Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker Fails to Load Seccomp Profile: Assumes File Contents are the Seccomp Profile #12760

Closed
3 tasks done
Alexhuszagh opened this issue Jun 4, 2022 · 2 comments
Closed
3 tasks done

Docker Fails to Load Seccomp Profile: Assumes File Contents are the Seccomp Profile #12760

Alexhuszagh opened this issue Jun 4, 2022 · 2 comments
Labels
lifecycle/locked lifecycle/stale

Comments

@Alexhuszagh
Copy link

Alexhuszagh commented Jun 4, 2022
edited
Loading

  • I have tried with the latest version of Docker Desktop
  • I have tried disabling enabled experimental features
  • I have uploaded Diagnostics

Actual behavior

If running a docker command with a custom seccomp profile, and it reads the JSON profile as if it was the filename. An example (with the seccomp profile pasted below) is provided in steps to reproduce the behavior below.

Expected behavior

It should load the seccomp profile from the filename after passing, rather than open and read the contents, and then assume this is the profile filename. This works differently than Docker on WSL2, Docker on Linux, and Podman. I'm using the default Ubuntu 20.04 image, to show the image doesn't matter.

Information

  • Is it reproducible? Yes
  • Windows Version: Windows 10 Home, 19044.1706
  • Docker Desktop Version: Docker version 20.10.16, build aa7e414
  • WSL2 or Hyper-V backend? WSL2
  • Are you running inside a virtualized Windows e.g. on a cloud server or a VM: No

Output of & "C:\Program Files\Docker\Docker\resources\com.docker.diagnose.exe" check

Diagnostics Ouput:

[PASS] DD0027: is there available disk space on the host?
[PASS] DD0028: is there available VM disk space?
[PASS] DD0031: does the Docker API work?
[PASS] DD0004: is the Docker engine running?
[PASS] DD0011: are the LinuxKit services running?
[PASS] DD0016: is the LinuxKit VM running?
[PASS] DD0001: is the application running?
[SKIP] DD0018: does the host support virtualization?
[PASS] DD0002: does the bootloader have virtualization enabled?
[PASS] DD0017: can a VM be started?
[PASS] DD0024: is WSL installed?
[PASS] DD0021: is the WSL 2 Windows Feature enabled?
[PASS] DD0022: is the Virtual Machine Platform Windows Feature enabled?
[PASS] DD0025: are WSL distros installed?
[PASS] DD0026: is the WSL LxssManager service running?
[PASS] DD0029: is the WSL 2 Linux filesystem corrupt?
[PASS] DD0035: is the VM time synchronized?
[PASS] DD0015: are the binary symlinks installed?
[PASS] DD0003: is the Docker CLI working?
[PASS] DD0013: is the $PATH ok?
[PASS] DD0005: is the user in the docker-users group?
[PASS] DD0007: is the backend responding?
[PASS] DD0014: are the backend processes running?
[PASS] DD0008: is the native API responding?
[PASS] DD0009: is the vpnkit API responding?
[PASS] DD0010: is the Docker API proxy responding?
[PASS] DD0006: is the Docker Desktop Service responding?
[PASS] DD0012: is the VM networking working?
[PASS] DD0032: do Docker networks overlap with host IPs?
[SKIP] DD0030: is the image access management authorized?
[PASS] DD0033: does the host have Internet access?
No fatal errors detected.

Steps to reproduce the behavior

The command:

> docker run -it --rm --security-opt seccomp=path\to\seccomp\profile.json ubuntu:20.04 bash
Unable to find image 'ubuntu:20.04' locally
d5fd17ec1767: Already exists
53df61775e88: Download complete
docker: Error response from daemon: container create: opening seccomp profile failed: open {"defaultAction":"SCMP_ACT_ALLOW","syscalls":[{"names":["add_key","get_kernel_syms","keyctl","move_pages","nfsservctl","perf_event_open","pivot_root","query_module","request_key","sysfs","_sysctl","uselib","userfaultfd","ustat"],"action":"SCMP_ACT_ERRNO","errnoRet":1},{"names":["acct"],"action":"SCMP_ACT_ERRNO","errnoRet":1,"excludes":{"caps":["CAP_SYS_PACCT"]}},{"names":["bpf","lookup_dcookie","mount","quotactl","quotactl_fd","setns","swapon","swapoff","umount","umount2","unshare","vm86","vm86old","pciconfig_read","pciconfig_write","salinfo_log_open","salinfo_event_open","sys_cacheflush","rtas"],"action":"SCMP_ACT_ERRNO","errnoRet":1,"excludes":{"caps":["CAP_SYS_ADMIN"]}},{"names":["clock_adjtime","clock_settime","settimeofday","stime"],"action":"SCMP_ACT_ERRNO","errnoRet":1,"excludes":{"caps":["CAP_SYS_TIME"]}},{"names":["create_module","delete_module","finit_module","init_module"],"action":"SCMP_ACT_ERRNO","errnoRet":1,"excludes":{"caps":["CAP_SYS_MODULE"]}},{"names":["get_mempolicy","mbind","set_mempolicy"],"action":"SCMP_ACT_ERRNO","errnoRet":1,"excludes":{"caps":["CAP_SYS_NICE"]}},{"names":["ioperm","iopl"],"action":"SCMP_ACT_ERRNO","errnoRet":1,"excludes":{"caps":["CAP_SYS_RAWIO"]}},{"names":["kcmp","process_vm_readv","process_vm_writev","ptrace"],"action":"SCMP_ACT_ERRNO","errnoRet":1,"excludes":{"caps":["CAP_SYS_PTRACE"]}},{"names":["kexec_file_load","kexec_load","reboot"],"action":"SCMP_ACT_ERRNO","errnoRet":1,"excludes":{"caps":["CAP_SYS_BOOT"]}},{"names":["name_to_handle_at","open_by_handle_at"],"action":"SCMP_ACT_ERRNO","errnoRet":1,"excludes":{"caps":["CAP_DAC_READ_SEARCH"]}}]}: file name too long.
See 'docker run --help'.

seccomp profile:

{
    "defaultAction": "SCMP_ACT_ALLOW",
    "syscalls": [
        {
            "names": [
                "add_key",
                "get_kernel_syms",
                "keyctl",
                "move_pages",
                "nfsservctl",
                "perf_event_open",
                "pivot_root",
                "query_module",
                "request_key",
                "sysfs",
                "_sysctl",
                "uselib",
                "userfaultfd",
                "ustat"
            ],
            "action": "SCMP_ACT_ERRNO",
            "errnoRet": 1
        },
        {
            "names": [
                "acct"
            ],
            "action": "SCMP_ACT_ERRNO",
            "errnoRet": 1,
            "excludes": {
                "caps": [
                    "CAP_SYS_PACCT"
                ]
            }
        },
        {
            "names": [
                "bpf",
                "lookup_dcookie",
                "mount",
                "quotactl",
                "quotactl_fd",
                "setns",
                "swapon",
                "swapoff",
                "umount",
                "umount2",
                "unshare",
                "vm86",
                "vm86old",
                "pciconfig_read",
                "pciconfig_write",
                "salinfo_log_open",
                "salinfo_event_open",
                "sys_cacheflush",
                "rtas"
            ],
            "action": "SCMP_ACT_ERRNO",
            "errnoRet": 1,
            "excludes": {
                "caps": [
                    "CAP_SYS_ADMIN"
                ]
            }
        },
        {
            "names": [
                "clock_adjtime",
                "clock_settime",
                "settimeofday",
                "stime"
            ],
            "action": "SCMP_ACT_ERRNO",
            "errnoRet": 1,
            "excludes": {
                "caps": [
                    "CAP_SYS_TIME"
                ]
            }
        },
        {
            "names": [
                "create_module",
                "delete_module",
                "finit_module",
                "init_module"
            ],
            "action": "SCMP_ACT_ERRNO",
            "errnoRet": 1,
            "excludes": {
                "caps": [
                    "CAP_SYS_MODULE"
                ]
            }
        },
        {
            "names": [
                "get_mempolicy",
                "mbind",
                "set_mempolicy"
            ],
            "action": "SCMP_ACT_ERRNO",
            "errnoRet": 1,
            "excludes": {
                "caps": [
                    "CAP_SYS_NICE"
                ]
            }
        },
        {
            "names": [
                "ioperm",
                "iopl"
            ],
            "action": "SCMP_ACT_ERRNO",
            "errnoRet": 1,
            "excludes": {
                "caps": [
                    "CAP_SYS_RAWIO"
                ]
            }
        },
        {
            "names": [
                "kcmp",
                "process_vm_readv",
                "process_vm_writev",
                "ptrace"
            ],
            "action": "SCMP_ACT_ERRNO",
            "errnoRet": 1,
            "excludes": {
                "caps": [
                    "CAP_SYS_PTRACE"
                ]
            }
        },
        {
            "names": [
                "kexec_file_load",
                "kexec_load",
                "reboot"
            ],
            "action": "SCMP_ACT_ERRNO",
            "errnoRet": 1,
            "excludes": {
                "caps": [
                    "CAP_SYS_BOOT"
                ]
            }
        },
        {
            "names": [
                "name_to_handle_at",
                "open_by_handle_at"
            ],
            "action": "SCMP_ACT_ERRNO",
            "errnoRet": 1,
            "excludes": {
                "caps": [
                    "CAP_DAC_READ_SEARCH"
                ]
            }
        }
    ]
}

If I try a much smaller profile, I get:

 container create: opening seccomp profile failed: open {"defaultAction":"SCMP_ACT_ALLOW"}: no such file or directory.

If I try just "C:/Users/ahusz/git/cross/src/seccomp.json" in the JSON file, I get:

container create: opening seccomp profile failed: open "C:/Users/ahusz/git/cross/src/seccomp.json": no such file or directory.

If I try to use backslashes for native Windows paths, I get errors about invalid escape characters, even if the baskslashes are properly escaped. In short, I can't even use a wrapper file to load the profile.
@Alexhuszagh Alexhuszagh mentioned this issue Jun 4, 2022
Merged
@Alexhuszagh Alexhuszagh changed the title Docker Fails to Load Seccomp Profile: Filename Too Long Docker Fails to Load Seccomp Profile: Assumes File Contents are the Seccomp Profile Jun 4, 2022
Alexhuszagh added a commit to Alexhuszagh/cross that referenced this issue Jun 5, 2022
@Alexhuszagh
Limit permissions for Android images.
671be21 
Remove the use of the `--privileged` flag for Android images and instead use an seccomp permissions. The provided profile is derived from the docker documentation, with slight modifications to allow `clone` and `clone3`.

The documentation is [docker seccomp](https://docs.docker.com/engine/security/seccomp/#significant-syscalls-blocked-by-the-default-profile), which details the syscalls blocked by docker. The same is true for podman. We merely modified these settings to allow `personality` syscall, which then allows us to use our Android images.

On Windows with Docker Desktop, we currently have an issue where Docker tries to read the seccomp profile, and then interpret that as the path, rather than load the profile from the path, which is tracked by the following issue:
docker/for-win#12760

On Podman (not inside WSL2), we have a separate issue where it expects a WSL path to be provided for the seccomp profile, despite the path being provided for the host.
Alexhuszagh added a commit to Alexhuszagh/cross that referenced this issue Jun 8, 2022
@Alexhuszagh
Limit permissions for Android images.
61c4bb7 
Remove the use of the `--privileged` flag for Android images and instead use an seccomp permissions. The provided profile is derived from the docker documentation, with slight modifications to allow `clone` and `clone3`.

The documentation is [docker seccomp](https://docs.docker.com/engine/security/seccomp/#significant-syscalls-blocked-by-the-default-profile), which details the syscalls blocked by docker. The same is true for podman. We merely modified these settings to allow `personality` syscall, which then allows us to use our Android images.

On Windows with Docker Desktop, we currently have an issue where Docker tries to read the seccomp profile, and then interpret that as the path, rather than load the profile from the path, which is tracked by the following issue:
docker/for-win#12760

On Podman (not inside WSL2), we have a separate issue where it expects a WSL path to be provided for the seccomp profile, despite the path being provided for the host.
Alexhuszagh added a commit to Alexhuszagh/cross that referenced this issue Jun 8, 2022
@Alexhuszagh
Limit permissions for Android images.
879233b 
Remove the use of the `--privileged` flag for Android images and instead use an seccomp permissions. The provided profile is derived from the docker documentation, with slight modifications to allow `clone` and `clone3`.

The documentation is [docker seccomp](https://docs.docker.com/engine/security/seccomp/#significant-syscalls-blocked-by-the-default-profile), which details the syscalls blocked by docker. The same is true for podman. We merely modified these settings to allow `personality` syscall, which then allows us to use our Android images.

On Windows with Docker Desktop, we currently have an issue where Docker tries to read the seccomp profile, and then interpret that as the path, rather than load the profile from the path, which is tracked by the following issue:
docker/for-win#12760

On Podman (not inside WSL2), we have a separate issue where it expects a WSL path to be provided for the seccomp profile, despite the path being provided for the host.
Alexhuszagh added a commit to Alexhuszagh/cross that referenced this issue Jun 8, 2022
@Alexhuszagh
Limit permissions for Android images.
13f4497 
Remove the use of the `--privileged` flag for Android images and instead use an seccomp permissions. The provided profile is derived from the docker documentation, with slight modifications to allow `clone` and `clone3`.

The documentation is [docker seccomp](https://docs.docker.com/engine/security/seccomp/#significant-syscalls-blocked-by-the-default-profile), which details the syscalls blocked by docker. The same is true for podman. We merely modified these settings to allow `personality` syscall, which then allows us to use our Android images.

On Windows with Docker Desktop, we currently have an issue where Docker tries to read the seccomp profile, and then interpret that as the path, rather than load the profile from the path, which is tracked by the following issue:
docker/for-win#12760

On Podman (not inside WSL2), we have a separate issue where it expects a WSL path to be provided for the seccomp profile, despite the path being provided for the host.
@docker-robott
Copy link
Collaborator

Issues go stale after 90 days of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30 days of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

@docker-robott
Copy link
Collaborator

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked

@docker docker locked and limited conversation to collaborators Nov 1, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
lifecycle/locked lifecycle/stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Alexhuszagh @docker-robott