diff --git a/profiles/apparmor/profiles/extras/bwrap-userns-restrict b/profiles/apparmor/profiles/extras/bwrap-userns-restrict index 286131626..9de2afc63 100644 --- a/profiles/apparmor/profiles/extras/bwrap-userns-restrict +++ b/profiles/apparmor/profiles/extras/bwrap-userns-restrict @@ -1,17 +1,12 @@ -# This profile allows almost everything and only exists to allow -# bwrap to work on a system with user namespace restrictions -# being enforced. -# bwrap is allowed access to user namespaces and capabilities -# within the user namespace, but its children do not have -# capabilities, blocking bwrap from being able to be used to -# arbitrarily by-pass the user namespace restrictions. -# -# Note: the bwrap child is stacked against the bwrap profile due to -# bwraps use of no-new-privs +# This profile allows almost everything and only exists to allow bwrap +# to work on a system with user namespace restrictions being enforced. +# bwrap is allowed access to user namespaces and capabilities within +# the user namespace, but its children do not have capabilities, +# blocking bwrap from being able to be used to arbitrarily by-pass the +# user namespace restrictions. -# disabled by default as it can break some use cases on a system that -# doesn't have or has disable user namespace restrictions for unconfined -# use aa-enforce to enable it +# Note: the bwrap child is stacked against the bwrap profile due to +# bwraps use of no-new-privs. abi , @@ -19,9 +14,11 @@ include profile bwrap /usr/bin/bwrap flags=(attach_disconnected,mediate_deleted) { allow capability, - # not allow all, to allow for pix stack - # sadly we have to allow m every where to allow children to work under - # stacking. + # not allow all, to allow for pix stack on systems that don't support + # rule priority. + # + # sadly we have to allow 'm' every where to allow children to work under + # profile stacking atm. allow file rwlkm /{**,}, allow network, allow unix, @@ -34,7 +31,23 @@ profile bwrap /usr/bin/bwrap flags=(attach_disconnected,mediate_deleted) { allow umount, allow pivot_root, allow dbus, - allow px /** -> bwrap//&unpriv_bwrap, + + # stacked like this due to no-new-privs restriction + # this will stack a target profile against bwrap and unpriv_bwrap + # Ideally + # - there would be a transition at userns creation first. This would allow + # for the bwrap profile to be tighter, and looser within the user + # ns. bwrap will still have to fairly loose until a transition at + # namespacing in general (not just user ns) is available. + # - there would be an independent second target as fallback + # This would allow for select target profiles to be used, and not + # necessarily stack the unpriv_bwrap in cases where this is desired + # + # the ix works here because stack will apply to ix fallback + # Ideally we would sanitize the environment across a privilege boundry + # (leaving bwarp into application) but flatpak etc use environment glibc + # sanitized environment variables as part of the sandbox setup. + allow pix /** -> &bwrap//&unpriv_bwrap, # the local include should not be used without understanding the userns # restriction. @@ -42,6 +55,7 @@ profile bwrap /usr/bin/bwrap flags=(attach_disconnected,mediate_deleted) { include if exists } +# The unpriv_bwrap profile is used to strip capabilities within the userns profile unpriv_bwrap flags=(attach_disconnected,mediate_deleted) { # not allow all, to allow for pix stack allow file rwlkm /{**,}, @@ -57,6 +71,9 @@ profile unpriv_bwrap flags=(attach_disconnected,mediate_deleted) { allow pivot_root, allow dbus, + # bwrap profile does stacking against itself this will keep the target + # profile from having elevated privileges in the container. + # If done recursively the stack will remove any duplicate allow pix /** -> &unpriv_bwrap, audit deny capability,