diff --git a/Documentation/index.rst b/Documentation/index.rst index dcd20d3e..77b16a59 100644 --- a/Documentation/index.rst +++ b/Documentation/index.rst @@ -396,26 +396,28 @@ executable arguments may be supplied to the :command:`docker run` command. :command:`gsc build`. -Execute with Linux PAL (:program:`gramine-direct`) --------------------------------------------------- +Execute with :program:`gramine-direct` +-------------------------------------- -You may select the Linux PAL (:program:`gramine-direct`) at Docker run time -instead of the Linux-SGX PAL (:program:`gramine-sgx`) by specifying the -environment variable :envvar:`GSC_PAL` as an option to the -:command:`docker run` command. When using the Linux PAL, it is not necessary -to sign the image via a :command:`gsc sign-image` command. +By default, the Docker container starts :program:`gramine-sgx`. -.. envvar:: GSC_PAL +You may choose to start :program:`gramine-direct` in the Docker container by +specifying the environment variable :envvar:`GRAMINE_BINARY` as a command-line +option to :command:`docker run`. - This environment variable specifies the pal loader. +.. envvar:: GRAMINE_BINARY -GSC requires a custom seccomp profile while running with Linux PAL, which has to be -specified at Docker run time. There are two options: + This environment variable specifies the Gramine binary to run. Currently + supported values are ``gramine-direct`` and ``gramine-sgx``. Default is + ``gramine-sgx``. + +GSC requires a custom seccomp profile for :program:`gramine-direct`. There are +two options: #. Pass `unconfined` to run the container without the default seccomp profile. This option is generally considered insecure, since this results in containers running with unrestricted system calls (all system calls are allowed which - increases the attack surface of the Linux Kernel). + increases the attack surface of the Linux kernel). #. Pass the custom seccomp profile https://github.com/gramineproject/gramine/blob/master/scripts/docker_seccomp.json. @@ -426,7 +428,13 @@ specified at Docker run time. There are two options: .. code-block:: sh - docker run ... --env GSC_PAL=Linux --security-opt seccomp= gsc- ... + docker run ... --env GRAMINE_BINARY=gramine-direct \ + --security-opt seccomp= \ + gsc- ... + +.. note:: + Previously, to run :program:`gramine-direct`, one specified ``--env + GSC_PAL=Linux``. This is deprecated in GSC v1.8 and will be removed in v1.9. Example ======= diff --git a/templates/apploader.common.template b/templates/apploader.common.template index 52f4bbec..9d35dc44 100644 --- a/templates/apploader.common.template +++ b/templates/apploader.common.template @@ -8,13 +8,7 @@ set -e # Export distro-specific paths (typically `PYTHONPATH` and `PKG_CONFIG_PATH`) {% block path %}{% endblock %} -# Default to Linux-SGX if no PAL was specified -if [ -z "$GSC_PAL" ] || [ "$GSC_PAL" == "Linux-SGX" ] -then - exec gramine-sgx /gramine/app_files/entrypoint \ - {% if insecure_args %}{{ binary_arguments | map('shlex_quote') | join(' ') }} \ - "${@}"{% endif %} -else - exec gramine-direct /gramine/app_files/entrypoint \ - {{ binary_arguments | map('shlex_quote') | join(' ') }} "${@}" -fi +# Note: default to SGX if Gramine binary wasn't specified +exec ${GRAMINE_BINARY:-gramine-sgx} /gramine/app_files/entrypoint \ + {% if insecure_args %}{{ binary_arguments | map('shlex_quote') | join(' ') }} \ + "${@}"{% endif %}