From 35fc8110de1b9fab95d4b1b0ac9a1318aebe6953 Mon Sep 17 00:00:00 2001 From: Jaehyun Han Date: Wed, 14 Mar 2018 15:33:12 -0400 Subject: [PATCH] Fix manifests for Bash (#184) * Fix Bash manifests on SGX * Add regression test to Bash --- Jenkinsfiles/Linux | 4 +++ Jenkinsfiles/Linux-Debug | 4 +++ Jenkinsfiles/Linux-SGX | 16 ++++++++--- LibOS/shim/test/apps/bash/.gitignore | 2 ++ LibOS/shim/test/apps/bash/Makefile | 13 ++++++++- .../test/apps/bash/bash.manifest.template | 6 ++++ .../shim/test/apps/bash/cat.manifest.template | 15 ++++++++++ .../shim/test/apps/bash/cp.manifest.template | 28 ++++++++----------- .../test/apps/bash/date.manifest.template | 14 ++++++++++ .../shim/test/apps/bash/ls.manifest.template | 25 +++++++---------- .../shim/test/apps/bash/rm.manifest.template | 19 +++---------- 11 files changed, 95 insertions(+), 51 deletions(-) create mode 100644 LibOS/shim/test/apps/bash/.gitignore create mode 100644 LibOS/shim/test/apps/bash/cat.manifest.template create mode 100644 LibOS/shim/test/apps/bash/date.manifest.template diff --git a/Jenkinsfiles/Linux b/Jenkinsfiles/Linux index 52487507ba..6052ac936f 100644 --- a/Jenkinsfiles/Linux +++ b/Jenkinsfiles/Linux @@ -29,6 +29,10 @@ pipeline { cd LibOS/shim/test/apps/python make regression ''' + sh ''' + cd LibOS/shim/test/apps/bash + make regression + ''' timeout(time: 5, unit: 'MINUTES') { sh ''' cd LibOS/shim/test/apps/gcc diff --git a/Jenkinsfiles/Linux-Debug b/Jenkinsfiles/Linux-Debug index 64257c00ea..5bb5e2e03d 100644 --- a/Jenkinsfiles/Linux-Debug +++ b/Jenkinsfiles/Linux-Debug @@ -29,6 +29,10 @@ pipeline { cd LibOS/shim/test/apps/python make regression ''' + sh ''' + cd LibOS/shim/test/apps/bash + make regression + ''' timeout(time: 5, unit: 'MINUTES') { sh ''' cd LibOS/shim/test/apps/gcc diff --git a/Jenkinsfiles/Linux-SGX b/Jenkinsfiles/Linux-SGX index 2dea97ad6b..ba88802606 100755 --- a/Jenkinsfiles/Linux-SGX +++ b/Jenkinsfiles/Linux-SGX @@ -53,12 +53,20 @@ pipeline { timeout(time: 5, unit: 'MINUTES') { sh ''' cd LibOS/shim/test/apps/python - make SGX=1 - make SGX_RUN=1 + make SGX=1 + make SGX_RUN=1 make SGX_RUN=1 regression ''' - } - timeout(time: 5, unit: 'MINUTES') { + } + timeout(time: 5, unit: 'MINUTES') { + sh ''' + cd LibOS/shim/test/apps/bash + make SGX=1 + make SGX_RUN=1 + make SGX_RUN=1 regression + ''' + } + timeout(time: 5, unit: 'MINUTES') { sh ''' cd LibOS/shim/test/apps/gcc make SGX=1 diff --git a/LibOS/shim/test/apps/bash/.gitignore b/LibOS/shim/test/apps/bash/.gitignore new file mode 100644 index 0000000000..dbbc5a2dbc --- /dev/null +++ b/LibOS/shim/test/apps/bash/.gitignore @@ -0,0 +1,2 @@ +OUTPUT +testdir/x diff --git a/LibOS/shim/test/apps/bash/Makefile b/LibOS/shim/test/apps/bash/Makefile index 5dc9f4c0ef..b91fffc210 100644 --- a/LibOS/shim/test/apps/bash/Makefile +++ b/LibOS/shim/test/apps/bash/Makefile @@ -1,6 +1,6 @@ BASH_DIR = bash-4.1 -manifests = $(addsuffix .manifest,bash ls cp rm) +manifests = $(addsuffix .manifest,bash ls cp rm cat date) exec_target = $(manifests) level = ../../ @@ -16,6 +16,17 @@ $(bash_src)/bash: $(BASH_DIR) bash-local: $(BASH_DIR)/bash cp $< bash-local +regression: + @echo "\n\nBuilding Bash Manifests" + @$(MAKE) >> /dev/null 2>&1 + + @echo "\n\nRun bash_test.sh:" + -./bash.manifest bash_test.sh 2 + -grep -q "hello 2" OUTPUT + @rm OUTPUT + + + distclean: clean-manifests rm -rf $(bash_src) rm -rf bash result $(test_targets) diff --git a/LibOS/shim/test/apps/bash/bash.manifest.template b/LibOS/shim/test/apps/bash/bash.manifest.template index 1778b9ec7e..eca7706c70 100644 --- a/LibOS/shim/test/apps/bash/bash.manifest.template +++ b/LibOS/shim/test/apps/bash/bash.manifest.template @@ -36,10 +36,16 @@ sgx.trusted_files.libtinfo = file:/lib/x86_64-linux-gnu/libtinfo.so.5 sgx.trusted_files.ls = file:/bin/ls sgx.trusted_files.cp = file:/bin/cp sgx.trusted_files.rm = file:/bin/rm +sgx.trusted_files.date = file:/bin/date +sgx.trusted_files.cat = file:/bin/cat sgx.trusted_children.ls = file:ls.sig sgx.trusted_children.cp = file:cp.sig sgx.trusted_children.rm = file:rm.sig +sgx.trusted_children.cat = file:cat.sig +sgx.trusted_children.date = file:date.sig sgx.allowed_files.test1 = file:bash_test.sh sgx.allowed_files.test2 = file:OUTPUT +sgx.allowed_files.test3 = file:somefile +sgx.allowed_files.testdir = file:testdir diff --git a/LibOS/shim/test/apps/bash/cat.manifest.template b/LibOS/shim/test/apps/bash/cat.manifest.template new file mode 100644 index 0000000000..719402e161 --- /dev/null +++ b/LibOS/shim/test/apps/bash/cat.manifest.template @@ -0,0 +1,15 @@ +loader.preload = file:$(SHIMPATH) +loader.exec = file:/bin/cat +loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu +loader.debug_type = none + +fs.mount.lib.type = chroot +fs.mount.lib.path = /lib +fs.mount.lib.uri = file:$(LIBCDIR) + +# sgx-related +sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 +sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 + +sgx.allowed_files.test3 = file:somefile +sgx.allowed_files.testdir = file:testdir diff --git a/LibOS/shim/test/apps/bash/cp.manifest.template b/LibOS/shim/test/apps/bash/cp.manifest.template index 3a2e21ed74..066e3352d4 100644 --- a/LibOS/shim/test/apps/bash/cp.manifest.template +++ b/LibOS/shim/test/apps/bash/cp.manifest.template @@ -1,5 +1,5 @@ loader.preload = file:$(SHIMPATH) -loader.exec = file:/bin/ls +loader.exec = file:/bin/cp loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu loader.debug_type = none @@ -11,19 +11,15 @@ fs.mount.hostlib.type = chroot fs.mount.hostlib.path = /lib/x86_64-linux-gnu fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu -fs.mount.bin.type = chroot -fs.mount.bin.path = /bin -fs.mount.bin.uri = file:/bin - -# allow to bind on port 8000 -net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535 -# allow to connect to port 8000 -net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000 - # sgx-related -sgx.trusted_files.ld.uri = file:$(LIBCDIR)/ld-linux-x86-64.so.2 -sgx.trusted_files.libc.uri = file:$(LIBCDIR)/libc.so.6 -sgx.trusted_files.libselinux.uri = file:/lib/x86_64-linux-gnu/libselinux.so.1 -sgx.trusted_files.libacl.uri = file:/lib/x86_64-linux-gnu/libacl.so.1 -sgx.trusted_files.libpcre.uri = file:/lib/x86_64-linux-gnu/libpcre.so.3 -sgx.trusted_files.libattr.uri = file:/lib/x86_64-linux-gnu/libattr.so.1 +sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 +sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 +sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 +sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 +sgx.trusted_files.libselinux = file:/lib/x86_64-linux-gnu/libselinux.so.1 +sgx.trusted_files.libacl = file:/lib/x86_64-linux-gnu/libacl.so.1 +sgx.trusted_files.libpcre = file:/lib/x86_64-linux-gnu/libpcre.so.3 +sgx.trusted_files.libattr = file:/lib/x86_64-linux-gnu/libattr.so.1 + +sgx.allowed_files.test3 = file:somefile +sgx.allowed_files.testdir = file:testdir diff --git a/LibOS/shim/test/apps/bash/date.manifest.template b/LibOS/shim/test/apps/bash/date.manifest.template new file mode 100644 index 0000000000..6f0420b1eb --- /dev/null +++ b/LibOS/shim/test/apps/bash/date.manifest.template @@ -0,0 +1,14 @@ +loader.preload = file:$(SHIMPATH) +loader.exec = file:/bin/date +loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu +loader.debug_type = none + +fs.mount.lib.type = chroot +fs.mount.lib.path = /lib +fs.mount.lib.uri = file:$(LIBCDIR) + +# sgx-related +sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 +sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 + +sgx.allowed_files.test2 = file:OUTPUT diff --git a/LibOS/shim/test/apps/bash/ls.manifest.template b/LibOS/shim/test/apps/bash/ls.manifest.template index 3a2e21ed74..c649e75feb 100644 --- a/LibOS/shim/test/apps/bash/ls.manifest.template +++ b/LibOS/shim/test/apps/bash/ls.manifest.template @@ -11,19 +11,14 @@ fs.mount.hostlib.type = chroot fs.mount.hostlib.path = /lib/x86_64-linux-gnu fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu -fs.mount.bin.type = chroot -fs.mount.bin.path = /bin -fs.mount.bin.uri = file:/bin - -# allow to bind on port 8000 -net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535 -# allow to connect to port 8000 -net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000 - # sgx-related -sgx.trusted_files.ld.uri = file:$(LIBCDIR)/ld-linux-x86-64.so.2 -sgx.trusted_files.libc.uri = file:$(LIBCDIR)/libc.so.6 -sgx.trusted_files.libselinux.uri = file:/lib/x86_64-linux-gnu/libselinux.so.1 -sgx.trusted_files.libacl.uri = file:/lib/x86_64-linux-gnu/libacl.so.1 -sgx.trusted_files.libpcre.uri = file:/lib/x86_64-linux-gnu/libpcre.so.3 -sgx.trusted_files.libattr.uri = file:/lib/x86_64-linux-gnu/libattr.so.1 +sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 +sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 +sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 +sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 +sgx.trusted_files.libselinux = file:/lib/x86_64-linux-gnu/libselinux.so.1 +sgx.trusted_files.libacl = file:/lib/x86_64-linux-gnu/libacl.so.1 +sgx.trusted_files.libpcre = file:/lib/x86_64-linux-gnu/libpcre.so.3 +sgx.trusted_files.libattr = file:/lib/x86_64-linux-gnu/libattr.so.1 + +sgx.allowed_files.test2 = file:OUTPUT diff --git a/LibOS/shim/test/apps/bash/rm.manifest.template b/LibOS/shim/test/apps/bash/rm.manifest.template index de813432dc..5263101689 100644 --- a/LibOS/shim/test/apps/bash/rm.manifest.template +++ b/LibOS/shim/test/apps/bash/rm.manifest.template @@ -7,19 +7,8 @@ fs.mount.lib.type = chroot fs.mount.lib.path = /lib fs.mount.lib.uri = file:$(LIBCDIR) -fs.mount.hostlib.type = chroot -fs.mount.hostlib.path = /lib/x86_64-linux-gnu -fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu - -fs.mount.bin.type = chroot -fs.mount.bin.path = /bin -fs.mount.bin.uri = file:/bin - -# allow to bind on port 8000 -net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535 -# allow to connect to port 8000 -net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000 - # sgx-related -sgx.trusted_files.ld.uri = file:$(LIBCDIR)/ld-linux-x86-64.so.2 -sgx.trusted_files.libc.uri = file:$(LIBCDIR)/libc.so.6 +sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 +sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 + +sgx.allowed_files.testdir = file:testdir