fix(supervisor): tolerate non-empty bounding set when CAP_SETPCAP is unavailable#2075
fix(supervisor): tolerate non-empty bounding set when CAP_SETPCAP is unavailable#2075waynesun09 wants to merge 2 commits into
Conversation
|
All contributors have signed the DCO ✍️ ✅ |
|
I have read the DCO document and I hereby sign the DCO. |
|
recheck |
|
Few points of note:
|
…unavailable On rootless Podman with AppArmor unprivileged user namespace restrictions (Ubuntu 24.04 default), CAP_SETPCAP is granted by Podman but blocked at the kernel level by AppArmor. This causes drop_capability_bounding_set() to fail with EPERM while the bounding set is non-empty — a case that was unhandled, crashing sandbox creation. Add a match arm that logs a warning and continues when EPERM is returned with a non-empty bounding set. The child process is still confined by seccomp. Add a parent-side OCSF DetectionFinding alert (log_capability_bounding_set_readiness) emitted before fork, following the same pattern as Landlock's log_sandbox_readiness(). This ensures the degraded confinement posture appears in structured security telemetry. Fixes: NVIDIA#2069 Signed-off-by: Wayne Sun <gsun@redhat.com>
7320552 to
1dc253d
Compare
|
/ok to test 1dc253d |
1dc253d to
ad6106c
Compare
Run supervisor capability unit tests on a bare GHA ubuntu-24.04 runner as an unprivileged user, where CAP_SETPCAP is unavailable and the bounding set is non-empty. This exercises the EPERM + non-empty path that caused the NVIDIA#2069 crash. Update architecture/sandbox.md to describe the degraded rootless mode and its reliance on seccomp when the bounding set cannot be cleared. Refs: NVIDIA#2069 Signed-off-by: Wayne Sun <gsun@redhat.com>
ad6106c to
3f95d51
Compare
|
/ok to test 3f95d51 |
|
The new OCSF degraded-mode alert may not fire. The parent-side probe returns early if Could we make the readiness probe test the actual bounding-set clear behavior ? |
Summary
When running under rootless Podman (or any container runtime that drops
CAP_SETPCAP),cap_drop_bound()returnsEPERMfor every capability still in the bounding set. Since v0.0.73 this is fatal — the supervisor crashes on sandbox startup, breaking all rootless Podman deployments.This PR adds a third match arm to
validate_capability_bounding_set_clear()that toleratesEPERMwhen the bounding set is non-empty, logging a warning instead of returning an error. The sandbox still relies on seccomp and Landlock for confinement in this case.Related Issue
Fixes #2069
Changes
crates/openshell-supervisor-process/src/process.rs:EPERM+ non-empty bounding set tolerance branch between the existingEPERM+ empty (success) and catch-all (error) armswarnfromtracingcapability_bounding_set_clear_tolerates_nonempty_epermtest to assertis_ok()instead ofis_err()drop_privileges_succeeds_for_current_grouptest — remove conditionalcfg(target_os)branching.github/workflows/branch-checks.yml: Addrootless-capsCI job that runs supervisor capability tests as a non-root user withoutCAP_SETPCAPonubuntu-24.04Local Build & Test
Built and tested the fix locally before pushing:
aarch64-unknown-linux-muslbinary inside arust:1.95-bookwormPodman container (macOS host cannot build Linux-only deps:capctl,landlock,seccompiler)localhost/openshell-supervisor:fix-2069viaDockerfile.supervisorsupervisor_image = "localhost/openshell-supervisor:fix-2069"ingateway.toml)Phase: Readywith the expected warning:Testing
cargo test -p openshell-supervisor-process --lib -- capability_bounding drop_privilegespassesChecklist