test passed\n"); | ||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
loader.entrypoint = "file:{{ gramine.libos }}" | ||
libos.entrypoint = "hostname" | ||
|
||
loader.env.LD_LIBRARY_PATH = "/lib" | ||
loader.insecure__use_cmdline_argv = true | ||
|
||
fs.mounts = [ | ||
{ path = "/lib", uri = "file:{{ gramine.runtimedir(libc) }}" }, | ||
{ path = "/hostname", uri = "file:{{ binary_dir }}/hostname" }, | ||
] | ||
|
||
sgx.debug = true | ||
sgx.nonpie_binary = true | ||
sgx.thread_num = 16 | ||
|
||
sgx.trusted_files = [ | ||
"file:{{ gramine.libos }}", | ||
"file:{{ gramine.runtimedir(libc) }}/", | ||
"file:{{ binary_dir }}/hostname", | ||
] | ||
|
||
libos.passthrough_etc_files = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
/* SPDX-License-Identifier: LGPL-3.0-or-later */ | ||
/* Copyright (C) 2022 Intel Corporation | ||
* Mariusz Zaborski <[email protected]> | ||
*/ | ||
|
||
#pragma once | ||
|
||
#include "pal.h" | ||
|
||
/* Function to fetch the hostname */ | ||
int get_hostname(char* hostname, size_t size); |
Oops, something went wrong.