Open anjalirai-intel opened 6 days ago
Why did you create an issue if we already have a PR which fixes that? (which you even mentioned?)
Why did you create an issue if we already have a PR which fixes that? (which you even mentioned?)
There were some customers who encountered this issue a couple of days ago and looked into the GitHub issues but could not find any details. Since the PR has not yet been merged, it was decided based on internal discussions, to raise it as an issue. This way, if anyone else faces this problem, they can find the details and try the proposed fix.
Description of the problem
The commit aef087f moved the handling of allowed and trusted files into the LibOS layer. This change introduced a bug related to the handling of the /etc/resolv.conf file when the sys.enable_extra_runtime_domain_names_conf option is set to true.
Details: When sys.enable_extra_runtime_domain_names_conf is set to true, Gramine generates /etc/resolv.conf from scratch, ignoring whether the file was marked as allowed or trusted. If the file is marked as allowed, it is found on the host but ignored and replaced with a generated version. If the file is marked as trusted and its hash does not match the one specified in the manifest, Gramine's lookup logic detects the mismatch and fails on startup.
For more details, refer https://github.com/gramineproject/gramine/pull/2012
Steps to reproduce
Build gsc workload with latest gramine, after adding
sys.enable_extra_runtime_domain_names_conf = true
into manifest fileExpected results
Workload should be running successfully
Actual results
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) Gramine is starting. Parsing TOML manifest file, this may take some time... [P1:T1:] error: Looking up mountpoint /etc/resolv.conf failed: Operation not permitted (EPERM) [P1:T1:] error: libos_init() failed in init_mount: Operation not permitted (EPERM)
Gramine commit hash
aef087f