moby/profiles at e262cd38ad282b6f9c5bb467e9d6b62e320394df - beenull/moby

History

Albin Kerouanton 891241e7e7 seccomp: block io_uring_* syscalls in default profile This syncs the seccomp profile with changes made to containerd's default profile in [1]. The original containerd issue and PR mention: > Security experts generally believe io_uring to be unsafe. In fact > Google ChromeOS and Android have turned it off, plus all Google > production servers turn it off. Based on the blog published by Google > below it seems like a bunch of vulnerabilities related to io_uring can > be exploited to breakout of the container. > > [2] > > Other security reaserchers also hold this opinion: see [3] for a > blackhat presentation on io_uring exploits. For the record, these syscalls were added to the allowlist in [4]. [1]: `a48ddf4a20` [2]: https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html [3]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Lin-bad_io_uring.pdf [4]: https://github.com/moby/moby/pull/39415 Signed-off-by: Albin Kerouanton <albinker@gmail.com>	2023-11-02 19:05:47 +01:00
..
apparmor	profiles/apparmor: deny /sys/devices/virtual/powercap	2023-09-18 16:41:03 -06:00
seccomp	seccomp: block io_uring_* syscalls in default profile	2023-11-02 19:05:47 +01:00

Albin Kerouanton 891241e7e7

seccomp: block io_uring_* syscalls in default profile

This syncs the seccomp profile with changes made to containerd's default
profile in [1].

The original containerd issue and PR mention:

> Security experts generally believe io_uring to be unsafe. In fact
> Google ChromeOS and Android have turned it off, plus all Google
> production servers turn it off. Based on the blog published by Google
> below it seems like a bunch of vulnerabilities related to io_uring can
> be exploited to breakout of the container.
>
> [2]
>
> Other security reaserchers also hold this opinion: see [3] for a
> blackhat presentation on io_uring exploits.

For the record, these syscalls were added to the allowlist in [4].

[1]: a48ddf4a20
[2]: https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html
[3]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Lin-bad_io_uring.pdf
[4]: https://github.com/moby/moby/pull/39415

Signed-off-by: Albin Kerouanton <albinker@gmail.com>

2023-11-02 19:05:47 +01:00

apparmor profiles/apparmor: deny /sys/devices/virtual/powercap 2023-09-18 16:41:03 -06:00

seccomp seccomp: block io_uring_* syscalls in default profile 2023-11-02 19:05:47 +01:00