Skip to content

Commit 3dccfc1

Browse files
docs: add runtime prerequisites and AppArmor compatibility notes for hardened mode
1 parent d9607b3 commit 3dccfc1

1 file changed

Lines changed: 18 additions & 5 deletions

File tree

docs/deployment-modes.md

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -58,9 +58,22 @@ csc run contract.json policy.yaml \
5858
### Requirements
5959

6060
- Linux only (rejects other platforms at startup)
61-
- `bwrap`, `setpriv`, `prlimit` must be on PATH
62-
- Receipt signing is mandatory (`--sign --signing-key --key-id`)
63-
- Container should be started with `--network=none` for host-level isolation
61+
- `bwrap`, `setpriv`, and `prlimit` must be on `PATH`
62+
- Receipt signing is mandatory in hardened mode (`--sign --signing-key --key-id`)
63+
- For the tested containerized deployment shape, the outer container should be started with `--network=none` as host-level defense in depth
64+
65+
### Runtime Prerequisites
66+
67+
Hardened mode requires a **compatible Linux runtime**. Not all Linux environments support the namespace operations that bubblewrap requires.
68+
69+
- **User namespaces** must be available to the runtime
70+
- **Some Ubuntu/AppArmor-restricted environments** may block `bwrap --unshare-net` with errors such as `RTM_NEWADDR: Operation not permitted`
71+
- **Restrictive seccomp profiles** may prevent namespace creation
72+
- **Container runtimes** must allow the namespace features bubblewrap uses; not all Docker/Podman configurations do so by default
73+
74+
If `bwrap --unshare-net` is blocked by the host or runtime, that environment is **not currently supported** for hardened mode.
75+
76+
The shipped Docker image and CI workflow document the tested configuration. Deployments outside that configuration require operator verification.
6477

6578
### What It Provides
6679

@@ -147,7 +160,7 @@ The pilot claim is bounded: **Linux, filesystem-bounded local/CI execution, no n
147160

148161
### Container runtime dependency
149162

150-
bubblewrap requires the host/container runtime to support the namespace features it uses. Restrictive seccomp profiles or disabled user namespaces can prevent bwrap from functioning. The hardened pilot is tested against the shipped container image only.
163+
bubblewrap requires the host/container runtime to support the namespace features it uses. Some Ubuntu/AppArmor-restricted environments, restrictive seccomp profiles, or disabled user namespaces can prevent bwrap from functioning. If `bwrap --unshare-net` fails, that environment is not supported for hardened mode. The hardened pilot is tested against the shipped container image and CI workflow only.
151164

152165
### Approval replay prevention is process-local
153166

@@ -161,4 +174,4 @@ A signed receipt proves integrity and signer identity. It does not by itself pro
161174

162175
> CSC hardened mode is safe enough for bounded production use in Linux-based, filesystem-bounded local/CI execution workflows without network access, under the documented trust assumptions and deployment constraints.
163176
164-
This claim applies only to the tested container image running in hardened mode with `--network=none`. It does not extend to arbitrary Linux hosts, other operating systems, or deployment configurations not covered by the integration test suite.
177+
This claim applies only to the tested container image and CI workflow configuration. It does not extend to arbitrary Linux hosts, other operating systems, or deployment configurations not covered by the integration test suite.

0 commit comments

Comments
 (0)