Limit which directories are exposed to Podman machine

[Krinkle]

Is your enhancement related to a problem? Please describe

For security reasons, I'd like to centrally configure which directories are exposed to the Podman machine. This way, when using scripts that indirectly invoke podman or docker with mount parameters, I know that only the directories I've configured can be exposed and mounted, and not anything from anywhere on the file system.

Describe the solution you'd like

Docker Desktop solves it as follows:

Describe alternatives you've considered

No response

Additional context

No response

[afbjorklund]

The default volumes for podman machine init are listed in containers.conf in the podman configuration

It used to be empty (no volumes), but now it exports all of your your home directory ($HOME) by default

https://docs.podman.io/en/latest/markdown/podman-machine-init.1.html

# Host directories to be mounted as volumes into the VM by default.
# Environment variables like $HOME as well as complete paths are supported for
# the source and destination. An optional third field `:ro` can be used to
# tell the container engines to mount the volume readonly.
#
#volumes = [
#  "$HOME:$HOME",
#]

---

EDIT: The documentation only reflects the Linux configuration, not Mac or Windows.

// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
func getDefaultMachineVolumes() []string {
        return []string{"$HOME:$HOME"}
}

[Krinkle]

@afbjorklund Is there a way within Podman Desktop (or, perhaps, as temporary workaround, via the CLI) a way to change the podman machine that I have to narrow the exposure to only specific parts of my home directory?

The workloads I use Podman for, require no identification or authorization of sensitive data. Hence, I'd rather not have private files like ~/.gnupg or ~/.ssh be readable to random containers. Likewise, when locations ~/bin/ or ~/.bashrc are writable, that creates all sorts of easily exploited and deeply impacting attack scenarios (Blog post).

At least, ~/Documents/ and ~/Photos/ are protected by default due via macOS' app sandbox (assuming the developer hasn't granted Full Disk Access, or previously accepted a permission prompt for those directories). But I'd rather not have these among the mountable directories in the first place.

[afbjorklund]

I think you have to use the CLI, there is no --volume parameter in the GUI.

[afbjorklund]

As a side note, if you are using the Lima extension and didn't read through the YAML files when you had the chance...

$ limactl start --name=podman template://podman
? Creating an instance "podman"  [Use arrows to move, type to filter]
> Proceed with the current configuration
  Open an editor to review or modify the current configuration
  Choose another example (docker, podman, archlinux, fedora, ...)
  Exit

... it also mounts your home directory into the virtual machine, the only difference is that it is read-only by default:

mounts:
- location: "~"
- location: "/tmp/lima"
  writable: true

[benoitf]

podman machine is now allowing to customize these folders only at creation time of the Podman Machine.

Will check if RFE is possible in podman project to be able to also change it after it's created.

on macOS, defaults will be [/Users:/Users,/private:/private,/var/folders:/var/folders]

we could add a setting in Podman Desktop but it would work for now only at creation time

[Lotusshaney]

I think implementing a requester as shown in docker desktop is the way to go. Just warn the user that you need to rebuild the default VM and then do it for them

[thecb4]

Any news on when this would be picked up?

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had activity in the last 6 months. It will be closed in 30 days if no further activity occurs. Please feel free to leave a comment if you believe the issue is still relevant. Thank you for your contributions!

[Krinkle]

(RE: Automatic stale tag.)

As of Podman Machine v1.11.1, there does not yet appear to be anything in the GUI to restrict which directories are visible, and thus prevent exposing sensitive directories to Podman-run containers.