DRAFT GNIP 101 : Reduce docker attack surface #12769
Labels
docker
Issues specific to GeoNode docker or GeoNode SPC
gnip
A GeoNodeImprovementProcess Issue
needs further investigation
Issue or reason for specific behaviour needs further investigation
Comments
gannebamm
added
gnip
|
Thanks Florian! I remember a PSC thread regarding this topic some time ago. Rootles would be great, if I remember correclty I cut permissions with AppAmor in one project. Will see what has been done there … maybe something can be reused. Even if not requested my +1! Thanks! |
|
+1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
GNIP 101 - Improving Docker Security
To PSC: There is nothing to vote upon, yet
Overview
According to docker security pages (https://docs.docker.com/engine/security/) using docker with default settings does provide an attack surface. The basic approach to lower the attack surface is to enable rootless processes inside the containers. The GeoNode docker composition currently uses the root user for starting the container processes. Disabling root and adding other security related functionality could significantly reduce the attack surface.
Proposed By
Florian Hoedt, Thünen-Institute
Assigned to Release
This proposal is not yet scheduled for a release.
State
Motivation
An upcoming talk about GeoNode in production at FOSS4G 2024 which will cover topics like:
sparked my interesst. I see that improving the current security model is an important task but also one which requires an substential amount of ressources. I created this GNIP as an invitation to the downstream project to contribute to the main project. I see people like @cmotadev working on that. Maybe he can post some links to the downstream project´s github as a reference how to achieve the above mentioned goals.
Proposal
The options to achieve the mentioned goal are manifold. The fist level of reducing the attack surface is to enable rootless docker for the containers as done in the geoSGB use-case described above.
Backwards Compatibility
Currently, the amount of changes is not yet known. If those changes do not effect the django code but solely how docker containers are started they could be backwards compatible. If django code needs changes the work of backporting those is likely to big.
Future evolution
Apart from using podman and a rootless docker we could implement AppArmor profiles per container to further reduce the attack surface. An example of this for an nginx container is listed here.
Feedback
Update this section with relevant feedbacks, if any.
Voting
Project Steering Committee:
The text was updated successfully, but these errors were encountered: