containers/bubblewrap containers/bubblewrap

  • Stars
    star
    3,920
  • Rank 11,158 (Top 0.3 %)
  • Language
    C
  • License
    Other
  • Created almost 9 years ago
  • Updated about 1 month ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
containers/bubblewrap
github

containers

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Low-level unprivileged sandboxing tool used by Flatpak and similar projects

Bubblewrap

Many container runtime tools like systemd-nspawn, docker, etc. focus on providing infrastructure for system administrators and orchestration tools (e.g. Kubernetes) to run containers.

These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into a fully privileged root shell on the host.

User namespaces

There is an effort in the Linux kernel called user namespaces which attempts to allow unprivileged users to use container features. While significant progress has been made, there are still concerns about it, and it is not available to unprivileged users in several production distributions such as CentOS/Red Hat Enterprise Linux 7, Debian Jessie, etc.

See for example CVE-2016-3135 which is a local root vulnerability introduced by userns. This March 2016 post has some more discussion.

Bubblewrap could be viewed as setuid implementation of a subset of user namespaces. Emphasis on subset - specifically relevant to the above CVE, bubblewrap does not allow control over iptables.

The original bubblewrap code existed before user namespaces - it inherits code from xdg-app helper which in turn distantly derives from linux-user-chroot.

System security

The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.

In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots.

Sandbox security

bubblewrap is a tool for constructing sandbox environments. bubblewrap is not a complete, ready-made sandbox with a specific security policy.

Some of bubblewrap's use-cases want a security boundary between the sandbox and the real system; other use-cases want the ability to change the layout of the filesystem for processes inside the sandbox, but do not aim to be a security boundary. As a result, the level of protection between the sandboxed processes and the host system is entirely determined by the arguments passed to bubblewrap.

Whatever program constructs the command-line arguments for bubblewrap (often a larger framework like Flatpak, libgnome-desktop, sandwine or an ad-hoc script) is responsible for defining its own security model, and choosing appropriate bubblewrap command-line arguments to implement that security model.

Users

This program can be shared by all container tools which perform non-root operation, such as:

We would also like to see this be available in Kubernetes/OpenShift clusters. Having the ability for unprivileged users to use container features would make it significantly easier to do interactive debugging scenarios and the like.

Installation

bubblewrap is available in the package repositories of the most Linux distributions and can be installed from there.

If you need to build bubblewrap from source, you can do this with meson or autotools.

meson:

meson _builddir
meson compile -C _builddir
meson install -C _builddir

autotools:

./autogen.sh
make
sudo make install

Usage

bubblewrap works by creating a new, completely empty, mount namespace where the root is on a tmpfs that is invisible from the host, and will be automatically cleaned up when the last process exits. You can then use commandline options to construct the root filesystem and process environment and command to run in the namespace.

There's a larger demo script in the source code, but here's a trimmed down version which runs a new shell reusing the host's /usr.

bwrap \
    --ro-bind /usr /usr \
    --symlink usr/lib64 /lib64 \
    --proc /proc \
    --dev /dev \
    --unshare-pid \
    --new-session \
    bash

This is an incomplete example, but useful for purposes of illustration. More often, rather than creating a container using the host's filesystem tree, you want to target a chroot. There, rather than creating the symlink lib64 -> usr/lib64 in the tmpfs, you might have already created it in the target rootfs.

Sandboxing

The goal of bubblewrap is to run an application in a sandbox, where it has restricted access to parts of the operating system or user data such as the home directory.

bubblewrap always creates a new mount namespace, and the user can specify exactly what parts of the filesystem should be visible in the sandbox. Any such directories you specify mounted nodev by default, and can be made readonly.

Additionally you can use these kernel features:

User namespaces (CLONE_NEWUSER): This hides all but the current uid and gid from the sandbox. You can also change what the value of uid/gid should be in the sandbox.

IPC namespaces (CLONE_NEWIPC): The sandbox will get its own copy of all the different forms of IPCs, like SysV shared memory and semaphores.

PID namespaces (CLONE_NEWPID): The sandbox will not see any processes outside the sandbox. Additionally, bubblewrap will run a trivial pid1 inside your container to handle the requirements of reaping children in the sandbox. This avoids what is known now as the Docker pid 1 problem.

Network namespaces (CLONE_NEWNET): The sandbox will not see the network. Instead it will have its own network namespace with only a loopback device.

UTS namespace (CLONE_NEWUTS): The sandbox will have its own hostname.

Seccomp filters: You can pass in seccomp filters that limit which syscalls can be done in the sandbox. For more information, see Seccomp.

If you are not filtering out TIOCSTI commands using seccomp filters, argument --new-session is needed to protect against out-of-sandbox command execution (see CVE-2017-5226).

Related project comparison: Firejail

Firejail is similar to Flatpak before bubblewrap was split out in that it combines a setuid tool with a lot of desktop-specific sandboxing features. For example, Firejail knows about Pulseaudio, whereas bubblewrap does not.

The bubblewrap authors believe it's much easier to audit a small setuid program, and keep features such as Pulseaudio filtering as an unprivileged process, as now occurs in Flatpak.

Also, @cgwalters thinks trying to whitelist file paths is a bad idea given the myriad ways users have to manipulate paths, and the myriad ways in which system administrators may configure a system. The bubblewrap approach is to only retain a few specific Linux capabilities such as CAP_SYS_ADMIN, but to always access the filesystem as the invoking uid. This entirely closes TOCTTOU attacks and such.

Related project comparison: Sandstorm.io

Sandstorm.io requires unprivileged user namespaces to set up its sandbox, though it could easily be adapted to operate in a setuid mode as well. @cgwalters believes their code is fairly good, but it could still make sense to unify on bubblewrap. However, @kentonv (of Sandstorm) feels that while this makes sense in principle, the switching cost outweighs the practical benefits for now. This decision could be re-evaluated in the future, but it is not being actively pursued today.

Related project comparison: runc/binctr

runC is currently working on supporting rootless containers, without needing setuid or any other privileges during installation of runC (using unprivileged user namespaces rather than setuid), creation, and management of containers. However, the standard mode of using runC is similar to systemd nspawn in that it is tooling intended to be invoked by root.

The bubblewrap authors believe that runc and systemd-nspawn are not designed to be made setuid, and are distant from supporting such a mode. However with rootless containers, runC will be able to fulfill certain usecases that bubblewrap supports (with the added benefit of being a standardised and complete OCI runtime).

binctr is just a wrapper for runC, so inherits all of its design tradeoffs.

What's with the name?!

The name bubblewrap was chosen to convey that this tool runs as the parent of the application (so wraps it in some sense) and creates a protective layer (the sandbox) around it.

(Bubblewrap cat by dancing_stupidity)

More Repositories

1

podman

Podman: A tool for managing OCI containers and pods.
Go
23,573
star
2

skopeo

Work with remote images registries - retrieving information, images, signing content
Go
8,189
star
3

buildah

A tool that facilitates building OCI images.
Go
7,364
star
4

youki

A container runtime written in Rust
Rust
6,267
star
5

podman-compose

a script to run docker-compose.yml using podman
Python
5,047
star
6

podman-desktop

Podman Desktop is the best free and open source tool to work with Containers and Kubernetes for developers. Get an intuitive and user-friendly interface to effortlessly build, manage, and deploy containers and Kubernetes — all from your desktop.
TypeScript
4,824
star
7

crun

A fast and lightweight fully featured OCI runtime and C library for running containers
C
3,021
star
8

toolbox

Tool for interactive command line environments on Linux
Shell
2,537
star
9

krunvm

Create microVMs from OCI images
Rust
1,422
star
10

libkrun

A dynamic library providing Virtualization-based process isolation capabilities
Rust
871
star
11

image

Work with containers' images
Go
866
star
12

bootc

Boot and upgrade via container images
Rust
649
star
13

podman-tui

Podman Terminal UI
Go
639
star
14

storage

Container Storage Library
Go
560
star
15

fuse-overlayfs

FUSE implementation for overlayfs
C
528
star
16

netavark

Container network stack
Rust
528
star
17

udica

This repository contains a tool for generating SELinux security profiles for containers
Python
487
star
18

podlet

Generate Podman Quadlet files from a Podman command, compose file, or existing object
Rust
460
star
19

composefs

a file system for mounting container images
C
441
star
20

conmon

An OCI container runtime monitor.
C
420
star
21

podman-desktop-extension-bootc

Support for bootable OS containers (bootc) and generating disk images
TypeScript
411
star
22

build

another build tool for container images (archived, see https://github.com/rkt/rkt/issues/4024)
Go
342
star
23

quadlet

C
342
star
24

oci-seccomp-bpf-hook

OCI hook to trace syscalls and generate a seccomp profile
Go
301
star
25

ansible-podman-collections

Repository for Ansible content that can include playbooks, roles, modules, and plugins for use with the Podman tool
Python
266
star
26

gvisor-tap-vsock

A new network stack based on gVisor
Go
258
star
27

podman.io_old

Repository for podman.io website using GitHub Pages.
CSS
258
star
28

container-selinux

SELinux policy files for Container Runtimes
Roff
254
star
29

podman-py

Python bindings for Podman's RESTful API
Python
253
star
30

ramalama

The goal of RamaLama is to make working with AI boring.
Shell
231
star
31

oci-spec-rs

OCI Runtime, Image and Distribution Spec in Rust
Rust
208
star
32

common

Location for shared common files in github.com/containers repos.
Go
188
star
33

conmon-rs

An OCI container runtime monitor written in Rust
Rust
186
star
34

aardvark-dns

Authoritative dns server for A/AAAA container records. Forwards other request to host's /etc/resolv.conf
Rust
184
star
35

dnsname

name resolution for containers
Go
177
star
36

podman-desktop-extension-ai-lab

Work with LLMs on a local environment using containers
TypeScript
175
star
37

docker-lvm-plugin

Docker volume plugin for LVM volumes
Go
155
star
38

crun-vm

Run VM disk images using Podman / Docker / Kubernetes.
Rust
146
star
39

ocicrypt

Encryption libraries for Encrypted OCI Container images
Go
144
star
40

virtcontainers

A Go package for building hardware virtualized container runtimes
Go
139
star
41

prometheus-podman-exporter

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information.
Go
134
star
42

fetchit

FetchIt is used to manage the life cycle and configuration of Podman containers
Go
124
star
43

containrs

General purpose container library
Rust
120
star
44

ai-lab-recipes

Examples for building and running LLM services and applications locally with Podman
Python
108
star
45

bluechi

Bluechi is a systemd service controller intended for multi-node environments with a predefined number of nodes and with a focus on highly regulated ecosystems such as those requiring functional safety.
C
96
star
46

Demos

Repository is a location of user demos for technologies listed on github.com/containers
Shell
80
star
47

libkrunfw

A dynamic library bundling the guest payload consumed by libkrun
C
77
star
48

omlmd

OCI Artifact for ML model & metadata
Python
69
star
49

shortnames

Shortnames project is collecting registry alias names for shortnames to fully specified container image names.
Python
68
star
50

psgo

A ps(1) AIX-format compatible golang library
Go
58
star
51

nri-plugins

A collection of community maintained NRI plugins
Go
57
star
52

podman.io

The new podman.io design project
TypeScript
53
star
53

libocispec

a C library for accessing OCI runtime and image spec files
Python
52
star
54

tar-diff

Go
51
star
55

python-podman

Python bindings and code examples for using Varlink access to Podman Service
Python
49
star
56

podman-security-bench

Shell
40
star
57

initoverlayfs

C
39
star
58

selinuxd

A daemon that manages SELinux policies on a filesystem
Go
36
star
59

krunkit

Launch configurable virtual machines with libkrun
Rust
36
star
60

nydus-storage-plugin

A storage plugin that provided CRI-O/Podman with the ability to lazy mount nydus images.
Go
34
star
61

podman-desktop-swift

Swift
34
star
62

appstore

Example directory of Kubernetes YAML and Quadlets tested with Podman
Python
30
star
63

BuildSourceImage

Tool to build a source image based on an existing OCI image
Shell
29
star
64

buildah.io

Repository for the buildah.io web site using GitHub Pages.
HTML
26
star
65

ansible-podman

Ansible podman is a package to allow ansible playbooks to manage podman containers
Python
26
star
66

oci-fetch

Simple command line tool for fetching the Open Container Initiative image format over various transports.
Go
24
star
67

containertoolbx.org

Website for the Toolbx project
CSS
24
star
68

qm

QM is a containerized environment for running Functional Safety qm (Quality Management) software
Shell
22
star
69

libhvee

Special purposed library for Windows HyperV control
Go
21
star
70

automation_images

Shell
21
star
71

containers-image-proxy-rs

containers-image-proxy-rs
Rust
20
star
72

podman-wsl-fedora

Root FS image of Fedora for Podman Machine on Windows
20
star
73

podman-machine-qemu

Qemu build for macOS used by the self-contained `podman machine` installer
Shell
19
star
74

podman-bootc

Go
18
star
75

automation

Automation scripts and configurations common across the containers org. repositories
Shell
15
star
76

podman-machine-wsl-os

WSL OS Images for Podman Machine 5.x - based on Fedora
15
star
77

oci-umount

C
13
star
78

docs

Repository for all documentation written about tools hosted at github.com/containers
Shell
12
star
79

bootable

Ruby
11
star
80

netavark-dhcp-proxy-deprecated

DHCP proxy for Netavark
Rust
11
star
81

image_build

Monorepo menagerie of container images and associated build automation
Shell
11
star
82

podhawk

Python
9
star
83

podman-desktop-catalog

Catalog of extensions of Podman Desktop
7
star
84

validator

C
7
star
85

podman-machine-cni

Go
6
star
86

arty

Arty is a tool for managing OCI Artifacts on OCI Registries.
6
star
87

ocidir-rs

Low level Rust library for working with OCI (opencontainers) directories
Rust
5
star
88

PodmanHello

Podman Hello Image Repository
Dockerfile
4
star
89

.github

The README for the containers organization
4
star
90

automation_sandbox

Test-repository for experimenting with in-repo automation tools/settings.
4
star
91

fetchit-desktop-extension

TypeScript
4
star
92

winquit

golang module that supports graceful shutdown of Windows applications
Go
4
star
93

kubensmnt

Shell
4
star
94

podman-desktop-extension-layers-explorer

An extension for Podman Desktop to explore files in Images layers
TypeScript
4
star
95

podman-desktop-e2e

Podman desktop e2e tests
Go
3
star
96

podman-desktop-extension-minikube

TypeScript
3
star
97

nri-plugins-operator

Makefile
3
star
98

luksy

offline encryption/decryption using LUKS formats
Go
3
star
99

release-keys

2
star
100

ContainerPlumbing

Container Plumbing Conference information.
2
star