From 4b242784cab8603d68431a64405e6b9d6b018ae5 Mon Sep 17 00:00:00 2001
From: Bjorn Neergaard <bjorn.neergaard@docker.com>
Date: Mon, 18 Sep 2023 16:40:03 -0600
Subject: [PATCH 1/2] oci/defaults: deny /sys/devices/virtual/powercap

The ability to read these files may offer a power-based sidechannel
attack against any workloads running on the same kernel.

This was originally [CVE-2020-8694][1], which was fixed in
[949dd0104c496fa7c14991a23c03c62e44637e71][2] by restricting read access
to root. However, since many containers run as root, this is not
sufficient for our use case.

While untrusted code should ideally never be run, we can add some
defense in depth here by masking out the device class by default.

[Other mechanisms][3] to access this hardware exist, but they should not
be accessible to a container due to other safeguards in the
kernel/container stack (e.g. capabilities, perf paranoia).

[1]: https://nvd.nist.gov/vuln/detail/CVE-2020-8694
[2]: https://github.com/torvalds/linux/commit/949dd0104c496fa7c14991a23c03c62e44637e71
[3]: https://web.eece.maine.edu/~vweaver/projects/rapl/

Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
(cherry picked from commit 83cac3c3e3adcba2ef113b2272f467566c903e0b)
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
---
 oci/defaults.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/oci/defaults.go b/oci/defaults.go
index d593a0e3e9..21e76b9f97 100644
--- a/oci/defaults.go
+++ b/oci/defaults.go
@@ -105,6 +105,7 @@ func DefaultLinuxSpec() specs.Spec {
 			"/proc/sched_debug",
 			"/proc/scsi",
 			"/sys/firmware",
+			"/sys/devices/virtual/powercap",
 		},
 		ReadonlyPaths: []string{
 			"/proc/bus",

From f0a196bf2282bae4f0d9b2d47754b367e9970ec2 Mon Sep 17 00:00:00 2001
From: Bjorn Neergaard <bjorn.neergaard@docker.com>
Date: Mon, 18 Sep 2023 16:41:03 -0600
Subject: [PATCH 2/2] profiles/apparmor: deny /sys/devices/virtual/powercap

While this is not strictly necessary as the default OCI config masks this
path, it is possible that the user disabled path masking, passed their
own list, or is using a forked (or future) daemon version that has a
modified default config/allows changing the default config.

Add some defense-in-depth by also masking out this problematic hardware
device with the AppArmor LSM.

Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
(cherry picked from commit bddd826d7ab083c7815ae23b6857a8c5856e4540)
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
---
 profiles/apparmor/template.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/profiles/apparmor/template.go b/profiles/apparmor/template.go
index ed5892a7f6..626e5f6789 100644
--- a/profiles/apparmor/template.go
+++ b/profiles/apparmor/template.go
@@ -49,6 +49,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
   deny /sys/fs/c[^g]*/** wklx,
   deny /sys/fs/cg[^r]*/** wklx,
   deny /sys/firmware/** rwklx,
+  deny /sys/devices/virtual/powercap/** rwklx,
   deny /sys/kernel/security/** rwklx,
 
 {{if ge .Version 208095}}