new security-opt: privileged-without-host-devices (for safe DinD with Kata) by AkihiroSuda · Pull Request #39702 · moby/moby

AkihiroSuda · 2019-08-08T18:27:48Z

Signed-off-by: Akihiro Suda [email protected]

- What I did

docker run --runtime=kata --privileged is insecure despite of Kata's
VM isolation because host devices are visible to the container. kata-containers/runtime#1568

This commit adds a new security-opt privileged-without-host-devices to
allow privileged mode without mounting host devices.
The daemon returns an error if the opt is specified but privileged is
not specified.

A common use-case of this is to run Docker-in-Docker securely with Kata.

Fixes #39697
Relates to containerd/cri#1225 cri-o/cri-o#2730

- How I did it

Added a new security-opt

- How to verify it

CLI: docker/cli#2037

Without privileged-without-host-devices

$ docker run -it --rm --runtime=kata --privileged alpine
/ # ls -l /dev/sda
brw-rw----    1 root     disk        8, 128 Aug  8 18:15 /dev/sda
/ # hexdump -C /dev/sda
(host disk is leaked)

With privileged-without-host-devices:

$ docker run -it --rm --runtime=kata --privileged --security-opt privileged-without-host-devices alpine
/ # ls -l /dev
total 0
crw--w----    1 root     tty       136,   0 Aug  8 18:26 console
lrwxrwxrwx    1 root     root            13 Aug  8 18:26 fd -> /proc/self/fd
crw-rw-rw-    1 root     root        1,   7 Aug  8 18:26 full
drwxrwxrwt    2 root     root            40 Aug  8 18:26 mqueue
crw-rw-rw-    1 root     root        1,   3 Aug  8 18:26 null
lrwxrwxrwx    1 root     root             8 Aug  8 18:26 ptmx -> pts/ptmx
drwxr-xr-x    2 root     root             0 Aug  8 18:26 pts
crw-rw-rw-    1 root     root        1,   8 Aug  8 18:26 random
drwxrwxrwt    2 root     root            40 Aug  8 18:26 shm
lrwxrwxrwx    1 root     root            15 Aug  8 18:26 stderr -> /proc/self/fd/2
lrwxrwxrwx    1 root     root            15 Aug  8 18:26 stdin -> /proc/self/fd/0
lrwxrwxrwx    1 root     root            15 Aug  8 18:26 stdout -> /proc/self/fd/1
crw-rw-rw-    1 root     root        5,   0 Aug  8 18:26 tty
crw-rw-rw-    1 root     root        1,   9 Aug  8 18:26 urandom
crw-rw-rw-    1 root     root        1,   5 Aug  8 18:26 zero
/ # ls -l /dev/sda
ls: /dev/sda: No such file or directory
/ # mknod /dev/sda b 8 128
/ # hexdump -C /dev/sda
hexdump: /dev/sda: No such device or address
hexdump: /dev/sda: Bad file descriptor

Verified with Kata 1.8.0

- Description for the changelog

new security-opt: privileged-without-host-devices

- A picture of a cute animal (not mandatory but encouraged)

AkihiroSuda · 2019-08-08T18:32:32Z

@bergwolf PTAL?

akhilerm

A query on where we are restricting the /dev mount?

akhilerm · 2019-08-12T06:08:27Z

@AkihiroSuda One more question. When a new device is attached to the host and an entry is created in /dev of the host, we should also restrict those new devices from getting created inside the container right?

I can see that already there is a bug in docker which does not update the /dev directory of the container, when new devices are attached. Not sure whether this will impact or not?

AkihiroSuda · 2019-08-12T06:16:01Z

For Kata, new device wont be enabled because there is no mount for the device.

For non-kata, the flag should not be considered as a security boundary.

akhilerm · 2019-08-12T06:29:50Z

For non-kata, the flag should not be considered as a security boundary.

Ohkay. Got it. But can these same functionality be extended to non-kata? Or is it used only to get past the VM isolation issue in kata.

AkihiroSuda · 2019-08-12T06:46:47Z

But can these same functionality be extended to non-kata

It doesn't make sense. Privileged non-kata container can execute arbitrary command on the host anyway to access any device

akhilerm · 2019-08-12T06:52:21Z

Ohkay!. 👍 Thanks for explaining.

bergwolf · 2019-08-13T02:46:17Z

LGTM! Thanks @AkihiroSuda !

AkihiroSuda · 2019-08-16T18:55:41Z

@justincormack @cpuguy83 @thaJeztah PTAL?

AkihiroSuda · 2019-08-22T06:38:47Z

@justincormack @cpuguy83 @thaJeztah PTAL?

AkihiroSuda · 2019-09-11T07:56:55Z

cc @tianon WDYT?

cpuguy83 · 2019-09-11T15:00:11Z

The option seems ok, but I'm not sure why someone would use privileged and also expect it to be secure?

AkihiroSuda · 2019-09-11T15:05:56Z

@cpuguy83

dind with kata needs --privileged and is expected to be secure

thaJeztah · 2019-09-11T19:14:22Z

Isn't this combination possible with #36644, or is that tweaking something else? (haven't looked in depth).

AkihiroSuda · 2019-09-11T19:30:02Z

Unrelated, this one aims at preventing Kata from mounting host /dev completely

tianon · 2019-09-11T19:56:58Z

I get conceptually that this solves a problem Kata has, but I don't think I understand why this particular solution was chosen? We've long regarded the --privileged flag as somewhat of a mistake (certainly that in hindsight, could've had a better name), especially given the vast number of users who view it as sudo for containers (ala, if it doesn't work, try it again with --privileged). The number of users I've personally watched do exactly that blindly makes me very sad on a regular basis, so I'm confused why we'd be looking to create a second option, but with slightly less "remove all the protections" applied just for this one use case?

thaJeztah · 2019-09-11T21:34:41Z

Yes, I was thinking; what privileges does --privileged provide that cannot be given in another way? (Wanted to make a table for that to point out the missing feature(s)).

If those missing options can be added, then instead of using --privileged ("all the things!") and a --but-not-fully-privileged flag, users could instead do, e.g.

--cap-add=all
--security-opt apparmor=unconfined
--security-opt seccomp=unconfined
--security-opt systempaths=unconfined 
--security-opt host-devices=unconfined

(start with "default", and add what's needed)

AkihiroSuda · 2019-09-12T04:50:42Z

$ docker run -d --name dind --runtime=kata --security-opt apparmor=unconfined --security-opt seccomp=unconfined --security-opt systempaths=unconfined --cap-add all docker:19.03-dind
$ docker exec -it dind docker run -it --rm alpine
...
docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:281: applying
cgroup configuration for process caused \"mkdir /sys/fs/cgroup/cpuset/docker: read-only file system\"": unknown.
...

(Kata 1.8.0 with Moby e20b732)

after remounting cgroup as read-write before starting dockerd-entrypoint:

$ docker exec -it dind docker run -it --rm alpine
docker: Error response from daemon: cgroups: cannot find cgroup mount destination: unknown.
ERRO[0002] error waiting for container: context canceled

AkihiroSuda · 2019-09-12T07:40:06Z

For DIND usecase, this DIND PR seems to work: docker-library/docker#191

$ docker run --runtime kata -e DOCKER_REMOUNT_SYS_RW=1 --cap-add all --security-opt seccomp=unconfined --security-opt systempaths=unconfined

I can close this PR unless there is still demand from Kata maintainers.

…leged) Docker-in-Kata can be launched with `--privileged` but it ruins the benefit of Kata because it mounts `/dev` from the host. Now Docker-in-Kata can be launched without `--privileged`: $ docker run --runtime kata -e DOCKER_REMOUNT_SYS_RW=1 --cap-add all --security-opt seccomp=unconfined --security-opt systempaths=unconfined docker:dind Tested with Kata Containers 1.8.0 (1.8.1 is broken: kata-containers/runtime#2047) Alternative to moby/moby#39702 Signed-off-by: Akihiro Suda <[email protected]>

AkihiroSuda · 2019-09-20T11:00:21Z

I'm keeping this PR open, as discussed in Kata ML: http://lists.katacontainers.io/pipermail/kata-dev/2019-September/001029.html

thaJeztah · 2019-11-05T01:12:01Z

@dmcgowan @justincormack ptal

AkihiroSuda · 2020-02-14T04:17:10Z

rebased

AkihiroSuda · 2020-02-14T04:19:17Z

CRI-O adopted equivalent of this as well as containerd/CRI: cri-o/cri-o#2730

AkihiroSuda · 2020-06-12T03:26:53Z

Aside from Kata, this PR turned out to be also useful for protecting the host console from getty running in a container: AkihiroSuda/containerized-systemd#5 (comment)

cc @cpuguy83

cpuguy83 · 2020-06-15T20:08:46Z

For the (mostly privileged) systemd case, instead of doing --privileged, I can also just remount proc as writable in the container and not have to deal with host /dev issues.

I do think it's slightly unfortunate that --privileged also mounts the host's /dev instead of leaving that to the client to decide if they actually want that.

But you can gradually add what you need instead of relying on --privileged, and that seems good enough.

`docker run --runtime=kata --privileged` is insecure despite of Kata's VM isolation because host devices are visible to the container. This commit adds a new security-opt `privileged-without-host-devices` to allow privileged mode without mounting host devices. The daemon returns an error if the opt is specified but privileged is not specified. A common use-case of this is to run Docker-in-Docker securely. Signed-off-by: Akihiro Suda <[email protected]>

AkihiroSuda · 2021-10-05T11:16:28Z

rebased

tao12345666333

LGTM

tianon · 2021-10-06T17:07:15Z

I still think this is probably not the right UX here -- how long before someone asks for another privileged-without-X option because they have a different use case?

I agree with @thaJeztah that it would be really useful if we could make a table of features that --privileged can enable that can't be enabled any other way, but it'd definitely be a great exercise to at least start with the things Kata needs and work our way up from there.

AkihiroSuda · 2022-02-07T14:47:45Z

Kata v2 no longer supports runc-style CLI, and Moby does not support non-runc runtimes, so closing.

Vlad1mir-D · 2023-04-29T04:54:40Z

@AkihiroSuda Could you please reopen this PR?
Current version of Kata works perfectly fine with the actual version of Moby but #39697 prevents usage of privileged mode.
ctr, nerdctl and other tools already allows to run Kata privileged without host devices.
Thanks!

tianon · 2023-05-03T22:24:46Z

Re #39702 (comment), do you have a sense of which things Kata needs that are enabled by --privileged but cannot be enabled in any other way?

klueska · 2024-04-02T20:59:12Z

We also have use cases for kind (Kubernetes in Docker) that could benefit from this as well. Specifically around running as privileged, but allowing for fine-grained control of which devices get injected via CDI instead of blindly injecting all of them. Please see the following discussion for more details: kubernetes-sigs/kind#3290 (review)

neersighted · 2024-04-02T23:02:56Z

I'm going to close this for now as I don't think we're likely to ever accept this in it's current form; however I have proposed an alternative at #47663 that I would like to direct feedback to.

GordonTheTurtle added the status/0-triage label Aug 8, 2019

This was referenced Aug 8, 2019

[Draft] new security-opt: privileged-without-host-devices ("pwohd"), for safe DinD with Kata docker/cli#2037

Closed

new security-opt: privileged-without-host-devices #39697

Open

AkihiroSuda mentioned this pull request Aug 8, 2019

Do not pass all host devices in /dev when launching with '--privileged' kata-containers/runtime#1568

Closed

akhilerm reviewed Aug 11, 2019

View reviewed changes

Comment thread daemon/oci_linux.go Outdated

akhilerm reviewed Aug 11, 2019

View reviewed changes

bergwolf mentioned this pull request Aug 13, 2019

update privileged container documentation kata-containers/documentation#529

Closed

AkihiroSuda force-pushed the pwodh branch from a6a9eee to 08d6bd3 Compare August 22, 2019 06:38

GordonTheTurtle assigned justincormack Aug 23, 2019

awprice mentioned this pull request Sep 4, 2019

Add flag to overload default privileged host device behaviour containerd/cri#1225

Merged

AkihiroSuda changed the title ~~new security-opt: privileged-without-host-devices~~ new security-opt: privileged-without-host-devices (for safe DinD with Kata) Sep 11, 2019

thaJeztah added area/runtime Runtime and removed status/0-triage labels Sep 12, 2019

AkihiroSuda mentioned this pull request Sep 12, 2019

introduce DOCKER_REMOUNT_SYS_RW (allow Docker-in-Kata without --privileged) docker-library/docker#191

Closed

AkihiroSuda force-pushed the pwodh branch from 08d6bd3 to bab611d Compare February 14, 2020 04:17

AkihiroSuda force-pushed the pwodh branch from bab611d to 7503614 Compare February 15, 2020 06:49

amshinde mentioned this pull request Mar 25, 2020

Support hotplug PCIe in q35 kata-containers/runtime#2410

Merged

AkihiroSuda force-pushed the pwodh branch from 7503614 to 9755e4b Compare June 12, 2020 03:14

AkihiroSuda mentioned this pull request Jun 12, 2020

systemd with --privileged AkihiroSuda/containerized-systemd#5

Closed

AkihiroSuda force-pushed the pwodh branch from 9755e4b to c8ae83e Compare October 5, 2021 11:16

tao12345666333 approved these changes Oct 6, 2021

View reviewed changes

AkihiroSuda closed this Feb 7, 2022

AkihiroSuda reopened this Apr 29, 2023

klueska mentioned this pull request Apr 2, 2024

Add API for CDI --devices flag in Docker and Podman for mapping GPUs kubernetes-sigs/kind#3290

Closed

neersighted mentioned this pull request Apr 2, 2024

Proposal: decompose --privileged into individual --security-opt options #47663

Open

neersighted closed this Apr 2, 2024

Conversation

AkihiroSuda commented Aug 8, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

AkihiroSuda commented Aug 8, 2019

Uh oh!

Uh oh!

akhilerm left a comment

Choose a reason for hiding this comment

Uh oh!

akhilerm commented Aug 12, 2019

Uh oh!

AkihiroSuda commented Aug 12, 2019

Uh oh!

akhilerm commented Aug 12, 2019

Uh oh!

AkihiroSuda commented Aug 12, 2019

Uh oh!

akhilerm commented Aug 12, 2019

Uh oh!

bergwolf commented Aug 13, 2019

Uh oh!

AkihiroSuda commented Aug 16, 2019

Uh oh!

AkihiroSuda commented Aug 22, 2019

Uh oh!

AkihiroSuda commented Sep 11, 2019

Uh oh!

cpuguy83 commented Sep 11, 2019

Uh oh!

AkihiroSuda commented Sep 11, 2019

Uh oh!

thaJeztah commented Sep 11, 2019

Uh oh!

AkihiroSuda commented Sep 11, 2019

Uh oh!

tianon commented Sep 11, 2019

Uh oh!

thaJeztah commented Sep 11, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

AkihiroSuda commented Sep 12, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

AkihiroSuda commented Sep 12, 2019

Uh oh!

AkihiroSuda commented Sep 20, 2019

Uh oh!

thaJeztah commented Nov 5, 2019

Uh oh!

AkihiroSuda commented Feb 14, 2020

Uh oh!

AkihiroSuda commented Feb 14, 2020

Uh oh!

AkihiroSuda commented Jun 12, 2020

Uh oh!

cpuguy83 commented Jun 15, 2020

Uh oh!

AkihiroSuda commented Oct 5, 2021

Uh oh!

tao12345666333 left a comment

Choose a reason for hiding this comment

Uh oh!

tianon commented Oct 6, 2021

Uh oh!

AkihiroSuda commented Feb 7, 2022

Uh oh!

Vlad1mir-D commented Apr 29, 2023

Uh oh!

tianon commented May 3, 2023

Uh oh!

klueska commented Apr 2, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

neersighted commented Apr 2, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

AkihiroSuda commented Aug 8, 2019 •

edited

Loading

thaJeztah commented Sep 11, 2019 •

edited

Loading

AkihiroSuda commented Sep 12, 2019 •

edited

Loading

klueska commented Apr 2, 2024 •

edited

Loading