-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mosquitto | Unsupported system call setresgid #44
Comments
You probably do run into this warning because But since bare-metal What actually happens, I think, is that your GSC Docker image is not exactly correct. You need to examine the original Docker image and the GSC-built Docker image.
|
Hi @dimakuv
Yes, I double-checked it :)
Do I have overlooked sth?
I will compare the one in the docker with the bare metal one. Try to figure out some strange differences.
This is the command:
and this is the manifest:
|
I don't see anything special... Can you try running Linux PAL instead of Linux-SGX PAL? There is a switch in GSC to do this: https://gramine.readthedocs.io/projects/gsc/en/latest/#execute-with-linux-pal-instead-of-linux-sgx-pal |
If I use this command
This doesn't change the behaviour of the docker. If I run the command without the
I get this error:
Something else I tried is to run
The next line after
I add the I found this issue in the
Unfortunately, the gsc sign process runs into the following error:
What does this error mean? |
This error is interesting, I have never seen it before. What happens is this:
Apparently, there are some weird file names (or maybe weird environment variable values?) in the unsigned Docker image prepared in step 1. You'll need to find out what exactly is located in the To enter this unsigned Docker image, you should do something like:
|
Hi @dimakuv I have checked the Can I take the |
Hm, maybe I'm mistaken, maybe it's just Then you should check for this error |
This doesn't work, because the |
Yes, please try this. |
I had an older version of
Line 6 contains the |
You should probably analyze the whole Line 6... I guess it has thousands of entries. Sorry, but I don't see any other way. I'm pretty sure some trusted file name is weird in this Line 6. |
Do you know if there is a blacklist or whitelist for characters that are allowed or disallowed? |
We use TOML basic strings for |
Hi @dimakuv This one looks suspicious to me:
What would be the way to escape the backslash or one of the other characters? ---- Edit ---- I did a cross-check and indeed the |
@dzygann Awesome analysis! You rock :) As you correctly mentioned, only entry 2 is a bad case (because it has the unescaped backslash I actually thought that GSC automatically escapes (by adding another backslash to each backslash, resulting in @dzygann Would you be able to modify GSC (that particular I think after this fix everything will work. |
@dimakuv didn't we move to TOML in GSC? Seems like the move is incomplete and we're still handcrafting the strings? |
Unfortunately, I get the following error if I add the second backslash to the filename:
In my case it was sufficient to exclude the Finally, it works like a charm! Thank you very much @dimakuv for your support! |
But here we are adding strings to the TOML array. The strings must already be proper TOML (basic) strings. So it's not like TOML magically does the escaping for us. Hmm, maybe there is a special "escape this string" function in the Python TOML package? We should check, instead of doing our own escaping. |
@dzygann How did you exclude it? By manually changing some code in GSC? Or by tweaking the manifest file somehow? |
I add an if condition to the
---- Edit ---- I just see you have an Line 34 in c4d5c2d
|
Wait, on the API level TOML should be able to serialize arbitrary Python dictionaries with standard types inside, and I think it already does this. But there we do something really weird, we generate TOML data by just appending to a string and then calling Line 111 in c4d5c2d
Lines 195 to 196 in c4d5c2d
|
Yes, we do it in a few places in GSC. I got your point now. You want to collect all TOML stuff in a Python dict and then do |
Hi,
I got the following error, if I try to run the gsc container:
This is my dockerfile:
What is confusing me about this issue is that it is working fine if I run it in
gramine-sgx
. I don't run into the missingsetresgid
warning. What's the difference between them?The example works if I don't use the
-c /etc/mosquitto/mosquitto.conf
argument. For some reason, this is causing the issue.mosquitto
takes a default configuration, if the argument is missing.I need the
mosquitto.conf
, because I want to add TLS tomosquitto
and here is the place where to put the paths for the certificates.Thanks in advance.
The text was updated successfully, but these errors were encountered: