Hacker News new | ask | show | jobs
by nyrikki 30 days ago
Bubblewrap tends to be better at defaults than docker/rancher/podman, where the users rarely use `USER` and/or drop elevated privileges, it still has the same limitations.

It is just the reality that namespace/seccomp/ebpf/cgroups are privilege dropping and are not jails.

But it is better with common command line options like:

     $ bwrap --ro-bind /usr /usr --ro-bind /bin /bin --ro-bind /lib /lib --ro-bind /lib64 /lib64 --ro-bind /sbin /sbin --ro-bind /etc /etc --proc /proc --dev /dev --tmpfs /tmp /usr/bin/bash
     $ grep ^Cap /proc/$$/status
     CapInh: 0000000000000000
     CapPrm: 0000000000000000
     CapEff: 0000000000000000
     CapBnd: 0000000000000000
     CapAmb: 0000000000000000
     $ grep ^NoNew /proc/$$/status
     NoNewPrivs: 1
But yes it is using the same clone/unshare/capabilities that containers use.

But at least they tend to default to running without elevated privileges.

Note from the bwrap repo[0]

    Whatever program constructs the command-line arguments for bubblewrap (often a larger framework like Flatpak, libgnome-desktop, sandwine or an ad-hoc script) is responsible for defining its own security model, and choosing appropriate bubblewrap command-line arguments to implement that security model.
Or warnings from distros like arch[1]

     Warning
     Bubblewrap is a tool which provides sandboxing technologies like namespaces and seccomp filter. It does not by default provide a full sandbox that isolates weakpoints of a used technology. Running untrusted code is never safe, sandboxing cannot change this.
But spin up a bwrap instance like the above and note how just using pythons socket.socket() you can pretty much get every single kernel module in:

     grep net-pf /lib/modules/`uname -r`/modules.alias
That is not in:

     /etc/modprobe.d/blacklist-rare-network.conf
To autoload the kernel modules. That is probably the easiest way to see that you still have the issues with the shared kernel.

Note that the LSM like apparmor may add constraints on aa systems look at[2]

The bwrap team is better at working the with LSM teams, while OCI actively refuses to give guidance and has a dangerous profile [3]

Once again namespaces/cgroups/seccomp/avoiding elevated privlages/etc... are all important for running with minimal privileges, but yes 'sandboxes' and 'containers' provide much less isolation than most people realize.

[0] https://github.com/containers/bubblewrap#limitations [1] https://wiki.archlinux.org/title/Bubblewrap [2] https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/... [3] https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/...