seccomp v0.2.2

What's Changed

• Explicitly block socketcall to prevent AF_ALG filter bypass (#21)

  The socket arg filters only apply to the direct socket(2) syscall. On
  architectures with the legacy socketcall(2) multiplexer (i386 compat on
  amd64, s390 compat on s390x, MIPS o32 compat on MIPS64), libseccomp
  auto-generates a socketcall(SYS_SOCKET) -> ALLOW companion for each socket
  ALLOW rule. This companion only checks the socketcall sub-command number, not
  the address family (behind a pointer BPF cannot dereference), bypassing the
  AF_ALG block for 32-bit binaries.

  An explicit socketcall -> ERRNO(ENOSYS) deny rule is now placed before the
  socket allow rules. ENOSYS must be used instead of EPERM because the deny
  errno must differ from DefaultErrnoRet (EPERM): runc skips calling
  seccomp_rule_add() entirely when a rule's action matches the default action,
  so an EPERM deny is never passed to libseccomp and the auto-generated
  socketcall ALLOW path survives unchallenged. With ENOSYS, runc passes the
  rule through and libseccomp replaces the auto-generated ALLOW path with
  ERRNO(ENOSYS) in the BPF.

  Since Linux 4.3, all affected architectures provide direct socket syscalls and
  modern glibc/musl already use them. Only very old statically-linked 32-bit
  binaries compiled against pre-4.3 glibc would be affected.

Full Changelog: seccomp/v0.2.1...seccomp/v0.2.2

seccomp v0.2.1

What's Changed

• Block AF_ALG sockets in the default seccomp profile

  AF_ALG (address family 38) exposes the Linux kernel crypto API to userspace
  via socket(2). Containers have no legitimate need for this interface under
  the default profile, and leaving it accessible widens the kernel attack surface
  unnecessarily. See copy.fail for a practical demonstration of AF_ALG
  exploitation to achieve container escape.

  The previous socket rule used a single arg0 != AF_VSOCK condition. Adding a
  second OpNotEqual for AF_ALG does not work because seccomp evaluates multiple
  argument conditions within a single rule as a logical AND against the same
  argument index. Instead, the socket allowlist is restructured into three
  range-based rules that cover every domain except AF_ALG (38) and AF_VSOCK (40):

  1. Allow socket when arg0 < 38 (all families below AF_ALG)
  2. Allow socket when arg0 == 39 (the single family between them)
  3. Allow socket when arg0 > 40 (all families above AF_VSOCK)

  Domains 38 and 40 match none of the three rules and fall through to the
  profile's default SCMP_ACT_ERRNO action.

Full Changelog: seccomp/v0.2.0...seccomp/v0.2.1

seccomp v0.2.0

What's Changed

• Apply copyright and licenses headers to source code.
• feat(seccomp): Add support for LoongArch64 architecture.
• seccomp: fix linting issues (errorlint).
• seccomp: remove inSlice in favor of slices.Contains.
• ci: enable GitHub actions and linting.
• ci: pin actions by sha.

Full Changelog: seccomp/v0.1.0...seccomp/v0.2.0

apparmor v0.2.0

What's Changed

• Use AppArmor ABI 3.0

  The AppArmor profile now explicitly sets the AppArmor ABI to 3.0 if available.
  In AppArmor ABI higher than 4.0, "network" no longer includes "network unix",
  resulting in access to unix sockets being denied. We use ABI 3.0 to account
  for some LTS distros that do not yet support ABI 4.0.

  See AppArmor issue 361 and containerd issue 12726.

• Load AppArmor profile without using a temp-file

  When loading the default AppArmor profile, the InstallDefault function
  would write the generated profile to a temporary file. This was a historical
  artifact from moby/moby@2f7596a before which the profile would be persisted
  to disk (in /etc/apparmor.d).

  The temporary file was not necessary, because apparmor_parser also supports
  loading a profile from STDIN (see apparmor_parser(8)).

• Fix whitespace handling for the current profile

  The InstallDefault function reads the profile for the current (daemon)
  process through /proc/self/attr/current, which includes a trailing newline
  which could be included in the generated profile, making it invalid. The
  trailing newline is now trimmed correctly.

  Also fix handling of whitespace as AppArmor profile names are allowed to
  contain spaces when quoted (see apparmor.d(5)). This is a correctness
  fix, as no code is currently known to be using AppArmor profile names
  containing spaces.

Other changes:

• Apply copyright and licenses headers to source code.
• apparmor: add test-coverage for InstallDefault, IsLoaded.
• apparmor: fix whitespace handling in profile names.
• apparmor: add tests for generated template
• apparmor: add "header comment" and cleanup whitespace in generated profile.
• apparmor: improve matching for /proc/<num>.
• apparmor: use "filepath" instead of "path", and fix linting.
• apparmor: align ptrace rule formatting and comment with containerd
• ci: enable GitHub actions and linting.
• ci: pin actions by sha.

Full Changelog: apparmor/v0.1.0...apparmor/v0.2.0

seccomp v0.1.0

This is the initial release of the github.com/moby/profiles/seccomp module.
The code is taken from the github.com/moby/moby/profiles/seccomp package
at commit e1281f09fceec4aab518267c319a7bd4c79cf3c5.

Full Changelog: https://github.com/moby/profiles/commits/seccomp/v0.1.0

apparmor v0.1.0

This is the initial release of the github.com/moby/profiles/apparmor module.
The code is taken from the github.com/moby/moby/profiles/apparmor package
at commit e1281f09fceec4aab518267c319a7bd4c79cf3c5.