4. July 2022 #716
dimakuv
started this conversation in
Meeting notes
Replies: 1 comment
-
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
[ People located in US were missing because of the Independence Day ]
Agenda
(please write your proposed agenda items in comments under this discussion)
etc/
files, see RFC: Sanitization of/etc/
files #689docker-entrypoint.sh
.@vans163's proposal to send a machine for CI
Mentoring new, potential contributors
Sanitization of
etc/
runtime filesAll discussion is reproduced here: #689 (comment)
GSC and "preparing the environment" ENTRYPOINT scripts
Problem: many Docker images have a special "prepare the environment then start the actual binary" scripts as the Docker-container ENTRYPOINT. Case in point:
docker-entrypoint.sh
of Redis.If this Redis image is taken as the base, and GSC is used to build a "graminized" Docker image, then the final Docker image will try to start Gramine on this
docker-entrypoint.sh
script. Which will mean that Gramine will try to execute several admin tools, includingfind
,chown
,gosu
andumask
. Gramine was never designed for such administrative tasks, and some of these tasks are meaningless and have no side effects when executed by Gramine (leading to hard-to-diagnose failures afterwards), and some of these tasks simply terminate Gramine with an explicit error.Two solutions proposed:
gsc build --entrypoint=<gramine-overriding-entrypoint-script>
.FROM redis; ENTRYPOINT ["./gramine-overriding-entrypoint.sh"]
.docker build --file intermediate-redis.dockerfile
).Updates on GitHub development
SO_BROADCAST
socket option #686ECONNRESET
to errors allowed fromocall_recv
#709MSG_DONTWAIT
flag in send syscall #723fadvise
system call: [LibOS] Addfadvise64
syscall implementation #699/etc/
files: RFC: Sanitization of/etc/
files #689Beta Was this translation helpful? Give feedback.
All reactions