7. May 2024

[dimakuv]

Agenda

(please write your proposed agenda items in comments under this discussion)

• Release items for v1.8 (our roadmap)
• Dmitrii: Examples repo tags: Add a note on release-for-release matching with core Gramine examples#101
• Dmitrii: support for Ubuntu 20.04: Ubuntu jammy and noble (22.04 LTS and 24.04 LTS) #1843
• Dmitrii: X-Containers paper, Section 4.4: https://www.csl.cornell.edu/~delimitrou/papers/2019.asplos.xcontainer.pdf
  • how to binary-patch the syscall instruction and practical results
• Dmitrii: sys.disallowed_syscalls = [ ... ] feature ([LibOS] Add sys.debug__mock_syscalls = [ ... ] manifest option #1859), do we want this
• Dmitrii: random notes on gVisor
  • in particular, the systrap platform: https://gvisor.dev/blog/2023/04/28/systrap-release/

Examples repo tags: gramineproject/examples#101

Woju: new users will use this Examples repo, and explaining to them about git-checkout will be counter-productive. As for removing the libos.entrypoint line from manifest files: technically this is not yet "done" in core Gramine, because it will be fully "done" when Gramine is released.

Benny: can we maybe package the Examples? Michal and Woju: no, this is not how people use examples.

Woju: the Examples repo should lag behind the releases of core Gramine.

Michal, Dmitrii, Kailun: nobody has a strong opinion, so keep the current state (policy) as is and don't merge #101.

Support for Ubuntu 20.04: #1843

Michal: Canonical (devs of Ubuntu) have a rule of 5-year support; Gramine has a rule of 2-last-releases support.

Scott: other SGX teams need to ask customers if Ubuntu 20.04 can be nixed. Dmitrii: if other SGX teams drop support, Gramine can definitely drop it too.

Woju's proposal: in our GitHub open source CI, we remove 20.04 tests, but Intel internal CI can continue with 20.04 tests. If Gramine breaks and validation team reports it, we'll fix this.

Mona: we can write an announcement on Gitter about dropping support for Ubuntu 20.04, see what happens.

• DONE: Woju published such an announcement in the Gitter Community chat.

Michal: we plan to drop 20.04 support for sure, the only question is when.

UPDATE 8. May 2024: in another Gramine meeting, several ideas were suggested:

• Intel internal CI will continue with 20.04 tests, so they can be removed at some point from public CI.
• v1.8 release notes must contain a warning that 20.04 support will be removed in next release, and then v1.9 removes support.

Release items for v1.8 (our roadmap)

[ We discussed only one item: EDMM lazy allocation PR ]

[ Dmitrii explained the current status, the two bugs, and the reaction of the SGX maintainer on the Linux mailing list: https://lkml.org/lkml/2024/4/29/447 ]

Mona: even when the fix lands in the Linux kernel, this could take a lot of time to trickle down to end users. Michal: if this is considered severe enough, then distro maintainers can backport this fix, so it will be quicker.

*Mona: we should pursue two approaches: (1) force these fixes into the Linux kernel and the OS distros, and (2) work around these bugs in Gramine for the time being.
Woju: How others circumvent unstable kernels: Gentoo had special flags (with goofy names) for unstable Linux/app features.

Dmitrii: we can hide this lazy allocation feature under a flag (disabled by default), with proper explanations.

Michal/Woju: we should wait what Jarkko Sakkinen and other maintainers say; we have a lot of time until v1.8.