Browse Source

Fix manifests for Bash (#184)

* Fix Bash manifests on SGX

* Add regression test to Bash
Jaehyun Han 4 years ago
parent
commit
35fc8110de

+ 4 - 0
Jenkinsfiles/Linux

@@ -29,6 +29,10 @@ pipeline {
                             cd LibOS/shim/test/apps/python
                             make regression
                             '''
+                        sh '''
+                            cd LibOS/shim/test/apps/bash
+                            make regression
+                            '''
 			timeout(time: 5, unit: 'MINUTES') {		    
                             sh '''
                                 cd LibOS/shim/test/apps/gcc

+ 4 - 0
Jenkinsfiles/Linux-Debug

@@ -29,6 +29,10 @@ pipeline {
                             cd LibOS/shim/test/apps/python
                             make regression
                             '''
+                        sh '''
+                            cd LibOS/shim/test/apps/bash
+                            make regression
+                            '''
 			timeout(time: 5, unit: 'MINUTES') {		    
                             sh '''
                                 cd LibOS/shim/test/apps/gcc

+ 12 - 4
Jenkinsfiles/Linux-SGX

@@ -53,12 +53,20 @@ pipeline {
 			timeout(time: 5, unit: 'MINUTES') {		    						
                             sh '''
                                 cd LibOS/shim/test/apps/python
-			        make SGX=1
-			        make SGX_RUN=1			    
+			                          make SGX=1
+			                          make SGX_RUN=1			    
                                 make SGX_RUN=1 regression
                             '''
-			}
-			timeout(time: 5, unit: 'MINUTES') {		    
+      }
+      timeout(time: 5, unit: 'MINUTES') {
+                            sh '''
+                                cd LibOS/shim/test/apps/bash
+                                make SGX=1
+                                make SGX_RUN=1
+                                make SGX_RUN=1 regression
+                           '''
+      }
+			timeout(time: 5, unit: 'MINUTES') {
                             sh '''
                                 cd LibOS/shim/test/apps/gcc
 			    	make SGX=1

+ 2 - 0
LibOS/shim/test/apps/bash/.gitignore

@@ -0,0 +1,2 @@
+OUTPUT
+testdir/x

+ 12 - 1
LibOS/shim/test/apps/bash/Makefile

@@ -1,6 +1,6 @@
 BASH_DIR = bash-4.1
 
-manifests = $(addsuffix .manifest,bash ls cp rm)
+manifests = $(addsuffix .manifest,bash ls cp rm cat date)
 exec_target = $(manifests)
 
 level = ../../
@@ -16,6 +16,17 @@ $(bash_src)/bash: $(BASH_DIR)
 bash-local: $(BASH_DIR)/bash
 	cp $< bash-local
 
+regression:
+	@echo "\n\nBuilding Bash Manifests"
+	@$(MAKE) >> /dev/null 2>&1
+
+	@echo "\n\nRun bash_test.sh:"
+	-./bash.manifest bash_test.sh 2
+	-grep -q "hello 2" OUTPUT
+	@rm OUTPUT
+
+
+
 distclean: clean-manifests
 	rm -rf $(bash_src)
 	rm -rf bash result $(test_targets)

+ 6 - 0
LibOS/shim/test/apps/bash/bash.manifest.template

@@ -36,10 +36,16 @@ sgx.trusted_files.libtinfo = file:/lib/x86_64-linux-gnu/libtinfo.so.5
 sgx.trusted_files.ls = file:/bin/ls
 sgx.trusted_files.cp = file:/bin/cp
 sgx.trusted_files.rm = file:/bin/rm
+sgx.trusted_files.date = file:/bin/date
+sgx.trusted_files.cat = file:/bin/cat
 
 sgx.trusted_children.ls = file:ls.sig
 sgx.trusted_children.cp = file:cp.sig
 sgx.trusted_children.rm = file:rm.sig
+sgx.trusted_children.cat = file:cat.sig
+sgx.trusted_children.date = file:date.sig
 
 sgx.allowed_files.test1 = file:bash_test.sh
 sgx.allowed_files.test2 = file:OUTPUT
+sgx.allowed_files.test3 = file:somefile
+sgx.allowed_files.testdir = file:testdir

+ 15 - 0
LibOS/shim/test/apps/bash/cat.manifest.template

@@ -0,0 +1,15 @@
+loader.preload = file:$(SHIMPATH)
+loader.exec = file:/bin/cat
+loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu
+loader.debug_type = none
+
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
+
+# sgx-related
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+
+sgx.allowed_files.test3 = file:somefile
+sgx.allowed_files.testdir = file:testdir

+ 12 - 16
LibOS/shim/test/apps/bash/cp.manifest.template

@@ -1,5 +1,5 @@
 loader.preload = file:$(SHIMPATH)
-loader.exec = file:/bin/ls
+loader.exec = file:/bin/cp
 loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu
 loader.debug_type = none
 
@@ -11,19 +11,15 @@ fs.mount.hostlib.type = chroot
 fs.mount.hostlib.path = /lib/x86_64-linux-gnu
 fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu
 
-fs.mount.bin.type = chroot
-fs.mount.bin.path = /bin
-fs.mount.bin.uri = file:/bin
-
-# allow to bind on port 8000
-net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535
-# allow to connect to port 8000
-net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000
-
 # sgx-related
-sgx.trusted_files.ld.uri = file:$(LIBCDIR)/ld-linux-x86-64.so.2
-sgx.trusted_files.libc.uri = file:$(LIBCDIR)/libc.so.6
-sgx.trusted_files.libselinux.uri = file:/lib/x86_64-linux-gnu/libselinux.so.1
-sgx.trusted_files.libacl.uri = file:/lib/x86_64-linux-gnu/libacl.so.1
-sgx.trusted_files.libpcre.uri = file:/lib/x86_64-linux-gnu/libpcre.so.3
-sgx.trusted_files.libattr.uri = file:/lib/x86_64-linux-gnu/libattr.so.1
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.libselinux = file:/lib/x86_64-linux-gnu/libselinux.so.1
+sgx.trusted_files.libacl = file:/lib/x86_64-linux-gnu/libacl.so.1
+sgx.trusted_files.libpcre = file:/lib/x86_64-linux-gnu/libpcre.so.3
+sgx.trusted_files.libattr = file:/lib/x86_64-linux-gnu/libattr.so.1
+
+sgx.allowed_files.test3 = file:somefile
+sgx.allowed_files.testdir = file:testdir

+ 14 - 0
LibOS/shim/test/apps/bash/date.manifest.template

@@ -0,0 +1,14 @@
+loader.preload = file:$(SHIMPATH)
+loader.exec = file:/bin/date
+loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu
+loader.debug_type = none
+
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
+
+# sgx-related
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+
+sgx.allowed_files.test2 = file:OUTPUT

+ 10 - 15
LibOS/shim/test/apps/bash/ls.manifest.template

@@ -11,19 +11,14 @@ fs.mount.hostlib.type = chroot
 fs.mount.hostlib.path = /lib/x86_64-linux-gnu
 fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu
 
-fs.mount.bin.type = chroot
-fs.mount.bin.path = /bin
-fs.mount.bin.uri = file:/bin
-
-# allow to bind on port 8000
-net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535
-# allow to connect to port 8000
-net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000
-
 # sgx-related
-sgx.trusted_files.ld.uri = file:$(LIBCDIR)/ld-linux-x86-64.so.2
-sgx.trusted_files.libc.uri = file:$(LIBCDIR)/libc.so.6
-sgx.trusted_files.libselinux.uri = file:/lib/x86_64-linux-gnu/libselinux.so.1
-sgx.trusted_files.libacl.uri = file:/lib/x86_64-linux-gnu/libacl.so.1
-sgx.trusted_files.libpcre.uri = file:/lib/x86_64-linux-gnu/libpcre.so.3
-sgx.trusted_files.libattr.uri = file:/lib/x86_64-linux-gnu/libattr.so.1
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.libselinux = file:/lib/x86_64-linux-gnu/libselinux.so.1
+sgx.trusted_files.libacl = file:/lib/x86_64-linux-gnu/libacl.so.1
+sgx.trusted_files.libpcre = file:/lib/x86_64-linux-gnu/libpcre.so.3
+sgx.trusted_files.libattr = file:/lib/x86_64-linux-gnu/libattr.so.1
+
+sgx.allowed_files.test2 = file:OUTPUT

+ 4 - 15
LibOS/shim/test/apps/bash/rm.manifest.template

@@ -7,19 +7,8 @@ fs.mount.lib.type = chroot
 fs.mount.lib.path = /lib
 fs.mount.lib.uri = file:$(LIBCDIR)
 
-fs.mount.hostlib.type = chroot
-fs.mount.hostlib.path = /lib/x86_64-linux-gnu
-fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu
-
-fs.mount.bin.type = chroot
-fs.mount.bin.path = /bin
-fs.mount.bin.uri = file:/bin
-
-# allow to bind on port 8000
-net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535
-# allow to connect to port 8000
-net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000
-
 # sgx-related
-sgx.trusted_files.ld.uri = file:$(LIBCDIR)/ld-linux-x86-64.so.2
-sgx.trusted_files.libc.uri = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+
+sgx.allowed_files.testdir = file:testdir