Disabling file sharing feature for isolation

[siketyan]

Is your feature request related to a problem? Please describe. When I want to run a virtual machine as isolated from the host, such as running a GitHub Actions Self-Hosted Runner, I want to disable bidirectional file sharing between macOS and Linux.

Describe the solution you'd like It would be great if we can disable file sharing for a specific Linux instance explicitly.

Describe alternatives you've considered N/A

Additional context N/A

[kdrag0n]

This is planned but it's worth nothing that similar to WSL, the shared lightweight kernel/VM that runs Docker and machines will always have access to the underlying mounts. This means that it's not advisable to rely on them for true security purposes, as a Linux kernel vulnerability would allow mounting the shared file system anyway.

However, as long as the Linux kernel's security is not compromised, this should be an effective form of access control.

[dnaq]

It would be great for my use cases if it was possible to set up specific file shares between the host and VM, not just to have an all or nothing approach. Having support for that would allow me to move completely to orbstack and not have to use UTM/parallels anymore.

[kdrag0n]

It would be great for my use cases if it was possible to set up specific file shares between the host and VM, not just to have an all or nothing approach. Having support for that would allow me to move completely to orbstack and not have to use UTM/parallels anymore.

@dnaq Can you elaborate on why that's a must-have for your use case?

[dnaq]

Sure. There are mostly two main reasons:

1. Client requirements, e.g. it’s ok for the client that the VM can read/write a client specific folder on the host, as long as other VMs can’t read that folder. Host is trusted, VMs aren’t to that extent.
2. Analysis of untrusted (potentially malicious) code, where the results of the analysis are needed outside of the VM. I realise that there is always the possibility of kernel/vm escapes, but that risk is much lower than malicious user space code.

Hope that helps

[FreeIdom]

I have the same needs, please consider allow specific file shares between the host and VM

[ludwig-gramberg]

+1 on chosing to share specific folders between mac and the vm just consider a badly ran command in the vm can delete a lot of files on the host

[kdrag0n]

Update: This has been mostly implemented internally for several versions, but there are a few remaining gaps to close before it'll actually have any security value. That's why it hasn't been exposed yet.

If you want specific file sharing paths, please open a separate issue.

[hkrutzer]

For me, simply not sharing anything would be sufficient; a lot of software I run in the VM turns out to write config into the homedir. Probably the shell history too. I don't want that on my host machine.

[kdrag0n]

@hkrutzer Linux and macOS home directories are already separate: /home/$USER and /Users/$USER.

[MisterMountain]

@hkrutzer As far as i see it the homedir of the user in the VM is not /Users/MisterMountain: MisterMountain@gentoo ~ $ echo $HOME /home/MisterMountain

[hkrutzer]

That is strange, I will test again!

[hyperknot]

What's really scary about it is the totally mixed state of directories. /Users -> mac /home -> linux Kind of reasonable till here.

But then how is someone supposed to trust that a script doesn't do anything bad in /etc, /usr, /opt, /var, /sbin leave something in /tmp or touch a device in /dev.

It's just super scary right now to do devops script testing. I guess those dirs are separated, but this is neither documented nor there is any kind of reference to the safety of the dirs with shared names.

[kdrag0n]

The rule is simple: all directories normally present on a Linux system are Linux dirs, and only macOS-specific ones are shared:

 /Applications
 /Library
 /Users
 /Volumes
 /private

[jrz]

I wrote a small script which has similar goals as in this topic.

See https://github.com/jrz/container-shell

It's not finished yet and there's no installer but it works. It basically bind-mounts the current/project directory to /media and starts a shell.

Any feedback is appreciated.

[janfjohannes]

this is actually so bad i considered stopping to use orbstack. how can anyone in their right mind consider the right default for running a VM would be to magically share host folders?!! How is this even possible? What is even worse, i assume that the docker engine just wraps the same VM logic to implement the docker features and so how can i trust running docker images now? I assumed i have additional protection by a layer of VM isolation, but if there is stuff like this going on without explicit opt in or any way to see/configure the exact behaviour i cannot trust anything.

[siketyan]

IIRC Docker containers on OrbStack are isolated by default, using the container runtime. In this issue we are talking about machines (i.e. KVMs) on OrbStack, not containers.

Though it will be great if we can opt out file sharing from machines, OrbStack is currently not a solution to create sandboxed environment as you want. OrbStack just provides us an easy way to create containers or machines for development; not for production.

[hyperknot]

But the use case here is especially against real virtual machines, for testing devops scripts. Docker containers behave totally differently.

[jrz]

@hyperknot , @janfjohannes check out what my script does and what it's intentions are. I'm in the same boat as you guys.

[hyperknot]

@jrz it's in docker as well, totally different from a real VM.

I want to have an 1:1 identical environment to servers, not some striped down Docker like environment. Think:

• mounting
• cron
• systemd
• rebooting
• etc.

[jrz]

@hyperknot Ahh ok, yeah that makes sense. It's not just an extra layer of isolation / clean slate os.

[sturob]

Huge feature for me. Coming from crostini so I'm used to complete isolation by default.

[kznrluk]

This is one of the main reasons I cannot use OrbStack as my main line of development. This is not Virtual Machines.

The rule is simple: all directories normally present on a Linux system are Linux dirs, and only macOS-specific ones are shared:

Really? In my environment the SSH key on macOS is linked in the VM.

kznrluk@ubuntu:~$ ls -al .ssh/
total 8
drwx------ 1 kznrluk kznrluk  48 Sep 24 19:04 .
drwxr-x--- 1 kznrluk kznrluk 138 Sep 24 19:11 ..
lrwxrwxrwx 1 kznrluk kznrluk  34 Sep 24 19:04 id_ed25519 -> /mnt/mac/Users/kznrluk/.ssh/id_ed25519
lrwxrwxrwx 1 kznrluk kznrluk  38 Sep 24 19:04 id_ed25519.pub -> /mnt/mac/Users/kznrluk/.ssh/id_ed25519.pub

If I had not done ssh-keygen and noticed the anomaly, I would have performed the wrong operation with the wrong credentials. This is a serious security issue.

If you continue this policy, you should stop calling this feature Virtual Machine. Like WSL.

[hyperknot]

OrbStack is really the most amazing dev tool I've used in like 10 years! Seriously impressive, especially from such a small team. But there really should be a locked down mode. One rm -rf in the wrong dir inside the VM and you've just deleted all your files outside the VM.

[kznrluk]

In fact, trying to completely separate them would be inconvenient in many ways, such as making them inaccessible via the shell like a traditional VM or requiring additional network configuration. In this regard, the OrbStack experience is excellent.

All I am asking for is just the ability to mount directories and control their location as needed.

[hyperknot]

Yes, I agree, just let me disable the mounts.

[InferiusFurious]

My ideal setup would be to run Orbs with optional isolation. Just giving us the flexibility of what and how much we want to lock down our Orbs would be super useful, so if I run a public facing server I don't have to worry about potential malware escaping the Orb and affecting my host or the Orb having access to sensitive documents, credentials or cryptographic keys, but if I run a dev environment that's only going to be accessed locally from the host it can be opened up more to allow easy file transfers, kind of like how it already is at the moment.

In other words, if there is a way to manually define a shared directory(ies),let me have control over where it's located and also give me some preset options like how it currently works with Documents or Home folders. Let me choose if I want it to be completely isolated, one-way sharing (Host -> VM) or bi-directional (Host <-> VM). That way for standard dev work, the shared folders conveniently works, but for other uses the Orb is locked down, more secure and can only be accessed via standard SSH pubkey or similar methods.

[jrz]

@hyperknot @InferiusFurious please check out my wrapper made for OrbStack (but works with any Docker compatible). It isolates the current directory, and behaves like a foreground-mode shell

Link: https://github.com/jrz/container-shell

[gillisd]

If you just care about safeguarding your mac files and are ok with them being read-only, this worked for me (run on your linux VM):

$ sudo mount -o remount,ro /mnt/mac

Confirm that all volumes have been set to read-only status:

$ mount | grep -w mac

mac on /mnt/mac type virtiofs (ro,relatime)
mac on /Applications type virtiofs (ro,relatime)
mac on /Library type virtiofs (ro,relatime)
mac on /Users type virtiofs (ro,relatime)
mac on /Volumes type virtiofs (ro,relatime)
mac on /private type virtiofs (ro,relatime)

The read-only status appears to persist across reboots as well.

I can change it all back by adding the rw, followed by a reboot:

$ sudo mount -o remount,rw /mnt/mac
$ sudo reboot

[SoCuul]

@winterqt is this planned for a future version?

[winterqt]

Yup, it's almost ready. 🙂