search

google / nsjail

A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
https://nsjail.dev
Apache License 2.0
2.85k stars 268 forks source link

Invalid Argument - clone(flags=CLONE_NEWNS|CLONE_NEWCGROUP|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID) failed #232

Open ndeloney0 opened 2 weeks ago

ndeloney0 commented 2 weeks ago

Hi,

I am trying to run nsjail with a very simple python script and am getting the following:

Mode: STANDALONE_ONCE\n[I][2024-06-16T03:25:03+0000] 
Jail parameters: hostname:'python', chroot:'', process:'python3', bind:[::]:0, max_conns:0, max_conns_per_ip:0, time_limit:900, personality:0, daemonize:false, clone_newnet:false, clone_newuser:true, clone_newns:true, clone_newpid:true, clone_newipc:true, clone_newuts:true, clone_newcgroup:true, clone_newtime:false, keep_caps:false, disable_no_new_privs:false, max_cpus:0\n[I][2024-06-16T03:25:03+0000]
Mount: '/' flags:MS_RDONLY type:'tmpfs' options:'' dir:true\n[I][2024-06-16T03:25:03+0000] 
Mount: '/' -> '/' flags:MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' dir:true\n[I][2024-06-16T03:25:03+0000] 
Mount: '/app' -> '/app' flags:MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' dir:true\n[I][2024-06-16T03:25:03+0000] Mount: '/tmp' -> '/tmp' flags:MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' dir:true\n[I][2024-06-16T03:25:03+0000] Uid map: inside_uid:0 outside_uid:0 count:1 newuidmap:false\n[W][2024-06-16T03:25:03+0000][6] 
logParams():313 Process will be UID/EUID=0 in the global user namespace, and will have user root-level access to files\n[I][2024-06-16T03:25:03+0000] 
Gid map: inside_gid:0 outside_gid:0 count:1 newgidmap:false\n[W][2024-06-16T03:25:03+0000][6] 
logParams():323 Process will be GID/EGID=0 in the global user namespace, and will have group root-level access to files\n[W][2024-06-16T03:25:03+0000][6]

The last lines seem to be the error:

runChild():491 clone(flags=CLONE_NEWNS|CLONE_NEWCGROUP|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID) failed: Invalid argument\n[E][2024-06-16T03:25:03+0000][6] 
standaloneMode():275 Couldn't launch the child process\n"}

I have seen similar issues such as https://github.com/google/nsjail/issues/111 and have tried adding this --disable_clone_newcgroup flag, but it doesn't seem to help. Any advice on how I can proceed?

rohangrg commented 2 weeks ago

I am facing same issue.

okunz commented 2 weeks ago

I couldn't replicate this at the moment on my machine. Can you please post the following:

ndeloney0 commented 2 weeks ago

@okunz Yes, here is the nsjail.cfg:

mode: ONCE
hostname: "python"
time_limit: 900

rlimit_as: 2048
rlimit_cpu: 1000
rlimit_fsize: 1024
rlimit_nofile: 64

# Mounts
mount {
    src: "/"
    dst: "/"
    is_bind: true
    rw: false
}
mount {
    src: "/app"
    dst: "/app"
    is_bind: true
    rw: true
}
mount {
    src: "/tmp"
    dst: "/tmp"
    is_bind: true
    rw: true
}

clone_newnet: false

This is how I am executing the script:

# main.py
result = subprocess.run(
    [
        "nsjail",
        "--config",
        "nsjail.cfg",
        "--",
        "python3",
        "user_script.py",
        "--disable_clone_newcgroup",
        "--verbose",
    ],
    capture_output=True,
    text=True,
)

And this is the full log output after adding --verbose:

[I][2024-06-17T14:01:35+0000] Mode: STANDALONE_ONCE\n[I][2024-06-17T14:01:35+0000] Jail parameters: hostname:'python', chroot:'', process:'python3', bind:[::]:0, max_conns:0, max_conns_per_ip:0, time_limit:900, personality:0, daemonize:false, clone_newnet:false, clone_newuser:true, clone_newns:true, clone_newpid:true, clone_newipc:true, clone_newuts:true, clone_newcgroup:true, clone_newtime:false, keep_caps:false, disable_no_new_privs:false, max_cpus:0\n
[I][2024-06-17T14:01:35+0000] Mount: '/' flags:MS_RDONLY type:'tmpfs' options:'' dir:true\n
[I][2024-06-17T14:01:35+0000] Mount: '/' -> '/' flags:MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' dir:true\n
[I][2024-06-17T14:01:35+0000] Mount: '/app' -> '/app' flags:MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' dir:true\n
[I][2024-06-17T14:01:35+0000] Mount: '/tmp' -> '/tmp' flags:MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' dir:true\n
[I][2024-06-17T14:01:35+0000] Uid map: inside_uid:0 outside_uid:0 count:1 newuidmap:false\n
[W][2024-06-17T14:01:35+0000][6] logParams():313 Process will be UID/EUID=0 in the global user namespace, and will have user root-level access to files\n
[I][2024-06-17T14:01:35+0000] Gid map: inside_gid:0 outside_gid:0 count:1 newgidmap:false\n
[W][2024-06-17T14:01:35+0000][6] logParams():323 Process will be GID/EGID=0 in the global user namespace, and will have group root-level access to files\n
[W][2024-06-17T14:01:35+0000][6] runChild():491 clone(flags=CLONE_NEWNS|CLONE_NEWCGROUP|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID) failed: Invalid argument\n
[E][2024-06-17T14:01:35+0000][6] standaloneMode():275 Couldn't launch the child process\n
okunz commented 2 weeks ago

Your log output shows that something is wrong with how you invoke the nsjail. Have you tried it out by running nsjail directly on the cmdline? I suggest you try both, with the config file and if that doesn't work then also by using the cmdline args (to ensure it's not also related to #229

okunz commented 2 weeks ago

Check out my response to #229. The default config values might be different when using --config.

In addition, you need to pass the parameters for nsjail before the -- which is the separator after which the passed options are treated as args for the sandboxee binary. In your case, the last two args would be considered args you pass to python3.

Further, you likely have to specify the full path of the binaries, both for nsjail and for python3 in your example.

With the points mentioned above, I could not replicate the issue that you report. I think for your debugging, try to find out what argument is reported as invalid.