Mask some extra paths in gVisor's OCI config

Mask some paths of the outer container in the OCI config of the inner container. This is done to avoid leaking any sensitive information from Podman / Docker / gVisor, since we reuse the same rootfs Refs #1048
freedomofpress · Jan 21, 2025 · 00f37e2 · 00f37e2
1 parent e377e18
commit 00f37e2
Showing 1 changed file with 65 additions and 1 deletion.
diff --git a/dangerzone/container_helpers/entrypoint.py b/dangerzone/container_helpers/entrypoint.py
@@ -59,17 +59,60 @@ def log(message: str, *values: typing.Any) -> None:
     "root": {"path": "/", "readonly": True},
     "hostname": "dangerzone",
     "mounts": [
+        # Mask some system directories of the outer container, by mounting tmpfs on top
+        # of them. This is done to avoid leaking any sensitive information, either
+        # mounted by Podman/Docker, or when gVisor runs, since we reuse the same rootfs.
+        #
+        # Note that we set `--root /home/dangerzone/.containers` for the directory where
+        # gVisor will create files at runtime, which means that in principle, we are
+        # covered by the masking of `/home/dangerzone` that follows below.
+        {
+            "destination": "/boot",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": ["nosuid", "noexec", "nodev", "ro"],
+        },
+        {
+            "destination": "/dev",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": ["nosuid", "noexec", "nodev"],
+        },
+        {
+            "destination": "/media",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": ["nosuid", "noexec", "nodev", "ro"],
+        },
+        {
+            "destination": "/mnt",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": ["nosuid", "noexec", "nodev", "ro"],
+        },
         {
             "destination": "/proc",
             "type": "proc",
             "source": "proc",
         },
         {
-            "destination": "/dev",
+            "destination": "/root",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": ["nosuid", "noexec", "nodev", "ro"],
+        },
+        {
+            "destination": "/run",
             "type": "tmpfs",
             "source": "tmpfs",
             "options": ["nosuid", "noexec", "nodev"],
         },
+        {
+            "destination": "/srv",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": ["nosuid", "noexec", "nodev", "ro"],
+        },
         {
             "destination": "/sys",
             "type": "tmpfs",
@@ -82,6 +125,27 @@ def log(message: str, *values: typing.Any) -> None:
             "source": "tmpfs",
             "options": ["nosuid", "noexec", "nodev"],
         },
+        {
+            "destination": "/var",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": ["nosuid", "noexec", "nodev"],
+        },
+        # Also mask some files that are usually mounted by Docker / Podman. These files
+        # should not contain any sensitive information, since we use the `--network
+        # none` flag, but we want to make sure in any case.
+        {
+            "destination": "/etc/hostname",
+            "type": "bind",
+            "source": "/dev/null",
+            "options": ["rbind", "ro"],
+        },
+        {
+            "destination": "/etc/hosts",
+            "type": "bind",
+            "source": "/dev/null",
+            "options": ["rbind", "ro"],
+        },
         # LibreOffice needs a writable home directory, so just mount a tmpfs
         # over it.
         {