-
Notifications
You must be signed in to change notification settings - Fork 39
/
entrypoint.manifest.template
28 lines (22 loc) · 1.14 KB
/
entrypoint.manifest.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
libos.entrypoint = "/{{binary}}"
loader.preload = "file:/gramine/meson_build_output/lib/x86_64-linux-gnu/gramine/libsysdb.so"
loader.env.LD_LIBRARY_PATH = "/gramine/meson_build_output/lib/x86_64-linux-gnu/gramine/runtime/glibc:{{"{{library_paths}}"}}"
loader.env.PATH = "{{"{{env_path}}"}}"
loader.log_level = {% if debug %} "all" {% else %} "error" {% endif %}
fs.root.type = "chroot"
fs.root.path = "/"
fs.root.uri = "file:/"
# Gramine's default working dir is '/', so change the working directory to the desired one
fs.start_dir = "{{working_dir}}"
sgx.nonpie_binary = true
{% if insecure_args %}
# !! INSECURE !! Allow passing command-line arguments from the host without validation.
# Most Docker images rely on runtime arguments and hence, a more general technique is required.
# The issue is documented at https://github.com/gramineproject/graphene/issues/1520.
loader.argv0_override = "{{binary}}"
loader.insecure__use_cmdline_argv = true
{% else %}
loader.argv_src_file = "file:/trusted_argv"
sgx.trusted_files.trusted_argv = "file:/trusted_argv"
{% endif %}
# All trusted files and the user defined manifest specifications should be after this line