mystikos
mystikos copied to clipboard
deislabs
Tools and runtime for launching unmodified container images in Trusted Execution Environments
In the [document](https://github.com/deislabs/mystikos/blob/main/doc/sign-package.md) it says: > HostEnvironmentVariables | A list of environment variables that can be imported from the insecure host Without an explicit entry in config.json that's measured, we...
If a program aborts or segfaults when run with mystikos, we don't get a chance to clean /tmp files.
According to Linux man page: > POSIX.1-2001 says: "The only portable use of mknod() is to create a FIFO-special file. If mode is not S_IFIFO or dev is not 0,...
currently pseudo fork is hooked within the crt. It would be good to move into the kernel if possible. There are a couple of complexities with this though * needs...
Bug in azure-sdk-for-cpp which prevents usage of the sdk to run keyvault api in alpine OS. Works fine in ubuntu as a potential workaround. More details tracked here: https://github.com/Azure/azure-sdk-for-cpp/issues/2460
We need documentation changes for #365
Recently PR #355 was merged to support glibc static mutex initializers (in the case where the program was compiled with glibc headers). An review of the pthread-related initializers reveals that...
Currently only solicitation of inotify events is supported but no such events are ever generated.
It would be helpful to have a test to verify that the verity module (Merkle tree checks on block devices) correctly rejects tampering attacks. The verity module: - load the...