First iteration of etc passthrough
#850
Closed
Commits on Aug 17, 2022
-
[LibOS,PAL,Docs] Introduce etc passthrough
The first `etc` passthrough file is the `/etc/hostname`. Gramine reads the option to global PAL state, and LibOS uses it to create a pseudo file with its content. Gramine sanitizes hostname. It requires that it is a valid domain. This is a difference from Linux, as Linux accepts any hostname value. That said, Linux doesn't assume that the root user tries to exploit it through hostname, and Gramine should. Gramine uses pseudofs for `etc` passthrough. Signed-off-by: Mariusz Zaborski <[email protected]>
Commits on Aug 18, 2022
-
squash! [LibOS,PAL,Docs] Introduce etc passthrough
!TODO use this commit message: [LibOS,PAL,Docs] Introduce etc passthrough (currently only 'hostname') The first `etc` passthrough file is the `/etc/hostname`. Gramine reads the host file to global PAL state, and LibOS uses it to create a pseudo file with its content. Gramine sanitizes hostname. It requires that it is a valid domain. This is a difference from Linux, as Linux accepts any hostname value. That said, Linux doesn't assume that the root user tries to exploit it through hostname, and Gramine should. Gramine uses pseudofs for `etc` passthrough. Signed-off-by: Mariusz Zaborski <[email protected]>
Commits on Aug 21, 2022
-
fixup! [LibOS,PAL,Docs] Introduce etc passthrough
Signed-off-by: Mariusz Zaborski <[email protected]>
Commits on Aug 23, 2022
Commits on Aug 24, 2022
Commits on Aug 31, 2022
-
squash! [LibOS,PAL,Docs] Introduce etc passthrough
!TODO use this commit message: [LibOS,PAL,Docs] Introduce `etc` emulation (currently only 'hostname') Gramine obtains information from a host, sanitizes it, and stores it in the global PAL state. Later, LibOS uses it to create a pseudo file (using pseudofs filesystem). The difference between Linux and Gramine is that Gramine expected the hostname to be a valid domain - as we assume the host is untrusted. In the case of Linux, it doesn't presume that the root user tries to exploit it through a malicious hostname. Signed-off-by: Mariusz Zaborski <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.