Skip to content

seccomp: block AF_VSOCK sockets #575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mtrmac merged 1 commit into from
Jan 12, 2026
Merged

seccomp: block AF_VSOCK sockets #575

mtrmac merged 1 commit into from
Jan 12, 2026

Conversation

@giuseppe
Copy link
Member

@giuseppe giuseppe commented Jan 7, 2026

Block the socket() syscall with AF_VSOCK to prevent container escapes via VM sockets.

@github-actions github-actions bot added the common Related to "common" package label Jan 7, 2026
podmanbot pushed a commit to podmanbot/buildah that referenced this pull request Jan 7, 2026
@github-actions
dnm: Vendor changes from containers/container-libs#575
77d6060
@podmanbot podmanbot mentioned this pull request Jan 7, 2026
Closed
@podmanbot
Copy link

podmanbot commented Jan 7, 2026

✅ A new PR has been created in buildah to vendor these changes: containers/buildah#6623

Luap99
Luap99 approved these changes Jan 7, 2026
View reviewed changes
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

common/pkg/seccomp/default_linux.go
Comment on lines 879 to 893
Names: []string{
"socket",
},
Action: ActAllow,
Args: []*Arg{
{
Index: 0,
Value: unix.AF_NETLINK,
Op: OpNotEqual,
},
},
Excludes: Filter{
Caps: []string{"CAP_AUDIT_WRITE"},
},
},
Copy link
Member

@Luap99 Luap99 Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I don't understand why this is not causing the EPERM to get overwritten by ActAllow here.

But my testing does confirm this patch works as I would expect so it is my lack of understanding the seccomp rules ordering.

@tylerfanelli
Copy link
Member

tylerfanelli commented Jan 7, 2026

The krun runtime uses vsock for VM guest communication. Would this PR conflict with that in any way?

@Luap99
Copy link
Member

Luap99 commented Jan 7, 2026

The krun runtime uses vsock for VM guest communication. Would this PR conflict with that in any way?

yeah I was wondering about that too, I am not familiar with the krun details but taking the profile from this PR still works AFAICT

podman --runtime krun  run --rm --security-opt seccomp=/home/pholzing/go/src/github.com/containers/container-libs/common/pkg/seccomp/seccomp.json  quay.io/libpod/testimage:20241011 uname -a
Linux afe6635da40a 6.12.34 #1 SMP PREEMPT_DYNAMIC Thu Jun 26 12:45:10 CEST 2025 x86_64 Linux

So we should not break krun if that test is good enough? I also checked with a volume mount, is there anything specific to test the vsock communication?

@tylerfanelli
Copy link
Member

tylerfanelli commented Jan 7, 2026
edited
Loading

I can test with other libkrun variants that use vsock more heavily (like libkrun-nitro for AWS Nitro Enclaves, where all outside communication is done through vsock). Would you mind marking this as draft until I'm able to do so?

@Luap99
Copy link
Member

Luap99 commented Jan 7, 2026

the seccomp profile is applied by crun, if it is applied for krun as well I guess we could try to special case it to allow vsock for only that. Or modify the seccomp generation on the podman side so we can create a custom rule per runtime? Of course regardless this would get even more complicated to the already complicated rule syntax.

@giuseppe
Copy link
Member Author

giuseppe commented Jan 7, 2026

Could we open the socket before we apply the seccomp profile? I don't think that krun should depend on this to not be blocked, we need to address it in the runtime

@giuseppe
Copy link
Member Author

giuseppe commented Jan 12, 2026

can we merge?

@mtrmac
Copy link
Contributor

mtrmac commented Jan 12, 2026

@giuseppe what is the path forward for krun? I don’t think we need to block on having that implemented but we should at least have some idea of what we are getting into, and a issue filed somewhere to check/follow up/update.

@giuseppe
Copy link
Member Author

giuseppe commented Jan 12, 2026
edited
Loading

The OCI runtime should be able to work with such seccomp setting. We can apply the filter later, or not apply it (for the runtime itself). It is not realistic to expect that users won't block this syscall because the runtime can't deal with it

mtrmac
mtrmac reviewed Jan 12, 2026
View reviewed changes
@giuseppe
seccomp: block AF_VSOCK sockets
eaec878 
Block the socket() syscall with AF_VSOCK to prevent container escapes
via VM sockets.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe giuseppe force-pushed the seccomp-block-socket-AF_VSOCK branch from 58c47b9 to eaec878 Compare January 12, 2026 18:21
podmanbot pushed a commit to podmanbot/buildah that referenced this pull request Jan 12, 2026
@github-actions
dnm: Vendor changes from containers/container-libs#575
61c0076
mtrmac
mtrmac approved these changes Jan 12, 2026
View reviewed changes
Copy link
Contributor

@mtrmac mtrmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@mtrmac mtrmac merged commit e581e8c into containers:main Jan 12, 2026
17 checks passed
@Luap99 Luap99 mentioned this pull request Jan 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtrmac mtrmac mtrmac approved these changes

@Luap99 Luap99 Luap99 approved these changes

Assignees

No one assigned

Labels

common Related to "common" package

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@giuseppe @podmanbot @tylerfanelli @Luap99 @mtrmac