Skip to content

Commit cafc273

Browse files
committed
Add documentation on default AppArmor profile.
1 parent 44b33e3 commit cafc273

2 files changed

Lines changed: 14 additions & 1 deletion

File tree

.vscode/settings.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,33 +3,41 @@
33
"aarch",
44
"cgroupfs",
55
"cgroupfs's",
6+
"chroots",
67
"codeeval",
78
"CREAT",
9+
"Dangerzone's",
810
"directfs",
911
"EGID",
1012
"esac",
1113
"EUID",
14+
"filesystems",
1215
"flac",
1316
"followlinks",
1417
"getegid",
1518
"geteuid",
1619
"getpid",
1720
"gotmp",
21+
"Lockdown",
1822
"maxsplit",
1923
"mountinfo",
2024
"newcgroup",
2125
"preexec",
2226
"procs",
2327
"Protip",
28+
"ptrace",
2429
"pydantic",
2530
"rbind",
2631
"RDWR",
2732
"sandboxing",
33+
"selftest",
2834
"SHLVL",
35+
"subcontainers",
2936
"subfile",
3037
"subfiles",
3138
"syscall",
3239
"UNSTARTED",
33-
"urandom"
40+
"urandom",
41+
"webui"
3442
]
3543
}

docs/setup.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,10 @@ The below is the minimal subset of changes that `--privileged=true` does that is
5252
* On **Docker**: Add `--mount=type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false` to `docker run`.
5353
* On **Kubernetes**: Add a [`hostPath` volume](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) with `path` set to `/sys/fs/cgroup`, then mount it in your container's `volumeMounts` with options `mountPath` set to `/sys/fs/cgroup` and `readOnly` set to `false`.
5454
* **Why**: This is needed so that gVisor can create child [cgroups](https://en.wikipedia.org/wiki/Cgroups), necessary to enforce per-sandbox resource usage limits.
55+
* Remove the container's default **AppArmor profile**:
56+
* On **Docker**: Add `--security-opt=apparmor=unconfined` to `docker run`.
57+
* On **Kubernetes**: Set [`spec.securityContext.appArmorProfile.type`](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-apparmor-profile-for-a-container) to `Unconfined`.
58+
* **Why**: By default, the capability to `mount` filesystems are blocked by the [container runtime's default AppArmor profile](https://github.com/moby/moby/blob/96ea6e0f9bed4b6936f4b266b207100812aec0b7/profiles/apparmor/template.go#L45). In order to sandbox itself, gVisor uses [`pivot_root(2)`](https://www.man7.org/linux/man-pages/man2/pivot_root.2.html)s to restrict its own view of the filesystem. For this to work, it needs a minimal set of mounted filesystems to exist in that view, hence needing to `mount` them there.
5559
* **Set the `container_engine_t` SELinux label**:
5660
* On **Docker**: Add `--security-opt=label=type:container_engine_t` to `docker run`.
5761
* On **Kubernetes**: Set [`spec.securityContext.seLinuxOptions.type`](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#assign-selinux-labels-to-a-container) to `container_engine_t`.
@@ -70,6 +74,7 @@ For example, here is a Docker invocation running the `run_code.py` script inside
7074
$ git clone https://github.com/EtiennePerot/open-webui-code-execution && \
7175
docker run --rm \
7276
--security-opt=seccomp=unconfined \
77+
--security-opt=apparmor=unconfined \
7378
--security-opt=label=type:container_engine_t \
7479
--mount=type=bind,source="$(pwd)/open-webui-code-execution",target=/selftest \
7580
ghcr.io/open-webui/open-webui:main \

0 commit comments

Comments
 (0)