mystikos
mystikos copied to clipboard
deislabs
Tools and runtime for launching unmodified container images in Trusted Execution Environments
https://github.com/deislabs/mystikos/pull/1352 Unit tests: - [ ] sockperf - [ ] clock - [ ] pollpipe2 - [ ] dotnet-lib-5 - [ ] dotnet-lib-6 - [ ] dotnet-proc-maps - [ ]...
The previous CodeQL fix broke the mount-docker-image tool, because ``docker_image`` it not necessarily a file path. It can also be an image name.
1. The target directory inside the enclave has to be explicitly created within appdir 2. The target directory cannot be on tmpfs or ramfs such as `/var/run`
This target runs a subset of checks (tests) to verify that Mystikos is basically running. It is a good check to run before submitting a PR.
When using the mystikos base image to build a container one library that needs to be installed is cryptsetup-bin: `RUN apt-get update && apt-get install -y cryptsetup-bin` The ask is...
The current Unix Domain Socket (UDS), a.k.a, AF_LOCAL, allows communication inside the enclave only. [Kubernest allows](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) a UDS created by a daemon to be mapped into a pod and communicate...
This commit is based on https://github.com/deislabs/mystikos/pull/1285 The first commit in this PR comes from above PR. This PR adds support for syscall memfd_create. man page: https://man7.org/linux/man-pages/man2/memfd_create.2.html
