search

microsoft / azure-container-apps

Roadmap and issues for Azure Container Apps
MIT License
360 stars 29 forks source link

Feature Request: AppArmor, Seccomp profiles, and capability dropping support #1232

Open tylersalminen opened 1 month ago

tylersalminen commented 1 month ago

Is your feature request related to a problem? Please describe.
Improve zero day exploit protections for containers running untrusted code

Describe the solution you'd like.
Ability to provide AppArmor profiles, Seccomp profiles, and capabilities to drop per container in a revision

Describe alternatives you've considered.
AKS: https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-kubernetes-service-security-deep-dive-part-2-apparmor-and/ba-p/3013977 Docker Daemon has app armor security profiles options: https://docs.docker.com/engine/security/apparmor/ Docker Daemon has seccomp security profile options: https://docs.docker.com/engine/security/seccomp/

Additional context.
In order to provide better zero day exploit protection for our running application containers when running untrusted code we would like to implement certain linux kernel security features like AppArmor and Seccomp profiles that are similarly implemented in docker daemon and AKS.

simonjj commented 1 month ago

Thank you @tylersalminen for raising this. It's an interesting request, can you please explain further. ACA hosts never allow you to run as root. Also, we have a building block for untrusted code which is called Dynamic Sessions. Seccomp and Apparmor usually require root on the host.

tylersalminen commented 1 month ago

Basically I would like to be able to provide apparmor and seccomp profiles to a container when editing one within a revision (see image below). Specifically a way to reference files from for example maybe an azure files store (that way i can update them within my CD pipeline)

image

My specific use case is that we host a pretty complex web application in azure container apps that contains many disparate dependencies that increase the potential attack surface of our container. Being able to define these profiles would help to reduce that attack surface. In our CD pipeline we use the docker-slim github action to remove unnecessary dependencies and binaries included from the base image we pull from docker hub. This github action also can produce apparmor and seccomp profiles to further harden our container but we are currently unable to use them in azure container apps. However we would like to avoid migrating to a more complex service like AKS just for the ability to define these profiles.