fixup! [LibOS] Add loader.uid and loader.gid manifest options

This implementation allows Gramine to run an executable with another user than root. By default, Gramine uses the root user (uid = gid = 0), which may cause some apps to refuse to run. We also set effective UID/GID to the same value as UID/GID respectively. This can be defined as manifest option `loader.uid`/`loader.gid` in the manifest file. Signed-off-by: Denis Zygann <[email protected]>
gramineproject · Sep 18, 2021 · 14067ab · 14067ab
1 parent fa04ace
commit 14067ab
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/Documentation/manifest-syntax.rst b/Documentation/manifest-syntax.rst
@@ -185,9 +185,9 @@ User ID and Group ID
    loader.gid = [NUM]
    (Default: 0)
 
-This specifies the initial, Gramine emulated user/group ID and effective user/group ID.
-It must be non-negative. By default Gramine emulates the user/group ID and effective user/group ID
-to the root user (uid = gid = 0).
+This specifies the initial, Gramine emulated user/group ID and effective
+user/group ID. It must be non-negative. By default Gramine emulates the
+user/group ID and effective user/group ID to the root user (uid = gid = 0).
 
 
 Disabling ASLR

diff --git a/LibOS/shim/test/regression/uid_gid.manifest.template b/LibOS/shim/test/regression/uid_gid.manifest.template
@@ -13,4 +13,4 @@ fs.mount.lib.uri = "file:{{ graphene.runtimedir() }}"
 sgx.trusted_files = [
   "file:{{ graphene.runtimedir() }}/",
   "file:uid_gid"
-]
+]