default-validator: allow restricting seccomp policy adjustment.

Implement configurable restrictions for linux seccomp policy
adjustment in the default validator.

Co-authored-by: Mike Brown <brownwm@us.ibm.com>
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>

Author: klihub

pkg/adaptation/adaptation_suite_test.go

@@ -38,6 +38,7 @@ import (
 	"github.com/containerd/nri/pkg/api"
 	"github.com/containerd/nri/pkg/plugin"
 	validator "github.com/containerd/nri/plugins/default-validator/builtin"
+	rspec "github.com/opencontainers/runtime-spec/specs-go"
 )
 
 var _ = Describe("Configuration", func() {
@@ -558,6 +559,24 @@ var _ = Describe("Plugin container creation adjustments", func() {
 
 		case "cgroupspath":
 			a.SetLinuxCgroupsPath("/" + plugin)
+
+		case "seccomp":
+			a.SetLinuxSeccompPolicy(
+				func() *api.LinuxSeccomp {
+					seccomp := rspec.LinuxSeccomp{
+						DefaultAction: rspec.ActAllow,
+						ListenerPath:  "/run/meshuggah-rocks.sock",
+						Architectures: []rspec.Arch{},
+						Flags:         []rspec.LinuxSeccompFlag{},
+						Syscalls: []rspec.LinuxSyscall{{
+							Names:  []string{"sched_getaffinity"},
+							Action: rspec.ActNotify,
+							Args:   []rspec.LinuxSeccompArg{},
+						}},
+					}
+					return api.FromOCILinuxSeccomp(&seccomp)
+				}(),
+			)
 		}
 
 		return a, nil, nil
@@ -812,6 +831,26 @@ var _ = Describe("Plugin container creation adjustments", func() {
 					},
 				},
 			),
+			Entry("adjust seccomp policy", "seccomp",
+				&api.ContainerAdjustment{
+					Linux: &api.LinuxContainerAdjustment{
+						SeccompPolicy: func() *api.LinuxSeccomp {
+							seccomp := rspec.LinuxSeccomp{
+								DefaultAction: rspec.ActAllow,
+								ListenerPath:  "/run/meshuggah-rocks.sock",
+								Architectures: []rspec.Arch{},
+								Flags:         []rspec.LinuxSeccompFlag{},
+								Syscalls: []rspec.LinuxSyscall{{
+									Names:  []string{"sched_getaffinity"},
+									Action: rspec.ActNotify,
+									Args:   []rspec.LinuxSeccompArg{},
+								}},
+							}
+							return api.FromOCILinuxSeccomp(&seccomp)
+						}(),
+					},
+				},
+			),
 		)
 	})
 
@@ -1141,6 +1180,104 @@ var _ = Describe("Plugin container creation adjustments", func() {
 		})
 	})
 
+	When("the default validator is enabled and seccomp policy adjustment is disabled", func() {
+		BeforeEach(func() {
+			s.Prepare(
+				&mockRuntime{
+					options: []nri.Option{
+						nri.WithDefaultValidator(
+							&validator.DefaultValidatorConfig{
+								Enable:              true,
+								RejectSeccompPolicy: true,
+							},
+						),
+					},
+				},
+				&mockPlugin{idx: "00", name: "foo"},
+				&mockPlugin{idx: "10", name: "validator1"},
+				&mockPlugin{idx: "20", name: "validator2"},
+			)
+		})
+
+		It("should reject OCI Hook injection", func() {
+			var (
+				create = func(_ *mockPlugin, _ *api.PodSandbox, ctr *api.Container) (*api.ContainerAdjustment, []*api.ContainerUpdate, error) {
+					a := &api.ContainerAdjustment{}
+					if ctr.GetName() == "ctr1" {
+						a.SetLinuxSeccompPolicy(
+							func() *api.LinuxSeccomp {
+								seccomp := rspec.LinuxSeccomp{
+									DefaultAction: rspec.ActAllow,
+									ListenerPath:  "/run/meshuggah-rocks.sock",
+									Architectures: []rspec.Arch{},
+									Flags:         []rspec.LinuxSeccompFlag{},
+									Syscalls: []rspec.LinuxSyscall{{
+										Names:  []string{"sched_getaffinity"},
+										Action: rspec.ActNotify,
+										Args:   []rspec.LinuxSeccompArg{},
+									}},
+								}
+								return api.FromOCILinuxSeccomp(&seccomp)
+							}(),
+						)
+					}
+					return a, nil, nil
+				}
+
+				validate = func(_ *mockPlugin, _ *api.ValidateContainerAdjustmentRequest) error {
+					return nil
+				}
+
+				runtime = s.runtime
+				plugins = s.plugins
+				ctx     = context.Background()
+
+				pod = &api.PodSandbox{
+					Id:        "pod0",
+					Name:      "pod0",
+					Uid:       "uid0",
+					Namespace: "default",
+				}
+				ctr0 = &api.Container{
+					Id:           "ctr0",
+					PodSandboxId: "pod0",
+					Name:         "ctr0",
+					State:        api.ContainerState_CONTAINER_CREATED,
+				}
+				ctr1 = &api.Container{
+					Id:           "ctr1",
+					PodSandboxId: "pod0",
+					Name:         "ctr1",
+					State:        api.ContainerState_CONTAINER_CREATED,
+				}
+			)
+
+			plugins[0].createContainer = create
+			plugins[1].validateAdjustment = validate
+			plugins[2].validateAdjustment = validate
+
+			s.Startup()
+			podReq := &api.RunPodSandboxRequest{Pod: pod}
+			Expect(runtime.RunPodSandbox(ctx, podReq)).To(Succeed())
+
+			ctrReq := &api.CreateContainerRequest{
+				Pod:       pod,
+				Container: ctr0,
+			}
+			reply, err := runtime.CreateContainer(ctx, ctrReq)
+			Expect(reply).ToNot(BeNil())
+			Expect(err).To(BeNil())
+
+			ctrReq = &api.CreateContainerRequest{
+				Pod:       pod,
+				Container: ctr1,
+			}
+			reply, err = runtime.CreateContainer(ctx, ctrReq)
+			Expect(err).ToNot(BeNil())
+			Expect(reply).To(BeNil())
+		})
+	})
+
 	When("the default validator is enabled with some required plugins", func() {
 		const AnnotationDomain = plugin.AnnotationDomain
 		BeforeEach(func() {

plugins/default-validator/default-validator.go

@@ -33,8 +33,17 @@ import (
 type DefaultValidatorConfig struct {
 	// Enable the default validator plugin.
 	Enable bool `yaml:"enable" toml:"enable"`
-	// RejectOCIHooks fails validation if any plugin injects OCI hooks.
-	RejectOCIHooks bool `yaml:"rejectOCIHooks" toml:"reject_oci_hooks"`
+	// RejectOCIHookAdjustment fails validation if OCI hooks are adjusted.
+	RejectOCIHookAdjustment bool `yaml:"rejectOCIHookAdjustment" toml:"reject_oci_hook_adjustment"`
+	// RejectRuntimeDefaultSeccompAdjustment fails validation if a runtime default seccomp
+	// policy is adjusted.
+	RejectRuntimeDefaultSeccompAdjustment bool `yaml:"rejectRuntimeDefaultSeccompAdjustment" toml:"reject_runtime_default_seccomp_adjustment"`
+	// RejectUnconfinedSeccompAdjustment fails validation if an unconfined seccomp policy is
+	// adjusted.
+	RejectUnconfinedSeccompAdjustment bool `yaml:"rejectUnconfinedSeccompAdjustment" toml:"reject_unconfined_seccomp_adjustment"`
+	// RejectCustomSeccompAdjustment fails validation if a custom seccomp policy (aka LOCALHOST)
+	// is adjusted.
+	RejectCustomSeccompAdjustment bool `yaml:"rejectCustomSeccompAdjustment" toml:"reject_custom_seccomp_adjustment"`
 	// RequiredPlugins list globally required plugins. These must be present
 	// or otherwise validation will fail.
 	// WARNING: This is a global setting and will affect all containers. In
@@ -88,6 +97,11 @@ func (v *DefaultValidator) ValidateContainerAdjustment(ctx context.Context, req
 		return err
 	}
 
+	if err := v.validateSeccompPolicy(req); err != nil {
+		log.Errorf(ctx, "rejecting adjustment: %v", err)
+		return err
+	}
+
 	if err := v.validateRequiredPlugins(req); err != nil {
 		log.Errorf(ctx, "rejecting adjustment: %v", err)
 		return err
@@ -101,7 +115,7 @@ func (v *DefaultValidator) validateOCIHooks(req *api.ValidateContainerAdjustment
 		return nil
 	}
 
-	if !v.cfg.RejectOCIHooks {
+	if !v.cfg.RejectOCIHookAdjustment {
 		return nil
 	}
 
@@ -121,6 +135,40 @@ func (v *DefaultValidator) validateOCIHooks(req *api.ValidateContainerAdjustment
 	return fmt.Errorf("%w: %s attempted restricted OCI hook injection", ErrValidation, offender)
 }
 
+func (v *DefaultValidator) validateSeccompPolicy(req *api.ValidateContainerAdjustmentRequest) error {
+	if req.Adjust == nil {
+		return nil
+	}
+
+	owner, claimed := req.Owners.SeccompPolicyOwner(req.Container.Id)
+	if !claimed {
+		return nil
+	}
+
+	profile := req.Container.GetLinux().GetSeccompProfile()
+	switch {
+	case profile == nil || profile.GetProfileType() == api.SecurityProfile_UNCONFINED:
+		if v.cfg.RejectUnconfinedSeccompAdjustment {
+			return fmt.Errorf("%w: plugin %s attempted restricted "+
+				" unconfined seccomp policy adjustment", ErrValidation, owner)
+		}
+
+	case profile.GetProfileType() == api.SecurityProfile_RUNTIME_DEFAULT:
+		if v.cfg.RejectRuntimeDefaultSeccompAdjustment {
+			return fmt.Errorf("%w: plugin %s attempted restricted "+
+				"runtime default seccomp policy adjustment", ErrValidation, owner)
+		}
+
+	case profile.GetProfileType() == api.SecurityProfile_LOCALHOST:
+		if v.cfg.RejectCustomSeccompAdjustment {
+			return fmt.Errorf("%w: plugin %s attempted restricted "+
+				" custom seccomp policy adjustment", ErrValidation, owner)
+		}
+	}
+
+	return nil
+}
+
 func (v *DefaultValidator) validateRequiredPlugins(req *api.ValidateContainerAdjustmentRequest) error {
 	var (
 		container = req.GetContainer().GetName()