Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rkt driver disabling of signature validation is too broad #2026

Closed
blalor opened this issue Nov 23, 2016 · 6 comments
Closed

rkt driver disabling of signature validation is too broad #2026

blalor opened this issue Nov 23, 2016 · 6 comments
Labels
theme/driver/rkt type/enhancement

Comments

@blalor
Copy link
Contributor

blalor commented Nov 23, 2016

Nomad v0.5.0
rkt Version: 1.19.0

If a task's trust_prefix is not specified, the rkt driver adds --insecure-options=all to the run command. This is very broad and disables many capabilities that probably aren't intended. From rkt run --help:

      --insecure-options=none		comma-separated list of security features to disable. Allowed values: "none", "image", "tls", "ondisk", "http", "pubkey", "capabilities", "paths", "seccomp", "all-fetch", "all-run", "all"

The various options are documented here.
seccomp and capabilities should not be disabled when trust is not enabled.
@blalor
Copy link
Contributor Author

blalor commented Nov 24, 2016

Unless someone beats me to this, I think I can tackle the fix. I'm considering exposing more of the rkt cli arguments to the driver, beyond the scope of this particular issue. But for this issue, I'm thinking the following might work well:

config {
    image = "example.com/base/go-server:3cfc9529-55"
    insecure_options = ["image","ondisk"]
}

The insecure_options would be orthogonal to any trust settings, which opens the door to allowing the operator to manage trust outside of Nomad, but would require the author of the jobspec to specify the appropriate options.

@dadgar
Copy link
Contributor

dadgar commented Nov 28, 2016

@blalor Sounds good! Love to see some community love for the Rkt driver!

@blalor
Copy link
Contributor Author

blalor commented Nov 28, 2016

Somewhat orthogonal to this specific issue, are there guidelines on changing the schema of a driver's config? Trying to think ahead about the consequences of adding or removing struct fields, or worst-case, what happens if a field changes type.

@dadgar
Copy link
Contributor

dadgar commented Nov 28, 2016

Additions are fine to the schema. With renames a compatibility layer should be added for a release. Deletions are BC and need to be more carefully considered

@kmalec kmalec mentioned this issue Jun 7, 2017
Merged
@tgross
Copy link
Member

tgross commented Dec 20, 2019

Doing some issue cleanup... this issue was fixed by #2695. (And in any event rkt is deprecated at this point!)

@tgross tgross closed this as completed Dec 20, 2019
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
theme/driver/rkt type/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@blalor @dadgar @tgross