From 568688c50cf88251dd641fcfa83d82166e2db87e Mon Sep 17 00:00:00 2001 From: Hang Yin Date: Thu, 25 Jun 2026 19:31:35 +0000 Subject: [PATCH] tsm-shim: create inblob/outblob 0666 so non-root apps can use them A non-root app (e.g. uid 1000) couldn't open the FIFOs: mkfifo used 0600, further cut by umask. chmod them after creation (configurable via TSM_REPORT_MODE, default 0666). Verified with an app as uid 1000 not in the root group. Co-Authored-By: Claude Opus 4.8 (1M context) --- tsm-shim/README.md | 2 ++ tsm-shim/tsm_shim.py | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/tsm-shim/README.md b/tsm-shim/README.md index 8f157f1..ba1510d 100644 --- a/tsm-shim/README.md +++ b/tsm-shim/README.md @@ -59,3 +59,5 @@ phala cvms logs -c app # expect PASS and a ~5 KB quote dstack doesn't expose). - One request at a time, one shim per app — a shared `inblob`/`outblob` can't tell concurrent callers apart. An empty `outblob` read means the quote failed. +- `inblob`/`outblob` are created mode `0666`, so a non-root app can use them. Set + `TSM_REPORT_MODE` (e.g. `0660`) on the `tsm-shim` service to restrict access. diff --git a/tsm-shim/tsm_shim.py b/tsm-shim/tsm_shim.py index f70a95a..b242765 100644 --- a/tsm-shim/tsm_shim.py +++ b/tsm-shim/tsm_shim.py @@ -28,6 +28,10 @@ # How long to wait for the app to open outblob for reading before giving up, so a # caller that writes inblob then dies can't wedge the daemon. OUTBLOB_DEADLINE = float(os.environ.get("TSM_OUTBLOB_DEADLINE", "30")) +# Mode for inblob/outblob. Default 0666 so a non-root app (any uid) in the same +# container can read/write them -- the shared volume is the access boundary, not +# the file bits. Set e.g. 0660 to restrict to the file's group. +REPORT_MODE = int(os.environ.get("TSM_REPORT_MODE", "0666"), 8) def log(msg): @@ -88,7 +92,8 @@ def open_write_deadline(path, deadline=30.0): def make_fifo(path): if os.path.lexists(path): os.remove(path) - os.mkfifo(path, 0o600) + os.mkfifo(path) + os.chmod(path, REPORT_MODE) # chmod, not the mkfifo arg: the latter is cut by umask def main():