occlum
occlum copied to clipboard
occlum
[RFC]Add a slient mode to prevent the log print of applications
- Feature Name: (fill me in with a unique ident,
my_awesome_feature) - Start Date: 2021-08-16
Summary
Occlum should add a silent mode. In this mode, occlum will not print the application logs into screen, and show the warning of the log print is blocked.
Motivation
The silent mode can prevent some spiteful or careless privacy disclosures by logs print. In federated learning,the training worker should not print the training privacy to screen.
Guide-level explanation
Occlum can add a parameter in occlum run command line. For example, occlum run worker --silent_mode=true.
Reference-level explanation
This is the technical portion of the RFC. Explain the design in sufficient detail that:
- Its interaction with other features is clear.
- It is reasonably clear how the feature would be implemented.
- Corner cases are dissected by example.
The section should return to the examples given in the previous section, and explain more fully how the detailed proposal makes those examples work.
Drawbacks
Application cannot print the warning or error log in silent mode. It is not comfortable for debugging. But Developer should know the drawbacks and do more tests in silent mode off.
Rationale and alternatives
- Why is this design the best in the space of possible designs?
- What other designs have been considered and what is the rationale for not choosing them?
- What is the impact of not doing this?
Prior art
Discuss prior art, both the good and the bad, in relation to this proposal.
Unresolved questions
- What parts of the design do you expect to resolve through the RFC process before this gets merged?
- What parts of the design do you expect to resolve through the implementation of this feature before stabilization?
- What related issues do you consider out of scope for this RFC that could be addressed in the future independently of the solution that comes out of this RFC?
Future possibilities
Think about what the natural extension and evolution of your proposal would be and how it would affect the Occlum as a whole in a holistic way. Try to use this section as a tool to more fully consider all possible interactions with the project in your proposal. Also consider how this all fits into the roadmap for the project and of the relevant sub-team.
This is also a good place to "dump ideas", if they are out of scope for the RFC you are writing but otherwise related.
If you have tried and cannot think of any future possibilities, you may simply state that you cannot think of anything.
Note that having something written down in the future-possibilities section is not a reason to accept the current or a future RFC; such notes should be in the section on motivation or rationale in this or subsequent RFCs. The section merely provides additional information.
@yuanwu2017 As a temp solution, the user could add a shell script to open the target application. At the meantime, in the script, the application out put could be redirected to a local file to avoid any output logs. Is there any case which is not handled by this way?
Adding an execution parameter "--silent_mode=true" does not solve the problem, because if the log does leak any secret, the hacker could remove the flag and execute the command again. So I propose to add the "silent" flag into the Occlum.json file. If this flag is true, then Occlum would not print anything out.
Adding an execution parameter "--silent_mode=true" does not solve the problem, because if the log does leak any secret, the hacker could remove the flag and execute the command again. So I propose to add the "silent" flag into the Occlum.json file. If this flag is true, then Occlum would not print anything out. Good Idea! It is more reasonable.