gsc icon indicating copy to clipboard operation
gsc copied to clipboard
verified publisher icon gramineproject

Error opening executable -13

Open dzygann opened this issue 4 years ago • 5 comments

Hi

I got the following error, if I try to run the gsc container:

-----------------------------------------------------------------------------------------------------------------------
Gramine detected the following insecure configurations:

  - loader.insecure__use_cmdline_argv = true   (forwarding command-line args from untrusted host to the app)

Gramine will continue application execution, but this configuration must not be used in production!
-----------------------------------------------------------------------------------------------------------------------

[P1:T1:] error: Error opening executable /hashgraph: -13
[P1:T1:] error: Error during shim_init() in init_important_handles (-13)

This is my dockerfile:

From ubuntu:20.04

RUN apt-get update \
    && apt-get install -y libssl-dev \
        openssl


COPY ./hashgraph /hashgraph

WORKDIR /hashgraph

ENTRYPOINT ["./hashgraph"]

The user permission of the executable:

-rwxrwxr-x  1 developer developer 8364240 Nov 25 17:19 hashgraph*

What I'm doing wrong?

dzygann avatar Nov 30 '21 10:11 dzygann

What is this hashgraph app? GSC actually expects applications to be installed inside the Docker image, not just copy-pasted.

In particular, in GSC this line fails: https://github.com/gramineproject/gsc/blob/21b30f28e96d8ff83e1d7365ff84fea368d35bd3/templates/Dockerfile.ubuntu.build.template#L55

As you can imagine, performing a which hashgraph command returns "nothing". I don't think this is a bug in GSC -- Docker images typically don't have ./<app> (non-installed executables) entrypoints.

In other words, please find a way to install this hashgraph application. In the worst case, if it is a stand-alone simple program, you can just do something like this:

RUN cp ./hashgraph /usr/local/bin

This is like a tiny install script in Ubuntu.

dimakuv avatar Nov 30 '21 12:11 dimakuv

Hi @dimakuv

Hashgraph is considered a strong and more efficient alternative to current block-chain technology. Here's a link to the repository: Hashgraph

I tried to copy the hashgraph executable, but the application still fails.

Error Message:

[P1:T1:] error: Error opening executable /hashgraph: -13
[P1:T1:] error: Error during shim_init() in init_important_handles (-13)

Updated Dockerfile:

From ubuntu:20.04

RUN apt-get update -y && apt-get install -y \
        openssl

RUN mkdir hashgraph

COPY hashgraph /hashgraph

WORKDIR /hashgraph

RUN cp hashgraph /usr/local/bin/

ENTRYPOINT ["hashgraph"]

CMD ["node0/settings.yaml"]

Check gsc-container, if the which command points to the right location

developer@OptiPlex-3070:~/workspaces/enclaive/gsc$   docker run -it --entrypoint /bin/bash gsc-ubuntu20.04-hashgraph 
root@115f93002e6e:/hashgraph# ll
total 10528
drwxr-xr-x 1 root root    4096 Dec  1 22:47 ./
drwxr-xr-x 1 root root    4096 Dec  1 22:53 ../
-rwxrwxr-x 1 root root 8364240 Nov 25 16:19 hashgraph*
// + other files
root@115f93002e6e:/hashgraph# cd /usr/local/bin/
root@115f93002e6e:/usr/local/bin# ll | grep hash
-rwxr-xr-x 1 root root 8364240 Dec  1 22:47 hashgraph*
root@115f93002e6e:/usr/local/bin# which hashgraph
/usr/local/bin/hashgraph
root@115f93002e6e:/usr/local/bin#

gsc-manifest

sgx.enclave_size = "16G"
sgx.thread_num = 32
sys.stack.size = "2M"

loader.pal_internal_mem_size = "128M"

It seems something is still wrong with my setup.

dzygann avatar Dec 01 '21 23:12 dzygann

Ah, that's because you have hashgraph/ (as a directory) under the root dir, and GSC tries to create a link to the executable (hashgraph -> /usr/local/bin/hashgraph) under the root dir. So GSC fails to create a link, because a file-system object (directory) with this name already exists.

Try to rename the hashgraph/ directory (inside the Docker image) to something else, like hashgraph-dir/.

In general, I would ask the Hashgraph devs to provide a proper installation procedure for this application. Otherwise you'll basically re-implement the installation script for them. (As I already mentioned, GSC really expects a proper installation of the app inside the Docker image.)

dimakuv avatar Dec 02 '21 07:12 dimakuv

Hi @dimakuv

Try to rename the hashgraph/ directory (inside the Docker image) to something else, like hashgraph-dir/.

this did the trick! Now it runs into the next issue :D I will open a new ticket for that one.

Thank you very much!

dzygann avatar Dec 02 '21 17:12 dzygann

@aneessahib @veenasai2 Do you think we need to do something in GSC codebase about such scenarios?

dimakuv avatar Dec 02 '21 17:12 dimakuv