This repository has been archived by the owner on Jan 20, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 261
/
python.manifest.template
executable file
·81 lines (63 loc) · 2.65 KB
/
python.manifest.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
libos.entrypoint = "{{ entrypoint }}"
loader.preload = "file:{{ graphene.libos }}"
# Graphene log level
loader.log_level = "{{ log_level }}"
# Read application arguments directly from the command line. Don't use this on production!
loader.insecure__use_cmdline_argv = true
# Propagate environment variables from the host. Don't use this on production!
loader.insecure__use_host_env = true
# Disable address space layout randomization. Don't use this on production!
loader.insecure__disable_aslr = true
# Update Library Path - overwrites environment variable
loader.env.LD_LIBRARY_PATH = "{{ python.stdlib }}/lib:/lib:{{ arch_libdir }}:/usr/lib:/usr/{{ arch_libdir }}"
# Additional memory for Graphene's internal use
loader.pal_internal_mem_size = "512M"
# Default glibc files, mounted from graphene's Runtime directory
fs.mount.lib.type = "chroot"
fs.mount.lib.path = "/lib"
fs.mount.lib.uri = "file:{{ graphene.runtimedir() }}"
# More libraries required by Tensorflow
fs.mount.lib2.type = "chroot"
fs.mount.lib2.path = "{{ arch_libdir }}"
fs.mount.lib2.uri = "file:{{ arch_libdir }}"
fs.mount.usr.type = "chroot"
fs.mount.usr.path = "/usr"
fs.mount.usr.uri = "file:/usr"
fs.mount.bin.type = "chroot"
fs.mount.bin.path = "/bin"
fs.mount.bin.uri = "file:/bin"
fs.mount.pyhome.type = "chroot"
fs.mount.pyhome.path = "{{ python.stdlib }}"
fs.mount.pyhome.uri = "file:{{ python.stdlib }}"
fs.mount.pydisthome.type = "chroot"
fs.mount.pydisthome.path = "{{ python.distlib }}"
fs.mount.pydisthome.uri = "file:{{ python.distlib }}"
fs.mount.pydistpath.type = "chroot"
fs.mount.pydistpath.path = "{{ pythondistpath }}"
fs.mount.pydistpath.uri = "file:{{ pythondistpath }}"
fs.mount.tmp.type = "chroot"
fs.mount.tmp.path = "/tmp"
fs.mount.tmp.uri = "file:/tmp"
fs.mount.etc.type = "chroot"
fs.mount.etc.path = "/etc"
fs.mount.etc.uri = "file:/etc"
# SGX general options
sgx.enclave_size = "32G"
sgx.thread_num = 300
sgx.preheat_enclave = true
sgx.nonpie_binary = true
# SGX trusted files
sgx.trusted_files.runtime = "file:{{ graphene.runtimedir() }}/"
sgx.trusted_files.arch_libdir = "file:{{ arch_libdir }}/"
sgx.trusted_files.usr_arch_libdir = "file:/usr/{{ arch_libdir }}/"
sgx.trusted_files.model = "file:resnet50v1_5_int8_pretrained_model.pb"
sgx.trusted_files.python = "file:{{ entrypoint }}"
sgx.trusted_files.pyhome = "file:{{ python.stdlib }}"
sgx.trusted_files.pydisthome = "file:{{ python.distlib }}"
sgx.trusted_files.pydistpath = "file:{{ pythondistpath }}"
# SGX allowed files
sgx.allowed_files.tmp = "file:/tmp/"
sgx.allowed_files.etc = "file:/etc/"
sgx.allowed_files.proc = "file:/proc/"
sgx.allowed_files.scripts = "file:models/"
sgx.allowed_files.keras = "file:root/.keras/keras.json"