[apparmor] How extensively does AppArmor lock down Docker containers?

Tue Oct 25 17:17:33 UTC 2016

On Mon, 2016-10-24 at 11:43 -0700, John Johansen wrote:
> On 10/23/2016 04:26 PM, Sam Ghods wrote:
> > 
> > We are evaluating moving from CentOS/SELinux/Docker to
> > Ubuntu/AppArmor/Docker and had a question regarding AppArmor.
> > 
> > Docker's SELinux policy specifically uses Multi Category Security (MCS) to
> > enforce that each individual container on a system can only access the files
> > on the host labeled for that specific container (more details: article <http
> > s://opensource.com/business/14/9/security-for-docker>, presentation
> > <https://www.youtube.com/watch?v=a9lE9Urr6AQ>). That is, if two Docker
> > containers A and B are spun up on a single host, the default SELinux
> > security policy that comes with Docker will actually enforce that in the
> > event of a breakout, the linux process in container A will not be able to
> > access the files belonging to container B. Not only that, but the only way
> > files can be mounted into a container from the host is if the volumes are
> > suffixed with ":Z", thus telling Docker to make sure to add the relevant MCS
> > labels to the files on the host in that path so that the container can
> > access them.
> > 
> > On the contrary, I cannot find any references to a similar mechanism in
> > AppArmor. Instead, Docker's default AppArmor profile <https://docs.docker.co
> > m/engine/security/apparmor/> seems to primarily be about denying access to
> > specific filesystem paths and host resources, not about denying access
> > between containers.
> > 
> > My question is, if we use Docker's default AppArmor profile, will we get the
> > same effective protection as using SELinux as described above? Will AppArmor
> > block access from one container to another container's files? If yes, how
> > does it accomplish it?
> > 
> I am unfamiliar with what Docker is doing with AppArmor so take the following
> with a large grain of salt.
> 
> From the default profile and very limited looking I would say no, Docker's use
> of apparmor is not protection one container from another.
> 
> There are a few ways to achieve this in apparmor, libvirt and lxc use per
> container generated profiles so that paths can be rewritten and each
> container/domain gets its own unique profile.
> 
> Another approach that could be used would be policy namespaces and variables
> to provide something more akin (but definitely not MCS) to the MCS that
> selinux is doing. In this approach you have a single base profile and load it
> to a unique policy namespace for each container. The variables need to be set
> to the correct paths on a per container basis.

To add to this: until Docker supports per-container profiles for AppArmor like
libvirt and lxd do, you can define your own profiles outside of Docker and then
use --security-opt to specify that the container should be run under that
profile. This has a nice property that you can tailor the profile for the
container, but the downside is you are managing it outside of Docker itself.

-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161025/c40693f1/attachment.pgp>