New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert "seccomp: block socket calls to AF_VSOCK in default profile" (commit 57b2290) #45317
Comments
Noting PR for easy reference: |
@thaJeztah can you comment here? |
Allowing
For sure; that may not always be under control of the user though; cloud providers may set up these sockets, and containers now being able to access them. All of that combined, the decision was to make this something to explicitly grant a container access to, and not as a default. That said, I didn't see a strong rejection on having an option that makes this easier to set up (without having to write a fully custom seccomp profile), partial discussion happened in #44670; I see that one was closed, but perhaps we need a ticket to discuss if improvements can be made for that. |
Unless I missed a change in Linux, So what's exactly is the security issue? and if this is a security issue then why giving it more permission by running it in a privileged pod?
That's exactly my point, if the host allows using these sockets, then why the guest is prohibited from using it?
I understand. Is this issue is equivalent to a ticket? ;-) |
The primary issue is that Now, this is not a Linux example as I am less aware of what Linux users of The motivation for the change in containerd was the same -- KubeVirt is doing something similar, and realized that allowing arbitrary Pods maximum privilege in their managed VMs was the status quo without filtering Similarly, we took the change in moby/moby as we had also filtered I don't think a blanket revert is a good idea, for several reasons:
Any breaking change (even fixing a bug) always breaks somebody, and the maintainers are always doing the best they can to try and balance many concerns. I think the right balance was struck here with the immediate change, but at the same time, there are likely additional users of containers who would like to use What we discussed in principle, and what seems like the best route forward here, is adding some option to allow Instead, it seems like some more granular mechanism for adding/removing 'entitlements' to a container is the way forward (see #32801); however, I don't think we've ruled out something more short-term either (e.g. maybe a daemon-level flag). |
For me it is more surprising to give full privilege when only a transport mean is required. The
So you give one example of a use-case where a container with access to
And it was also not filtered in the past and the try to filter it was reverted.
I don't agree it is a "high level of privilege". It is like saying a TCP socket (access is permitted to unprivileged) is high level of privilege because it allow connections to resources not containerize within the host.
What security posture? Can you give a solid example on how to exploit it?
Should I start a similar thread in the containerd/containerd project as well then?
That didn't seem to bother you when the access to
I'm open to hear about any solution that will save me a long talks with our deployment engineers :-).
|
Hi, I think I am running into this problem after updating Docker Desktop on Windows to v4.19 when trying to connect to a bind-mounted tcp unix socket inside a container that runs as unprivileged (non-root user) process. Connecting to the socket as root user inside the container still works but it apparently broke due to the update because it worked also with the unprivileged user before the update. How can I work around the problem for the time being? I tried |
If disabling seccomp doesn't fix your issue, then it should be unrelated, and may be a general permissions issue or related to how Docker Desktop shared files between the host and the VM; does the socket inside the container have permissions for the non-root user to access it? If you have steps to reproduce, it might be better to report an issue in the Docker Desktop issue tracker (https://github.com/docker/for-win/issues) |
Thanks! reported to docker/for-win#13447 |
This is not the same thing as vsock. The default container does not allow containers to bind to ports on host interfaces. We could do something like if |
I'd like to see a fix as well. we use containers for build and test and one piece of our software requires AF_VSOCK for it's sole communication and as such we need to be able to access AF_VSOCK to test the application. That build broke a while ago, and I have not had time to dig into it until now. I do understand why the change has been brought about, but a such a change of behaviour should be more visible. I don't think that it should be reverted, but a way to enable access to AF_VSOCK should be provided (and should have been provided when it was blocked). For now I can side step the issue by running that specific build using the unconfined seccomp profile but I'd rather have a proper solution. The issue here seemlingly have been dormant since May 1, is there any progress on it? |
You can do that by setting |
Closing this in favor of #44670. |
Description
In our project we would like to use vsock for guest-host communication. However due to commit 57b2290, it requires either a custom seccomp profile or a privileged container. I've read the reasons for this change in the commit's message but I failed to understand its logic.
The claim is that they want to use vsock as well and because they don't how to limit connection attempts, their solution is to block everyone from using this feature and use a "security" as en excuse. How giving a full privileges to a pod that requires only an inter-process communication with its host is more secured?
The existence of the vsock is controlled by the virtual machine. If a host doesn't want to allow a guest-to-host communication it simply doesn't create the virtio-vsock device. And in case this type of communication is needed then there is either a listener application which expect these connection and may block unwanted incoming connections or an application that initiate the connection to a guest application and in this case one might choose to use a lower port number which required capabilities.
So, since the default seccomp profile allows other IPC means, like pipes and sockets, I request to remove this rule. I think I saw it was also removed in an older branch as well.
Thanks,
The text was updated successfully, but these errors were encountered: