New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AppArmor policy to deny network is not working #44984
Comments
Your provided reproduction seems to work for me just fine -- I notice that in the example you have both It's also worth noting that this will be very crude until #41442 or a successor is implemented, but I assume since what you want works on 20.10 that you're well-aware of the limitations. Still, more steps to reproduce are needed. |
It is reproducible on Container-Optimized OS from GCP. But I have updated the reproduction steps for Ubuntu and Debian. |
Have you tested the reproduction on Ubuntu? It still does not work for me. Also, who is providing the packaging for Container-Optimized OS? I assume it's backed into the base image? |
Yes, it is backed into the base image in Container-Optimized OS. For ubuntu images in GCP it is still reproducible. |
Issue seemed to be here: a826ca3 The logic |
This seems to be related to; I'm wondering though; if your intent is to have no networking at all, wouldn't docker run -it --rm --network=none alpine ping -c1 google.com
ping: bad address 'google.com' |
Actually, we have a test to validate the docker with apparmor functionality. The reproduction steps mentioned above is what the test does to validate its functionality. In the above it is still missing the running with security-opt enabled means in private mode but not with the user namespace enabled. So even with the security mode enabled, we are still running the docker containers similar to privileged mode. |
When the container is run in privileged mode, the sysctl values can be modified to allow all connections, but in case of apparmor security profile, all connections shouldn't be allowed but with the change #41030, the sysctl values are overrided and apparmor security profile is not respected with respect to ping. |
I see the same exact behavior between 20.10 and 23.0 (ping works). |
This issue is first seen in 20.10.13 |
That would be because this PR back ported the fix to 20.10; As far as I can see, this is the intended behaviour since #41030, but I don't see immediately how AppArmor would be related to this. Also duplicate(ish) / related: |
I did wanna mention here that the documentation for docker advertises this no-ping behavior which is probably why this issue exists: https://docs.docker.com/engine/security/apparmor/#nginx-example-profile I think if it's expected that ping should still work despite the profile, then the section here where ping is supposed to be blocked should probably be removed. |
Interesting data-point: the Google folks reverted #41030: https://cos.googlesource.com/cos/overlays/board-overlays/+/refs/tags/cos-cherry-pick-R93/project-lakitu/app-emulation/docker/files/docker-20.10.24-patch-reverting-default-sysctl-value-setting.patch I would love to hear what their reasoning is. |
Ah, good callout. I guess the docs there used |
Description
The AppArmor policy to deny network is not working in v23.0.0 for Ubuntu docker image. It was working in v20.10.* versions.
Reproduce
docker build -t ubuntu-ping .
docker run --rm -i --security-opt apparmor=no-network ubuntu-test:latest ping -c3 localhost
Results
Expected behavior
ping: socket: Permission denied
docker version
Client: Version: 23.0.0 API version: 1.42 Go version: go1.19.4 Git commit: e92dd87c3209361f29b692ab4b8f0f9248779297 Built: Sun Feb 12 10:45:24 2023 OS/Arch: linux/amd64 Context: default Server: Engine: Version: 23.0.0 API version: 1.42 (minimum version 1.12) Go version: go1.19.4 Git commit: d7573ab Built: Sun Feb 12 11:28:34 2023 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.15 GitCommit: 5b842e528e99d4d4c1686467debf2bd4b88ecd86 runc: Version: 1.1.4 GitCommit: a916309fff0f838eb94e928713dbc3c0d0ac7aa4 docker-init: Version: 0.19.0 GitCommit: fec3683b971d9c3ef73f284f176672c44b448662
docker info
Additional Info
No response
The text was updated successfully, but these errors were encountered: