opa-docker-authz icon indicating copy to clipboard operation
opa-docker-authz copied to clipboard

Published 20 hours ago verified publisher icon open-policy-agent

WIP: resolve symlinked host binds

Open flixr opened this issue 3 years ago • 12 comments

Resolve symlinked host binds and provide them in HostBinds, so we can properly check the paths. Should solve #34

flixr avatar Oct 18 '21 09:10 flixr

@anderseknert so this doesn't seem to work, BindMounts is always null even if Body.HostConfig.Binds has a bind mount (starting with /). Not sure what is still wrong/missing... I probably don't have much time to spend on this right now anymore. So if you want to take this over and do it properly, it would be very much appreciated! I could probably find time to briefly test stuff...

flixr avatar Oct 18 '21 16:10 flixr

So at least the resolving seems to work now, but I'm not sure how to write a policy file that correctly denies any request that has bind mounts except for a paths starting with certain prefix.

flixr avatar Oct 18 '21 19:10 flixr

So this works with a policy like (excerpt):

package docker.authz

default allow = false

allow {
    not restricted_host_bind
    not privileged
}

# bind mounts to host with these prefixes are allowed
allowed_host_path_prefixes := {"/allowed/path/prefix/"}

restricted_host_bind
{
    allowed_host_binds := {x | x:= input.BindMounts[_]; startswith(x, allowed_host_path_prefixes[_])}
    count(input.BindMounts) != count(allowed_host_binds)
}

privileged {
    input.Body.HostConfig.Privileged == true
}

I think we should still parse the Mounts Source of Type bind from docker the same way and also add them to the BindMounts.

flixr avatar Oct 19 '21 15:10 flixr

I would be happy if you want to take over

flixr avatar Oct 21 '21 09:10 flixr

Don't hate me, but :D just one more idea: it'd be really awesome if this resolver could also resolve envvars, like $HOME. Whatcha think?

bviktor avatar Oct 25 '21 12:10 bviktor

I would leave that out (at least of this PR)... because whose $HOME? Of the user running opa-docker-authz? But then you would already know the user anyway...

flixr avatar Oct 25 '21 14:10 flixr

Nah, the user running the Docker container :-) But yeah, that's prolly another PR for another day.

bviktor avatar Oct 25 '21 14:10 bviktor

@anderseknert I updated it a bit for my use-case so I can allow only ReadOnly bind mounts where the source already exists (so that docker doesn't create dirs that don't exist):

  • BindMounts: all requested bind mounts
  • BindMountsResolved: resolved bind mounts (so must exist on the host) to avoid circumvention by symlink.
  • BindMountsResolvedRO: additonally only contains ReadOnly mounts.

and then update the policy from above with

restricted_host_bind
{
    allowed_host_binds := {x | x:= input.BindMountsResolvedRO[_]; startswith(x, allowed_host_path_prefixes[_])}
    count(input.BindMounts) != count(allowed_host_binds)
}

flixr avatar Nov 03 '21 19:11 flixr

Looks sensible to me @flixr ... we'd still need some tests to cover this. I've been pretty swamped recently but starting to look better from next week if you want me to help out with that.

anderseknert avatar Nov 04 '21 06:11 anderseknert

@anderseknert did you have a chance to continue here yet?

flixr avatar Mar 22 '22 10:03 flixr

I haven't @flixr ... feel free to pick it up! I don't think I'll be able to in the near future.

anderseknert avatar Mar 22 '22 10:03 anderseknert

For now this does all I need right now and is running fine in production. Also don't have time to spend on making this more complete atm...

flixr avatar Mar 22 '22 11:03 flixr

Resolved with https://github.com/open-policy-agent/opa-docker-authz/pull/65

anderseknert avatar Nov 15 '22 13:11 anderseknert