MappedDirectory enforcement and misc fixes#2727
Conversation
Capture and apply envToKeep from policy enforcement in createContainer, external exec, and in-container exec. Previously the filtered env list was discarded. Add ociEnvToProcessParamEnv and rewriteExecRequest helpers with tests. Signed-off-by: Mahati Chamarthy <mahati.chamarthy@gmail.com>
Add EnforceMappedDirectoryMountPolicy/UnmountPolicy to enforce VSMB directory shares for confidential Windows containers. Writable mapped directories are denied; duplicates at the same container path are prevented. Also add path pattern validation for MappedVirtualDisk and MappedVirtualDiskForContainerScratch to ensure SCSI mounts only target c:\mounts\scsi\m<N>. Signed-off-by: Mahati Chamarthy <mahati.chamarthy@gmail.com>
| if envToKeep != nil { | ||
| spec.Process.Env = []string(envToKeep) | ||
| } | ||
| _ = allowStdio // TODO: enforce stdio access for Windows containers |
There was a problem hiding this comment.
Is there no enforcement on stdout in WCOW yet?
There was a problem hiding this comment.
No enforcement on allowStdio, partly because pipes are set by inbox-gcs (in Linux case, we're able to redirect it to /dev/null. But I have a workaround to block the pipe creation itself, MahatiC@d0de0ca - I did not test this myself though.
| // Tests for environment variable filtering helpers (envlist persistence) | ||
|
|
||
| func TestOciEnvToProcessParamEnv_Basic(t *testing.T) { | ||
| input := []string{"FOO=bar", "PATH=/usr/bin", "EMPTY="} |
There was a problem hiding this comment.
/usr/bin might not be the most obvious choice for a Windows test.
There was a problem hiding this comment.
True, but the test is just validating the key, value parsing logic here (i.e. is it converting them properly from OCI-format), so it doesn't have an impact on the test itself.
| load_fragment := data.framework.load_fragment | ||
| scratch_mount := data.framework.scratch_mount | ||
| scratch_unmount := data.framework.scratch_unmount | ||
| mapped_directory_mount := data.framework.mapped_directory_mount |
There was a problem hiding this comment.
Does the tooling need to be updated to match?
There was a problem hiding this comment.
Yeah, the tooling needs to account for this and the logging enforcement as well.
2 participants
Commit 1: CWCOW: Filter environment variable
The GCS sidecar was evaluating security policy for environment variables but discarding the filtered result. This meant policy could block containers with disallowed env vars, but couldn't selectively strip individual variables. This commit captures the filtered env list and rewrites the request with it before forwarding to GCS.
Commit 2: CWCOW: Enforce MappedDirectory inside gcs-sidecar
The GCS sidecar had no enforcement for ResourceTypeMappedDirectory (VSMB shares) or path validation for ResourceTypeMappedVirtualDisk/ResourceTypeMappedVirtualDiskForContainerScratch (SCSI mounts). This would allow an untrusted host to share arbitrary directories into the UVM without policy checks. This commit adds:
read-only invariant inside the UVM and prevents duplicate mounts at the same container path. Path pattern validation ensures SCSI mounts only target c:\mounts\scsi\m