kata: don't add storage for implicit VOLUME mounts

burgerdev · burgerdev · commit 635b471ddbb5 · 2025-07-08T21:34:47.000+02:00
diff --git a/packages/by-name/kata/kata-runtime/0026-genpolicy-don-t-allow-mount-storage-for-declared-VOL.patch b/packages/by-name/kata/kata-runtime/0026-genpolicy-don-t-allow-mount-storage-for-declared-VOL.patch
@@ -0,0 +1,162 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Markus Rudy <mr@edgeless.systems>
+Date: Mon, 30 Jun 2025 11:18:47 +0200
+Subject: [PATCH] genpolicy: don't allow mount/storage for declared VOLUMEs
+
+Signed-off-by: Markus Rudy <mr@edgeless.systems>
+---
+ src/tools/genpolicy/genpolicy-settings.json  | 12 -----
+ src/tools/genpolicy/src/mount_and_storage.rs | 55 --------------------
+ src/tools/genpolicy/src/settings.rs          |  1 -
+ src/tools/genpolicy/src/yaml.rs              | 19 +++----
+ 4 files changed, 8 insertions(+), 79 deletions(-)
+
+diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
+index 4cf7504ff9d4ef42b1dec5fe39781c7ead2fb0b2..62db4a2a4d74c3593b0f5064a093a9f6de6920ea 100644
+--- a/src/tools/genpolicy/genpolicy-settings.json
++++ b/src/tools/genpolicy/genpolicy-settings.json
+@@ -206,18 +206,6 @@
+                 "rprivate",
+                 "ro"
+             ]
+-        },
+-        "image_volume": {
+-            "mount_type": "bind",
+-            "mount_source": "$(sfprefix)",
+-            "driver": "local",
+-            "source": "local",
+-            "fstype": "bind",
+-            "options": [
+-                "rbind",
+-                "rprivate",
+-                "rw"
+-            ]
+         }
+     },
+     "mount_destinations": [
+diff --git a/src/tools/genpolicy/src/mount_and_storage.rs b/src/tools/genpolicy/src/mount_and_storage.rs
+index 3e9376e77562f9e18d7160859377175e12ca783d..87de0fb6aa27284e43fa23746b379fb778005ee9 100644
+--- a/src/tools/genpolicy/src/mount_and_storage.rs
++++ b/src/tools/genpolicy/src/mount_and_storage.rs
+@@ -377,58 +377,3 @@ fn get_downward_api_mount(yaml_mount: &pod::VolumeMount, p_mounts: &mut Vec<poli
+         });
+     }
+ }
+-
+-pub fn get_image_mount_and_storage(
+-    settings: &settings::Settings,
+-    p_mounts: &mut Vec<policy::KataMount>,
+-    storages: &mut Vec<agent::Storage>,
+-    destination: &str,
+-) {
+-    // https://github.com/kubernetes/examples/blob/master/cassandra/image/Dockerfile
+-    // has a volume mount starting with two '/' characters:
+-    //
+-    // CASSANDRA_DATA=/cassandra_data
+-    // VOLUME ["/$CASSANDRA_DATA"]
+-    let mut destination_string = destination.to_string();
+-    while destination_string.contains("//") {
+-        destination_string = destination_string.replace("//", "/");
+-    }
+-    debug!("get_image_mount_and_storage: image dest = {destination}, dest = {destination_string}");
+-
+-    for mount in &mut *p_mounts {
+-        if mount.destination == destination_string {
+-            debug!(
+-                "get_image_mount_and_storage: mount {destination_string} already defined by YAML"
+-            );
+-            return;
+-        }
+-    }
+-
+-    let settings_image = &settings.volumes.image_volume;
+-    debug!(
+-        "get_image_mount_and_storage: settings for container image volumes: {:?}",
+-        settings_image
+-    );
+-
+-    storages.push(agent::Storage {
+-        driver: settings_image.driver.clone(),
+-        driver_options: Vec::new(),
+-        source: settings_image.source.clone(),
+-        fstype: settings_image.fstype.clone(),
+-        options: settings_image.options.clone(),
+-        mount_point: destination_string.clone(),
+-        fs_group: protobuf::MessageField::none(),
+-        special_fields: ::protobuf::SpecialFields::new(),
+-    });
+-
+-    let file_name = Path::new(&destination_string).file_name().unwrap();
+-    let name = OsString::from(file_name).into_string().unwrap();
+-    let source = format!("{}{name}$", &settings_image.mount_source);
+-
+-    p_mounts.push(policy::KataMount {
+-        destination: destination_string,
+-        type_: settings_image.fstype.clone(),
+-        source,
+-        options: settings_image.options.clone(),
+-    });
+-}
+diff --git a/src/tools/genpolicy/src/settings.rs b/src/tools/genpolicy/src/settings.rs
+index b7f0515d17c1607985676c178b72b48ae9e38ece..fdd69c70d05f137dcbee328e8ffe95ac9291df68 100644
+--- a/src/tools/genpolicy/src/settings.rs
++++ b/src/tools/genpolicy/src/settings.rs
+@@ -35,7 +35,6 @@ pub struct Volumes {
+     pub emptyDir_memory: EmptyDirVolume,
+     pub configMap: ConfigMapVolume,
+     pub confidential_configMap: ConfigMapVolume,
+-    pub image_volume: ImageVolume,
+ }
+ 
+ /// EmptyDir volume settings loaded from genpolicy-settings.json.
+diff --git a/src/tools/genpolicy/src/yaml.rs b/src/tools/genpolicy/src/yaml.rs
+index 938dc64437f4ff4a2b9daf969a01059f5155e50b..0c2ca5921151b385b5873c90dfe12021bde43c1f 100644
+--- a/src/tools/genpolicy/src/yaml.rs
++++ b/src/tools/genpolicy/src/yaml.rs
+@@ -27,6 +27,7 @@ use crate::volume;
+ 
+ use async_trait::async_trait;
+ use core::fmt::Debug;
++use std::collections::BTreeSet;
+ use log::debug;
+ use protocols::agent;
+ use serde::{Deserialize, Serialize};
+@@ -290,6 +291,7 @@ pub fn get_container_mounts_and_storages(
+     settings: &settings::Settings,
+     volumes_option: &Option<Vec<volume::Volume>>,
+ ) {
++    let mut mountPaths = BTreeSet::new();
+     if let Some(volumes) = volumes_option {
+         if let Some(volume_mounts) = &container.volumeMounts {
+             for volume in volumes {
+@@ -302,24 +304,19 @@ pub fn get_container_mounts_and_storages(
+                             volume,
+                             volume_mount,
+                         );
++                        mountPaths.insert(volume_mount.mountPath.clone());
+                     }
+                 }
+             }
+         }
+     }
+ 
+-    // Add storage and mount for each volume defined in the docker container image
+-    // configuration layer.
++    // Check that all VOLUME declarations have corresponding volume mounts.
+     if let Some(volumes) = &container.registry.config_layer.config.Volumes {
+-        for volume in volumes {
+-            debug!("get_container_mounts_and_storages: {:?}", &volume);
+-
+-            mount_and_storage::get_image_mount_and_storage(
+-                settings,
+-                policy_mounts,
+-                storages,
+-                volume.0,
+-            );
++        let volumePaths: BTreeSet<_> = volumes.keys().cloned().collect();
++        let uncoveredPaths: Vec<String> = volumePaths.difference(&mountPaths).cloned().collect();
++        if uncoveredPaths.len() > 0 {
++            panic!("The following volumes declared in image config don't have corresponding Kubernetes mounts: {uncoveredPaths:?}");
+         }
+     }
+ }
diff --git a/packages/by-name/kata/kata-runtime/package.nix b/packages/by-name/kata/kata-runtime/package.nix
@@ -166,6 +166,12 @@ buildGoModule (finalAttrs: {
       # This patch makes genpolicy conform to a bug in containerd that leads to ignored additional GIDs.
       # Upstream PR: https://github.com/kata-containers/kata-containers/pull/11358.
       ./0025-genpolicy-ignore-groups-with-same-name-as-user.patch
+
+      # Don't add storages for volumes declared in the image config.
+      # This fixes a security issue where the host is able to write untrusted content to paths
+      # under these volumes, by failing the policy generation if volumes without mounts are found.
+      # TODO(burgerdev): open upstream issue after disclosure.
+      ./0026-genpolicy-don-t-allow-mount-storage-for-declared-VOL.patch
     ];
   };
 
