container running inside gramin not able to read environment variable

[ss893]

I am passing some environment variable through deployment file.
I can see those variable inside the pod but unable to read it from environment.

EX:
[root@k8s-master ]# kubectl exec skcserver-daemonset-ng5dm -- printenv
PATH=/gramine/meson_build_output/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=skcserver-daemonset-ng5dm
SKC_SERVER_PORT=50053
DEFAULT_KEY_CACHE_TIMEOUT=3500
DEFAULT_SESSION_TIMEOUT=14300
DEFAULT_SLEEP_INTERVAL=7100

But i am not able to read these environment variable through my application when running inside gramin.
EX:
In load config of server os.Getenv: sessiontimeout is
In load config of server os.Getenv: sleep interval is
In load config of server os.Getenv: key cache timeout is
In load config of server os.Getenv: skc server port is

They are coming as empty.

In my manifest file i have even allowed:
sgx.allowed_files = [
"file:/etc/environment",
]

While building container image i am providing --insecure-args :
/gsc build --insecure-args skcserver skcserver/skcserver.manifest

[mkow]

Hey,

/etc/environment does not contain the environment of the process. What you probably wanted is /proc/<pid>/environ, but this file is just a view on the process' environment. The real environment is passed in execve() argument when starting the executable and then maintained by the app logic (usually in glibc).

So, what you want to do here is to ask Gramine to add more environment variables when starting emulation of your process. For this, see https://gramine.readthedocs.io/en/latest/manifest-syntax.html#environment-variables.

[ss893]

Thanks for the help

[dimakuv]

./gsc build --insecure-args skcserver skcserver/skcserver.manifest

Please note that insecure-args (https://gramine.readthedocs.io/projects/gsc/en/latest/#cmdoption-gsc-build-insecure-args) only deals with command-line arguments and not environment variables.

There is no way currently in GSC to have a special treatment "forward all environment variables from the host inside the Gramine SGX enclave". There is no such command-line switch to ./gsc build.

Instead, as @mkow mentions, you can add the required environment variables to the minimal manifest file that you provide as an input to ./gsc build. For example, if you want to forward HOSTNAME and you want to hard-code DEFAULT_SLEEP_INTERVAL in the Gramine SGX enclave, you add something like this:

loader.env.HOSTNAME = { passthrough = true }
loader.env.DEFAULT_SLEEP_INTERVAL = "7100"  # note the double-quotes, all envvar values are always in double-quotes!

[ss893]

Thanks for the help.