Support for /proc/self/mountinfo

[bronzeMe]

Description of the feature

For some software, such as Elasticsearch, it relies on /proc/self/mountinfo to detect certain features of the file system. The detailed code is as follows:
https://github.com/elastic/elasticsearch/blob/9584d10078d156e62736ad58aea1985252b889d4/server/src/main/java/org/elasticsearch/env/ESFileStore.java#L43

How can Gramine support /proc/self/mountinfo? If code needs to be added to enable this feature for Gramine, what should be done?

Why Gramine should implement it?

Running Elasticsearch on Gramine.

[nmwael]

fyi @bronzeMe

using passthrough is working, if completely secure or making sense im not sure of:

[[fs.mounts]]
  path = "/proc/mounts"
  uri = "file:/proc/mounts" 

[[fs.mounts]]
  path = "/proc/sys/vm/max_map_count"
  uri = "file:/proc/sys/vm/max_map_count"   

[mkow]

This is unlikely to be secure or correct.

Security: The app will trust this info which will be fully host-controlled if you just passthrough it.
Correctness: This config provides information about the host filesystem, which is completely unrelated to the virtual filesystem inside Gramine.

[nmwael]

This is unlikely to be secure or correct.

Security: The app will trust this info which will be fully host-controlled if you just passthrough it. Correctness: This config provides information about the host filesystem, which is completely unrelated to the virtual filesystem inside Gramine.

Would it be better to then just mount a static checksummed file instead? That would make the elastic and java check succeed.

[mkow]

Yes, assuming you put meaningful data inside (corresponding to what's actually mounted inside Gramine).