containers/bubblewrap containers/bubblewrap

  • Stars
    star
    3,601
  • Rank 11,738 (Top 0.3 %)
  • Language
    C
  • License
    Other
  • Created about 8 years ago
  • Updated 27 days ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
containers/bubblewrap
github

containers

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Low-level unprivileged sandboxing tool used by Flatpak and similar projects

Bubblewrap

Many container runtime tools like systemd-nspawn, docker, etc. focus on providing infrastructure for system administrators and orchestration tools (e.g. Kubernetes) to run containers.

These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into a fully privileged root shell on the host.

User namespaces

There is an effort in the Linux kernel called user namespaces which attempts to allow unprivileged users to use container features. While significant progress has been made, there are still concerns about it, and it is not available to unprivileged users in several production distributions such as CentOS/Red Hat Enterprise Linux 7, Debian Jessie, etc.

See for example CVE-2016-3135 which is a local root vulnerability introduced by userns. This March 2016 post has some more discussion.

Bubblewrap could be viewed as setuid implementation of a subset of user namespaces. Emphasis on subset - specifically relevant to the above CVE, bubblewrap does not allow control over iptables.

The original bubblewrap code existed before user namespaces - it inherits code from xdg-app helper which in turn distantly derives from linux-user-chroot.

System security

The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.

In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots.

Sandbox security

bubblewrap is a tool for constructing sandbox environments. bubblewrap is not a complete, ready-made sandbox with a specific security policy.

Some of bubblewrap's use-cases want a security boundary between the sandbox and the real system; other use-cases want the ability to change the layout of the filesystem for processes inside the sandbox, but do not aim to be a security boundary. As a result, the level of protection between the sandboxed processes and the host system is entirely determined by the arguments passed to bubblewrap.

Whatever program constructs the command-line arguments for bubblewrap (often a larger framework like Flatpak, libgnome-desktop, sandwine or an ad-hoc script) is responsible for defining its own security model, and choosing appropriate bubblewrap command-line arguments to implement that security model.

Users

This program can be shared by all container tools which perform non-root operation, such as:

We would also like to see this be available in Kubernetes/OpenShift clusters. Having the ability for unprivileged users to use container features would make it significantly easier to do interactive debugging scenarios and the like.

Installation

bubblewrap is available in the package repositories of the most Linux distributions and can be installed from there.

If you need to build bubblewrap from source, you can do this with meson or autotools.

meson:

meson _builddir
meson compile -C _builddir
meson install -C _builddir

autotools:

./autogen.sh
make
sudo make install

Usage

bubblewrap works by creating a new, completely empty, mount namespace where the root is on a tmpfs that is invisible from the host, and will be automatically cleaned up when the last process exits. You can then use commandline options to construct the root filesystem and process environment and command to run in the namespace.

There's a larger demo script in the source code, but here's a trimmed down version which runs a new shell reusing the host's /usr.

bwrap \
    --ro-bind /usr /usr \
    --symlink usr/lib64 /lib64 \
    --proc /proc \
    --dev /dev \
    --unshare-pid \
    --new-session \
    bash

This is an incomplete example, but useful for purposes of illustration. More often, rather than creating a container using the host's filesystem tree, you want to target a chroot. There, rather than creating the symlink lib64 -> usr/lib64 in the tmpfs, you might have already created it in the target rootfs.

Sandboxing

The goal of bubblewrap is to run an application in a sandbox, where it has restricted access to parts of the operating system or user data such as the home directory.

bubblewrap always creates a new mount namespace, and the user can specify exactly what parts of the filesystem should be visible in the sandbox. Any such directories you specify mounted nodev by default, and can be made readonly.

Additionally you can use these kernel features:

User namespaces (CLONE_NEWUSER): This hides all but the current uid and gid from the sandbox. You can also change what the value of uid/gid should be in the sandbox.

IPC namespaces (CLONE_NEWIPC): The sandbox will get its own copy of all the different forms of IPCs, like SysV shared memory and semaphores.

PID namespaces (CLONE_NEWPID): The sandbox will not see any processes outside the sandbox. Additionally, bubblewrap will run a trivial pid1 inside your container to handle the requirements of reaping children in the sandbox. This avoids what is known now as the Docker pid 1 problem.

Network namespaces (CLONE_NEWNET): The sandbox will not see the network. Instead it will have its own network namespace with only a loopback device.

UTS namespace (CLONE_NEWUTS): The sandbox will have its own hostname.

Seccomp filters: You can pass in seccomp filters that limit which syscalls can be done in the sandbox. For more information, see Seccomp.

If you are not filtering out TIOCSTI commands using seccomp filters, argument --new-session is needed to protect against out-of-sandbox command execution (see CVE-2017-5226).

Related project comparison: Firejail

Firejail is similar to Flatpak before bubblewrap was split out in that it combines a setuid tool with a lot of desktop-specific sandboxing features. For example, Firejail knows about Pulseaudio, whereas bubblewrap does not.

The bubblewrap authors believe it's much easier to audit a small setuid program, and keep features such as Pulseaudio filtering as an unprivileged process, as now occurs in Flatpak.

Also, @cgwalters thinks trying to whitelist file paths is a bad idea given the myriad ways users have to manipulate paths, and the myriad ways in which system administrators may configure a system. The bubblewrap approach is to only retain a few specific Linux capabilities such as CAP_SYS_ADMIN, but to always access the filesystem as the invoking uid. This entirely closes TOCTTOU attacks and such.

Related project comparison: Sandstorm.io

Sandstorm.io requires unprivileged user namespaces to set up its sandbox, though it could easily be adapted to operate in a setuid mode as well. @cgwalters believes their code is fairly good, but it could still make sense to unify on bubblewrap. However, @kentonv (of Sandstorm) feels that while this makes sense in principle, the switching cost outweighs the practical benefits for now. This decision could be re-evaluated in the future, but it is not being actively pursued today.

Related project comparison: runc/binctr

runC is currently working on supporting rootless containers, without needing setuid or any other privileges during installation of runC (using unprivileged user namespaces rather than setuid), creation, and management of containers. However, the standard mode of using runC is similar to systemd nspawn in that it is tooling intended to be invoked by root.

The bubblewrap authors believe that runc and systemd-nspawn are not designed to be made setuid, and are distant from supporting such a mode. However with rootless containers, runC will be able to fulfill certain usecases that bubblewrap supports (with the added benefit of being a standardised and complete OCI runtime).

binctr is just a wrapper for runC, so inherits all of its design tradeoffs.

What's with the name?!

The name bubblewrap was chosen to convey that this tool runs as the parent of the application (so wraps it in some sense) and creates a protective layer (the sandbox) around it.

(Bubblewrap cat by dancing_stupidity)

More Repositories

1

podman

Podman: A tool for managing OCI containers and pods.
Go
21,713
star
2

skopeo

Work with remote images registries - retrieving information, images, signing content
Go
7,355
star
3

buildah

A tool that facilitates building OCI images.
Go
7,003
star
4

youki

A container runtime written in Rust
Rust
5,793
star
5

podman-compose

a script to run docker-compose.yml using podman
Python
4,567
star
6

podman-desktop

Podman Desktop - A graphical tool for developing on containers and Kubernetes
TypeScript
4,145
star
7

crun

A fast and lightweight fully featured OCI runtime and C library for running containers
C
2,759
star
8

toolbox

Tool for interactive command line environments on Linux
Shell
2,284
star
9

krunvm

Create microVMs from OCI images
Rust
1,315
star
10

image

Work with containers' images
Go
822
star
11

libkrun

A dynamic library providing Virtualization-based process isolation capabilities
Rust
655
star
12

storage

Container Storage Library
Go
522
star
13

podman-tui

Podman Terminal UI
Go
494
star
14

fuse-overlayfs

FUSE implementation for overlayfs
C
476
star
15

netavark

Container network stack
Rust
457
star
16

udica

This repository contains a tool for generating SELinux security profiles for containers
Python
425
star
17

conmon

An OCI container runtime monitor.
C
395
star
18

composefs

a file system for mounting container images
C
368
star
19

build

another build tool for container images (archived, see https://github.com/rkt/rkt/issues/4024)
Go
341
star
20

quadlet

C
330
star
21

oci-seccomp-bpf-hook

OCI hook to trace syscalls and generate a seccomp profile
Go
280
star
22

podman.io_old

Repository for podman.io website using GitHub Pages.
CSS
259
star
23

bootc

Boot and upgrade via container images
Rust
250
star
24

ansible-podman-collections

Repository for Ansible content that can include playbooks, roles, modules, and plugins for use with the Podman tool
Python
233
star
25

container-selinux

SELinux policy files for Container Runtimes
Roff
227
star
26

podman-py

Python bindings for Podman's RESTful API
Python
215
star
27

gvisor-tap-vsock

A new network stack based on gVisor
Go
212
star
28

dnsname

name resolution for containers
Go
178
star
29

oci-spec-rs

OCI Runtime, Image and Distribution Spec in Rust
Rust
173
star
30

common

Location for shared common files in github.com/containers repos.
Go
161
star
31

conmon-rs

An OCI container runtime monitor written in Rust
Rust
157
star
32

aardvark-dns

Authoritative dns server for A/AAAA container records. Forwards other request to host's /etc/resolv.conf
Rust
151
star
33

docker-lvm-plugin

Docker volume plugin for LVM volumes
Go
148
star
34

virtcontainers

A Go package for building hardware virtualized container runtimes
Go
140
star
35

containrs

General purpose container library
Rust
122
star
36

ocicrypt

Encryption libraries for Encrypted OCI Container images
Go
121
star
37

fetchit

FetchIt is used to manage the life cycle and configuration of Podman containers
Go
109
star
38

prometheus-podman-exporter

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information.
Go
105
star
39

bluechi

Bluechi is a systemd service controller intended for multi-node environments with a predefined number of nodes and with a focus on highly regulated ecosystems such as those requiring functional safety.
C
96
star
40

crun-vm

An OCI Runtime that enables Podman, Docker, and Kubernetes to run VM images.
Rust
78
star
41

Demos

Repository is a location of user demos for technologies listed on github.com/containers
Shell
77
star
42

shortnames

Shortnames project is collecting registry alias names for shortnames to fully specified container image names.
Python
66
star
43

libkrunfw

A dynamic library bundling the guest payload consumed by libkrun
C
59
star
44

psgo

A ps(1) AIX-format compatible golang library
Go
56
star
45

python-podman

Python bindings and code examples for using Varlink access to Podman Service
Python
50
star
46

nri-plugins

A collection of community maintained NRI plugins
Go
48
star
47

libocispec

a C library for accessing OCI runtime and image spec files
Python
47
star
48

tar-diff

Go
46
star
49

selinuxd

A daemon that manages SELinux policies on a filesystem
Go
37
star
50

podman-desktop-swift

Swift
34
star
51

podman.io

The new podman.io design project
TypeScript
33
star
52

podman-security-bench

Shell
33
star
53

initoverlayfs

C
32
star
54

nydus-storage-plugin

A storage plugin that provided CRI-O/Podman with the ability to lazy mount nydus images.
Go
30
star
55

buildah.io

Repository for the buildah.io web site using GitHub Pages.
HTML
27
star
56

BuildSourceImage

Tool to build a source image based on an existing OCI image
Shell
26
star
57

ansible-podman

Ansible podman is a package to allow ansible playbooks to manage podman containers
Python
26
star
58

oci-fetch

Simple command line tool for fetching the Open Container Initiative image format over various transports.
Go
23
star
59

podman-wsl-fedora

Root FS image of Fedora for Podman Machine on Windows
22
star
60

containertoolbx.org

Website for the Toolbx project
CSS
20
star
61

appstore

Example directory of Kubernetes YAML and Quadlets tested with Podman
Python
18
star
62

automation_images

Shell
17
star
63

containers-image-proxy-rs

containers-image-proxy-rs
Rust
17
star
64

qm

QM is a containerized environment for running Functional Safety qm (Quality Management) software
Shell
17
star
65

libhvee

Special purposed library for Windows HyperV control
Go
16
star
66

podman-machine-qemu

Qemu build for macOS used by the self-contained `podman machine` installer
Shell
16
star
67

oci-umount

C
13
star
68

docs

Repository for all documentation written about tools hosted at github.com/containers
Shell
12
star
69

automation

Automation scripts and configurations common across the containers org. repositories
Shell
12
star
70

netavark-dhcp-proxy-deprecated

DHCP proxy for Netavark
Rust
11
star
71

podman-desktop-extension-bootc

Support for bootable OS containers (bootc) and generating disk images
TypeScript
9
star
72

podhawk

Python
9
star
73

podman-machine-cni

Go
6
star
74

podman-desktop-catalog

Catalog of extensions of Podman Desktop
6
star
75

validator

C
6
star
76

arty

Arty is a tool for managing OCI Artifacts on OCI Registries.
6
star
77

automation_sandbox

Test-repository for experimenting with in-repo automation tools/settings.
Shell
4
star
78

kubensmnt

Shell
4
star
79

podman-desktop-e2e

Podman desktop e2e tests
Go
3
star
80

.github

The README for the containers organization
3
star
81

fetchit-desktop-extension

TypeScript
3
star
82

podman-desktop-extension-minikube

TypeScript
2
star
83

release-keys

2
star
84

podman-wsl-fedora-arm

Fedora ARM distribution for Podman Machine on WSL
2
star
85

ContainerPlumbing

Container Plumbing Conference information.
2
star
86

bootable

Ruby
2
star
87

nri-plugins-operator

Makefile
2
star
88

luksy

offline encryption/decryption using LUKS formats
Go
2
star
89

PodmanHello

Podman Hello Image Repository
Dockerfile
1
star
90

containers.github.io

HTML
1
star
91

winquit

golang module that supports graceful shutdown of Windows applications
Go
1
star
92

podman-installer

1
star
93

ai-lab-recipes

ai-studio-recipes
1
star