-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for symlinks for regular files #1701
base: master
Are you sure you want to change the base?
Add support for symlinks for regular files #1701
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 0 of 30 files reviewed, 2 unresolved discussions, not enough approvals from maintainers (3 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @BobbyAtFortanix)
a discussion (no related file):
Quick cosmetic comments:
- Some files don't have your copyright (cases where you modified a lot) or have wrong-person copyright (the new LibOS test)
- There are no changes in our Documentation; surely we have some info in docs that conflicts with your symlinks implementation
- You didn't enable symlink-related LTP tests
- I think we have symlink-related LibOS regression and FS tests, but those parts are commented out (or something like this) -- they need to be re-enabled now
a discussion (no related file):
This symlink support is completely pass-through (except tmpfs files which are by design in-memory-only).
What is the threat model here? Can you provide a security analysis? Why did you choose this pass-through design?
How is this situation solved: #1176 ?
In this meta-issue, Pawel (ex-Gramine maintainer who wrote the whole FS subsystem) suggested the following:
Symlinks (will fix gramineproject/graphene#516): as in-memory files emulated by Graphene
Pawel's design suggestion contradicts yours: in-memory-only symlinks vs passthrough-symlinks. Why did you choose your design?
Fixed in the new commit
Some additional information added. I hope it is helpful.
Enabled symlink-related tests in
I could not figure out how to enable those nor how to run them.
Our use-case scenario always uses an application inside a docker container. The files accessed by the application are hashed during container signing and if the hash does not match at run-time, we bug check.
The manifest solution can be used only for read-only symlinks that are known before the application is signed/ran. The proposed solution affects the cases where the application itself is creating symlinks during runtime.
Because some apps want to create symlinks at run time. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could not figure out how to enable those nor how to run them.
Check item 6 here: https://gramine.readthedocs.io/en/stable/devel/onboarding.html#fixing-a-bug
Reviewable status: 0 of 64 files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @BobbyAtFortanix)
a discussion (no related file):
Thanks for this initial analysis!
I guess my main question lies here:
Because some apps want to create symlinks at run time.
What exactly do these apps want from symlinks? Can't these symlinks be created ephemerally, completely inside the enclave? If not, then why is it important to have these symlinks persistent across SGX enclaves (or separate runs of the same SGX enclave)?
For read-only chroot mounts, the filesystem hash includes the hashes of the symlinks, so symlinks are protected against modification or removal.
Hm, are you sure that's how our manifest-generating Python scripts work? IIRC, our Python scripts simply resolve symlinks, so the hashes are NOT the symlink contents (string with a destination path) but the symlinked-to file contents.
ab06f66
to
a441f6a
Compare
- added support for system calls: link, linkat, symlink & symlinkat - added set_link() operation to libos_d_ops - implemented set_link() for chroot/encrypted & tmpfs filesystems - implemented follow_link() for chroot/encrypted & tmpfs - added symlink support to the chroot/encrypted filesystem - added hardlink and symlink support to tmp filesystem - added regression unit tests for link and symlinks - updated the copyright in the modified source files - added symlink information to the documentation Signed-off-by: Bobby Marinov <[email protected]>
a441f6a
to
7a5c5e8
Compare
I think I addressed all of the concerns from the previous review(s). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @BobbyAtFortanix, since the PR is very big, the Gramine team will need to put a priority on it, discuss the design and then do a deep-dive into the implementation. Would you be able to join our Gramine weekly meetings at some point, so we can discuss how and when we can proceed with this PR?
Reviewable status: 0 of 64 files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @BobbyAtFortanix)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll join the Gramine's 2024/02/27 (tomorrow) 7am PST meeting.
Reviewable status: 0 of 64 files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hope this will help during the code review.
Pal
- added a flag to
PalStreamOpen()
specifying if the handle created is only going to be used for deleting the file. In that case there is no need to go and open the file (ocall
) before deleting it via handle-less path basedocall
. It also allows us to delete link files that fail open withELOOP
error.
LibOS
libos/test
- added the basic symbolic & hard link tests for
chroot
(disabled),chroot/encrypted
andtmpfs
libos/src/sys/libos_file.c
- this is where the symlink/hardlink are created for all file systems
libos/src/fs
- changes related to symlink & hardlink for
tmpfs
andchroot/encrypted
Other notes
- Running non-file related LTP tests with
tmpfs
instead ofchroot
is failing with error. e.g.setrlimit05
test. this can be verified by modifying the LTP manifest file and running the test.
Reviewable status: 0 of 64 files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 0 of 64 files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (2 more required, approved so far: ) (waiting on @dimakuv)
a discussion (no related file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
Thanks for this initial analysis!
I guess my main question lies here:
Because some apps want to create symlinks at run time.
What exactly do these apps want from symlinks? Can't these symlinks be created ephemerally, completely inside the enclave? If not, then why is it important to have these symlinks persistent across SGX enclaves (or separate runs of the same SGX enclave)?
For read-only chroot mounts, the filesystem hash includes the hashes of the symlinks, so symlinks are protected against modification or removal.
Hm, are you sure that's how our manifest-generating Python scripts work? IIRC, our Python scripts simply resolve symlinks, so the hashes are NOT the symlink contents (string with a destination path) but the symlinked-to file contents.
we don't know how the applications use symlinks. We have a batch file that runs the client application and collects all syscalls and pseudo-file opens and then creates a summary report. For security reasons the client send us that summary report.
In our Graphene(before it was renamed to Gramine) fork we have modified chroot to have read-only mounts. For those we generate a complete hash for everything under that mount so we can catch any attempt of modifying it without our knowledge. When a directory is enumerated we make sure that no files/dirs are added nor removed.
We also maintain a symlink directory entry instead of opening the symlink target.
AI and bank confidential applications use symlinks for regular files.
new changes can be tested by running the following:
Signed-off-by: Bobby Marinov [email protected]
This change is