manifest.template

loader.preload = "file:{{ graphene.libos }}"
libos.entrypoint = "{{ entrypoint }}"
loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
loader.insecure__use_cmdline_argv = true

# for uid_gid test
loader.uid = 80085
loader.gid = 1337

# for eventfd test
sys.insecure__allow_eventfd = true

fs.mount.graphene_lib.type = "chroot"
fs.mount.graphene_lib.path = "/lib"
fs.mount.graphene_lib.uri = "file:{{ graphene.runtimedir() }}"

fs.mount.host_lib.type = "chroot"
fs.mount.host_lib.path = "{{ arch_libdir }}"
fs.mount.host_lib.uri = "file:{{ arch_libdir }}"

fs.mount.host_usr_lib.type = "chroot"
fs.mount.host_usr_lib.path = "/usr/{{ arch_libdir }}"
fs.mount.host_usr_lib.uri = "file:/usr/{{ arch_libdir }}"

fs.mount.bin.type = "chroot"
fs.mount.bin.path = "/bin"
fs.mount.bin.uri = "file:/bin"

fs.mount.tmpfs.type = "tmpfs"
fs.mount.tmpfs.path = "/mnt/tmpfs"
fs.mount.tmpfs.uri = "file:dummy-unused-by-tmpfs-uri"

sgx.thread_num = 16
sgx.nonpie_binary = true

sgx.allowed_files = [
  "file:tmp/",
  "file:root", # for getdents test
  "file:testfile", # for mmap_file test
]

sgx.trusted_files = [
  "file:{{ graphene.runtimedir() }}/",
  "file:{{ arch_libdir }}/libgcc_s.so.1",
  "file:/usr{{ arch_libdir }}/libstdc++.so.6",
  "file:{{ entrypoint }}",
  "file:exec_victim",
]

sgx.protected_files_key = "ffeeddccbbaa99887766554433221100"
sgx.protected_files = [
  "file:tmp/pf/",
]