search

google / sandboxed-api

Generate sandboxes for C/C++ libraries automatically
https://developers.google.com/sandboxed-api/
Apache License 2.0
1.65k stars 189 forks source link

Sandbox2 does not work in Docker Container if it runs without --privileged flag #165

Closed levshukovv closed 1 year ago

levshukovv commented 1 year ago

Hi colleagues!

I want to use sandbox2 inside docker container. To understand what capabilities I need to use I have build tools (andboxed_api/sandbox2/examples)/tool) and want to run it inside container

Dockerfile: FROM mcr.microsoft.com/devcontainers/cpp:ubuntu-22.04 COPY sandbox2tool sandbox2tool

How I tried to run docker container and it did not work:

  1. docker run --cap-add CAP_SYS_ADMIN --cap-add CAP_NET_ADMIN -it sandbox_img/bin/bash
  2. docker run --rm -it --cap-add=ALL -it sandbox_img/bin/bash
  3. docker run --rm -it --cap-add=ALL --security-opt apparmor=unconfined -it sandbox_img/bin/bash Error: root ➜ / $ ./sandbox2tool /bin/sh [global_forkclient.cc : 121] RAW: Starting global forkserver [namespace.cc : 353] RAW: Check syscall(__NR_pivot_root, kSandbox2ChrootPath, realroot_path.c_str()) != -1 failed: pivot root: Operation not permitted [1] [forkserver.cc : 594] RAW: Check TEMP_FAILURE_RETRY(read(fds[1], &unused, 1)) == 1 failed: synchronizing initial namespaces creation: No such file or directory [2] E1124 11:12:41.759428 57 fork_client.cc:61] Receiving init PID from the ForkServer failed E1124 11:12:41.759502 57 global_forkclient.cc:276] Global forkserver connection terminated [global_forkclient.cc : 199] RAW: forkserver (pid=58) terminated by signal 6 E1124 11:12:41.759627 56 sandbox2tool.cc:235] Sandbox failed E1124 11:12:41.759695 56 sandbox2tool.cc:241] Sandbox error: SETUP_ERROR - Code: FAILED_SUBPROCESS

If I run docker image with --privileged flag it works without any issue.

cblichmann commented 1 year ago

Hi there!

For the pivot_root syscall itself, you'll need the CAP_SYS_ADMIN capability, as you've already figured out. On top of that, Docker also by default applies a seccomp policy, which interferes here. See the docs, pivot_root is explicitly disallowed by default.

You can either continue with --privileged (Sandbox2 is the only layer then), or try and add --security-opt seccomp=unconfined to disable seccomp.

levshukovv commented 1 year ago

Thank you for the so fast reply!