Don't bind host docker daemon socket #52
No reviewers
Labels
No Label
duplicate
help wanted
invalid
kind
bug
kind
enhancement
kind
feature
kind
question
proposal
wontfix
No Milestone
No Assignees
5 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/act#52
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "vicamo:for-upstream/dont-bind-host-docker-socket"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Binding host docker daemon socket into executor containers can be a terrible security hole. Don't do this unless explicitly specified through customized mounts.
To exploit this issue, run following test job:
See also discussions on upstream nektos/act project.
I see. I noticed that the outcome of the discussion is keeping unchanged to act. What do you think about act runner?
I think, based on the replies of upstream nektos/act maintainers, I was rushed into a premature pull request like this. It appears the problem lies in an upper level that Gitea's act_runner must be able to be configured as a spwaner to ephemeral execution environments to address such privilege escalation problems all at once. So far nektos/act doesn't have that, and the Draft: LXC support for self-hosted runners PR might be a closest attempt/viable solution.
docker-machine
is supported by GitLab, but Docker.com deprecated it already. Before ephemeral executor being possible, Gitea ACT backend should not ever be used in public/production environments in my opinion. Converting this into an issue or precondition of Gitea ACT backend instead might be a good idea at this moment.It's also possible if Gitea decides to disable host docker socket binding as part of its CI container spec (don't know if this is already covered), then this PR can be useful.
The reason upstream nektos/act has host docker daemon bound is that: 1) GitHub Actions Runner has it, 2) nektos/act is meant for running GitHub Actions yml locally. Neither of them is true for Gitea. Gitea may enforce a more restricted executor environment than GitHub does. And if Gitea takes this way, probably the "self-hosted" feature should be disabled from Gitea's act fork as well.
I think we should fix it but we also need to allow users to add the mapping explicitly.
If you always allow it then it basically cancels all the protection %) it should be disabled if privileged option is disabled in runner config. Also you should remove bind mounts from
jobs.container.volumes
to remove job access to host FS.So this PR is not enough %)
Do Gitea CI really have to support mounting user-specified volumes? In my opinion, host docker daemon socket should never be exposed to job containers even when privileged flags is on. For users trying to build docker images or taking actions that require a docker daemon,
docker:dind
service container should be used, and the only volume shared in between should be work dir. This is also how GitLab CI runner works if I remember correctly.And there are two more hard-coded volumes being mounted:
/toolcache
:/opt/hostedtoolcache
as there is an upstream branch https://github.com/nektos/act/tree/fix-toolcache pointed out. Yet that branch is not yet merged in upstream. Don't know why.rc.jobContainerName() + "-env"
, target/var/run/act
(fromLinuxContainerEnvironmentExtensions.GetActPath()
):I think yes. There are different scenes. For a company/team internal usage, this maybe not a real problem.
Sounds like you want to remove all mounts, here a patch for act. Which makes it impossible to add any kind of mounts. By just removing them before sending the request to docker.
Together with https://github.com/nektos/act/pull/1783 and a list of act-runner labels with
docker://
, only other docker flags can make concerning things.Without opt out this security hardening breaks other workflows. DIND is not really supported for act job container.
I'd like to remove any hard-coded mounts in the source code as possible, especially read-write ones who may live across the job container's life time.
In addition, volume mounts, additional docker options should not be allowed, unless the job was executed inside an ephemeral VM. And since nektos/act is not capable of launching ephemeral VM yet, these features should be disabled when Gitea Actions is launched as is.
I think DIND is currently supported through services container? Except that act currently binds host docker daemon socket into job containers, so docker client would connect to host docker daemon directly.
I think this is outdated. Now there an option from config.
Pull request closed