fixup! [LibOS] Add loader.uid and loader.gid manifest options

gramineproject · Sep 16, 2021 · fa04ace · fa04ace
1 parent decfc2f
commit fa04ace
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/Documentation/manifest-syntax.rst b/Documentation/manifest-syntax.rst
@@ -186,7 +186,8 @@ User ID and Group ID
    (Default: 0)
 
 This specifies the initial, Gramine emulated user/group ID and effective user/group ID.
-It must be non-negative. By default it runs as root user (uid = gid = 0).
+It must be non-negative. By default Gramine emulates the user/group ID and effective user/group ID
+to the root user (uid = gid = 0).
 
 
 Disabling ASLR

diff --git a/LibOS/shim/src/bookkeep/shim_thread.c b/LibOS/shim/src/bookkeep/shim_thread.c
@@ -166,14 +166,14 @@ static int init_main_thread(void) {
         return -EINVAL;
     }
 
-    if (uid_int64 < 0 || uid_int64 > IDTYPE_MAX ) {
-        log_error("`loader.uid` = %li is either < 0 or > %u", uid_int64, IDTYPE_MAX);
+    if (uid_int64 < 0 || uid_int64 > IDTYPE_MAX) {
+        log_error("'loader.uid' = %ld is negative or greater than %u", uid_int64, IDTYPE_MAX);
         put_thread(cur_thread);
         return -EINVAL;
     }
 
     if (gid_int64 < 0 || gid_int64 > IDTYPE_MAX) {
-        log_error("`loader.gid` = %li is either < 0 or > %u", gid_int64, IDTYPE_MAX);
+        log_error("'loader.gid' = %ld is negative or greater than %u", gid_int64, IDTYPE_MAX);
         put_thread(cur_thread);
         return -EINVAL;
     }

diff --git a/LibOS/shim/test/regression/uid_gid.manifest.template b/LibOS/shim/test/regression/uid_gid.manifest.template
@@ -1,7 +1,7 @@
 loader.preload = "file:{{ graphene.libos }}"
-libos.entrypoint = "{{ entrypoint }}"
+libos.entrypoint = "uid_gid"
 loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
-loader.argv0_override = "bootstrap"
+loader.argv0_override = "uid_gid"
 
 loader.uid = 1338
 loader.gid = 1337
@@ -10,3 +10,7 @@ fs.mount.lib.type = "chroot"
 fs.mount.lib.path = "/lib"
 fs.mount.lib.uri = "file:{{ graphene.runtimedir() }}"
 
+sgx.trusted_files = [
+  "file:{{ graphene.runtimedir() }}/",
+  "file:uid_gid"
+]