[apparmor] How extensively does AppArmor lock down Docker containers?

[Jessie Frazelle]

You are correct. The Apparmor profile is a bit different than how SELinux works
with regard to the defaults for Docker. I am a bit more familiar with
the Apparmor implementation than the SELinux one.

>
> We are evaluating moving from CentOS/SELinux/Docker to
> Ubuntu/AppArmor/Docker and had a question regarding AppArmor.
>
> Docker's SELinux policy specifically uses Multi Category Security (MCS) to
> enforce that each individual container on a system can only access the
> files on the host labeled for that specific container (more details: article
> <https://opensource.com/business/14/9/security-for-docker>, presentation
> <https://www.youtube.com/watch?v=a9lE9Urr6AQ>). That is, if two Docker
> containers A and B are spun up on a single host, the default SELinux
> security policy that comes with Docker will actually enforce that in the
> event of a breakout, the linux process in container A will not be able to
> access the files belonging to container B. 

This is interesting. In the account of a breakout from a container that
would have to involve privilege escalation. I'm unsure how SELinux is
able to make this guarantee. If you have sufficently escalated your
privilege then you can also override any SELinux labels applied to
certain files.

I am a bit confused as to how they are able to guarantee this given
a breakout from a container. The only 100% guarantee that you can avoid
this would be to use a vm but then even if you break out of the VM with
a RCE then you would be faced with the same problem.

> Not only that, but the only way
> files can be mounted into a container from the host is if the volumes are
> suffixed with ":Z", thus telling Docker to make sure to add the relevant
> MCS labels to the files on the host in that path so that the container can
> access them.
>
> On the contrary, I cannot find any references to a similar mechanism in
> AppArmor. Instead, Docker's default AppArmor profile
> <https://docs.docker.com/engine/security/apparmor/> seems to primarily be
> about denying access to specific filesystem paths and host resources, not
> about denying access between containers.

Yes this is correct. The main point of the Apparmor profile, seccomp
profiles, etc are too lessen the possibility of a container breakout.
_If_ you happen to breakout, there is not much any LSM can do. This is
why we actively deny things like ptrace that have a long standing
reputation of being a risk for vulns.


> My question is, if we use Docker's default AppArmor profile, will we get
> the same effective protection as using SELinux as described above? Will
> AppArmor block access from one container to another container's files? If
> yes, how does it accomplish it?

Yes, it will mostly because SELinux cannot have those guarantees either.
Depending on the type of priv escalation to breakout of a container, there
is not much anyone can do to stop you. The goal of the LSM support in
Docker is to minimize the possibility of a breakout (see:
https://github.com/docker/docker.github.io/blob/master/engine/security/non-events.md
).

Hopefully this helps.

Best, 

Jess

>
> --
> Sam

-- 

Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC  511E 18F3 685C 0022 BFF3
https://pgp.mit.edu/pks/lookup?op=get&search=0x18F3685C0022BFF3