-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Questions about shared-fs options and security in kata-containers #9683
Comments
We are in the process of removing the shared-fs. Partly the shared-fs is a remnant of how Kata pulls images when confidential computing is not enabled. When we pull the image inside the guest with CoCo we won't need shared-fs for the images, but there are a few other features that rely on it. If you look at #9315, which removes the shared-fs for TDX, you can see that we are skipping a number of tests for that platform. This gives you an idea of what features currently rely on shared-fs. We will hopefully have workarounds for most of these. This PR also shows that turning off the shared-fs is as simple as changing one setting in the kata config, but note that this is a host configuration so you will want to do something in the guest as well to make sure the shared-fs can't be turned back on. In the example you posted, I think you actually aren't seeing the shared-fs, but rather the location where containerd has unpacked images on the host. With nydus I think we download the container on the host as well as the guest. The shared-fs is usually located |
@fitzthum Thank you very much. I found the shared-fs in /run/kata-containers/shared/sandboxes. But the rootfs dir did used by the running container. I used helm install hadoop, my containerd default runtime is kata. kata generated qemu commands like that:
there are my pods:
I used nerdctl ps --namespace k8s.io to find the container id that in hadoop-hdfs-dn-0 pod.
then I got the rootfs path
and i tried to mkdir in the rootfs dir and in the container, i could view the change both side.
I am using version 2.5.2 of Kata, and I am not sure which version it is on the CC branch. I am not sure if this is an issue with an older version. |
Ah if you are using Kata 2.5.2 you might not have any of the support for confidential image pulling. In that case if you disable shared-fs you are not going to be able to pull the image. You might try with upstream main if it isn't too much of a hassle to enable csv there. Guest pulling is a coco feature so you'd want to use the confidential rootfs which includes image-rs. |
Thank you, I think I understand the reason now. I will try upgrading the version. |
Description:
I have some questions about the shard-fs options. I used kata containers with confidential containers running on Hygon CSV (which seems to have implemented the same tee mechanism as AMD SEV). I noticed that directories inside the runing Pod/container can be accessed through df -h, and files in containers can be accessed directly on the host machine, including viewing and adding the contents of files(I used the root user).
My questions:
Is this caused by shared-fs?
I want to try to increase some security policies myself, and I want to know besides improving performance, what are the main propose of shared-fs for kata-containers, and what aspects might I need to modify?
If I want to increase protection for files inside the container myself, are there any encryption schemes for files or file systems that can be applied without modifying kata?
I have learned about #9676 and related issues, and I understand that shared-fs is required by Kubernetes. However, I'm not very clear about its other impacts.
I would be very grateful if someone could answer my questions.
The text was updated successfully, but these errors were encountered: