►
Description
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CRI-O: Deep Diving into the Security - Sascha Grunert, SUSE & Daniel Walsh, Red Hat
Container Runtime security is one of the most important aspects of the Kubernetes ecosystem. Runtimes have to ensure that all security constraints provided by the end-users are met on the system, as well as provide strong defaults for less experienced users. CRI-O is a container runtime that prides itself in its focus on security and safe defaults. In this talk Dan Walsh and Sascha Grunert will dive deep into CRI-O’s security principles. They will present common container workload securing practices and demonstrate how the container runtime will apply those to the target system. The talk will cover best practices in SELinux, AppArmor, seccomp, Linux capabilities and namespace isolation techniques which make Kubernetes based end-user applications more secure. At the end of the talk, they will also cover a general overview of the current status of container runtime security.
https://sched.co/ZexY
A
A
So
generally,
we
have
to
talk
a
little
bit
about
how
we
want
to
have
container
security
in
terms
of
actual
kubernetes,
and
things
like
that.
After
that,
I
would
like
to
talk
a
little
bit
about
how
we
secure
container
images
and,
for
example,
container
signing
in
container
encryption,
and
after
that
we
can
speak
about
actual
container
security
features
like
linux
capabilities,
segcomp,
selinux
and
also
app
armor.
A
A
So
basic
container
security
principles.
First
of
all,
yeah.
We
have
to
choose
the
right
amount
of
isolation
when
it
comes
to
securing
a
container
workload,
and
this
can
be
very
hard
because
we
have
to
deal
with
different
kind
of
layers
of
container
security
like
we
have
security
in
run
times
like
run
c,
and
we
have
also
security
in
terms
for
cryo,
for
example,
and
on
top
of
that,
we
also
have
to
speak
about
container
security
in
conjunction
with
kubernetes.
A
So
we
have
to
speak
about
features
like
how
to
utilize
seconds
linux
and
even
app
armor
to
make
our
workloads
more
secure
by
default.
So
this
basically
means
that
container
workloads
have
to
run
with
the
least
possible
privileges.
So,
but
this
doesn't
only
apply
to
container
to
running
containers.
It
also
applies
to
container
images,
so
they
have
to
be
secured
as
well,
and
the
container
content,
for
example,
for
example,
the
default
execution
parameters
of
the
container
images
can
be
reduced
to
reduce
the
actual
attack
surface
from
a
container
runtime.
A
So
distributing
container
images
should
also
happen
in
a
secure
fashion,
so
we
have
to
deal
with
container
encryption
and
also
container
signing,
but
what
is
actually
a
privileged
container?
So
we
have,
I
found
multiple
definitions
of
across
different
projects
like
kubernetes
and
docker,
so
privileged
containers
have
most
of
root
capabilities
on
the
host
machine,
so,
for
example,
if
we
speak
about
kubernetes,
then
the
pod
sandbox
shares
the
network
pit
and
the
ipc
namespaces
of
the
host
a
running
privileged
containers
also
disables
features
like
app
armor,
zek,
comp
and
linux
capabilities
at
all.
A
A
A
A
We
also
may
want
to
disable
the
privilege
escalation
to
forbid
that
higher
privileges
can
be
accessed
by
the
parent
browsers.
This
is
on
by
default
and
I
can
just
recommend
to
turn
it
off
and
then
we
can
also
apply
a
zaccom
profile.
The
most
container
runtimes
come
with
a
default.com
profile,
but
if
we
we
are
able
to
actually
specify
a
custom
segment
profile
for
our
workload,
then
we
can
drop
even
more
capabilities
or
can
also
drop
even
more.
A
This
calls
we
can
also
consider
adding
app
and
app
armor
or
the
linux
profile
to
the
to
the
actual
workload,
for
example
this
kind
of
overlaps
with
setcomp.
But
if
we
speak
about
app
armor,
then
we
are
able
to
yeah
limit
access
to
their
different
paths
inside
of
the
container
as
well,
and
on
top
of
that,
we
can
also
enable
root.
Only
root
file
systems
read
only
root
file
systems
from
a
pod
level.
A
It's
just
a
great
security
enhancement
as
well
and
yeah
on
and
on.
I
must
say
that
reducing
the
attack
surface
of
a
single
workload
is
more
or
less
a
try
and
error
approach,
so
we
can
not
be
sure
in
every
case
that
the
workload
still
works
as
intended.
If
we
just
drop
some
capabilities,
for
example.
A
So,
but
there
is
more
than
just
securing
the
workload,
so
we
have
different
kubernetes
features.
On
top
of
that
which
should
be
taken
into
consideration.
So,
for
example,
we
can
use
service
accounts,
cluster
roles
or
names
based
roles
and
cluster
rule
bindings
or
namespace
rule
bindings
to
strip
down
the
possibilities
the
application
has
per
default.
A
Besides
that,
we
also
have
some
other
security
hardening
possibilities
on
a
note
level
in
kubernetes,
for
example,
container
image
signing
features
and
like
enabled
image,
signing
cryo
and
enabled
image.
Encryption
in
cryo
will
reduce
that
possible
attack
surface
when
it
comes
to
man-in-the-middle
attacks,
for
example,
then
the
container
images
can
yeah
can
can
be
encrypted
as
well,
and
we
can
also
access
limited
access
to
lcd
and,
for
example,
we
can
also
encrypt
secrets
at
rest
level,
and
there
are
many
more
features
which
are
a
little
bit
out
of
scope
of
this
talk
for
now.
A
So
let's
focus
a
little
bit
on
the
cryo
perspective
from
the
cryo
container
on
time
perspective,
and
so
the
first
thing
so
container
images
signing
and
encryption
in
cryo
works
out
of
the
box.
We
added
some.
The
new
configuration
option,
which
can
be
specified
via
the
decryption
keys
path,
is
an
option
in
which
defaults
to
etc,
cryo
keys,
and
if
we
put
our
keys
into
that
directory,
then
cryo
supports
oci
image
encryption.
This
encrypted
images
are
usually
visible
via
the
media
type
plus
encrypted
and
pulling
designed.
A
A
B
A
Stick
store
will
be
used.
Signature
storage
will
be
used
when
we
actually
design
those
images,
so
they
will
be
put
in
there,
and
we
also
have
two
other
files
where
we
can
specify
container
registries
and
signature
storage
locations
which
are
served
from
an
https
endpoint
and,
for
example,
for
registry.opensuse.org.
A
We
have
specified
a
signature,
storage,
radio,
c
opensuse.org
six
store
to
enforce
a
policy
like
that.
We
can
write
a
policy
json
file.
For
example.
We
can
specify
that
in
that
json
file,
where
our
transport
docker
is
specified,
and
then
we
enforce
on
registry.opensuse.org,
add
gpg
and
encrypt
that
key
and
the
key
path
is
can
be
distributed,
for
example
by
the
distribution
itself,
and
in
our
case
it's
the
public
key
from
registry.opensuse.org
and
yeah.
If
we
now
pull
a
container
image
from
registry.opensuse.org,
then
we
can
have
a
look.
A
Have
a
look
into
the
cryologs
and,
for
example,
here
we
can
see
that
cryo
automatically
tries
to
access
the
signature,
storage
and
also
down
automatically
downloads
the
signatures
for
the
container
images
layer,
and
this
usually
works
in
a
couple
of
seconds,
and
now
we
are
done.
We
downloaded
the
image
and
yeah.
If
we,
for
example,
now
consider
removing
that
image
again
and
yeah
just
for
demonstration
purposes,
we
move
the
gpg
key
to
a
different
location,
and
then
we
try
to
pull
the
container
image
again.
A
A
A
A
Yes,
all
right,
so
now
we
get
an
error
message
that
none
of
the
signatures
were
accepted,
so
the
regular
gpg
keys
or
try.
It
doesn't
work
at
all
because
it's
not
existing,
but
even
if
the
gpg
key
is
not
valid
or
not
valid
for
our
signed
image,
then
we
would
get
a
different
or
a
similar
error
message
that
it's
not
possible
to
download
the
image
at
all.
Now,
let
me
just
move
it.
I
can
do
it
later
on.
A
So
then,
let's
talk
a
little
bit
about
running,
secure
workloads
with
cryo
and
secomp,
so
setcomp
graduated
graduated
to
general
availability
in
kubernetes
1.19,
which
should
not
well.
It
should
be
released
in
the
next
couple
of
days.
If
we
speak
about
kubecon
europe,
and
previously
this
will
be
would
be
handled
via
pod
annotations
and
from
1
19
on
we
have
a
dedicated
field
on
the
pod
security
context
or
on
the
security
context
on
the
container
level.
A
This
means
that
we
have
now
a
security
context,
then
zaccom
profile.
Then
we
can
specify
a
type
like
runtime
default
or
localhost
or
unconfined,
and
if
we
specify
localhost,
then
we
can
also
set
the
localhost
profile
to
a
local
profile.
So
those
local
profiles
will
be
looked
up
in
the
cubelet
into
the
cubelet
directory,
which
should
be
usually
wallet,
cubelet,
it's
the
cubelet
root
and
then
slash
secomp.
So
if
we
put
the
profile
into
that
directory,
then
we
can
usually
reference
them
directly
via
myprofilename.json.
A
A
Then
we
specify
our
security
context
and
our
zaccom
profile
in
our
case
runtime
default,
so
cryo
ships
a
default
con
second
profile,
which
is
included
in
the
cryo
binary
and
but
also
with
some
distributions
distributed
via
a
file
called
an
etc
container.
Second
json.
Well,
this
is
a
pretty
pretty
good
setcom
profile,
but
you
can
see.
For
example,
we
have
some.
This
calls
which
are
allowed
by
default
and
not
every
application
may
need
all
those.
This
calls
to
be
executed
in
the
in
a
normal
way,
but
let's
try
it
out.
A
Just
let's
create
our
nginx
deployment
and
the
containers
are
now
in
container,
creating
state
and
now
they
are
running
and
if
we
run
cry
ctlps
to
get
an
idea
about
which
containers
are
running.
So
we
have
both
here
and
everyone
try
ctl
inspect,
and
then
we
can
specify
the
container
id.
Then
we
can
see
that
the
whole.
A
A
A
A
B
A
So,
let's
what
other
options
do
we
have
to
actually
secure
our
workloads?
So
the
next
thing
I
would
like
to
talk
to
you
about
is
app
armor,
so
app
armor
is
still
a
better
feature
in
kubernetes,
but
we
also
try
to
also
consider
to
move
it
to
ga
very
soon,
maybe
in
120
or
121,
and
right
now
we
have
to
handle
via
pod
annotations.
A
So
we
have
to
specify
an
annotation
at
the
port
level,
which
is
called
container.app.armor.security.beta,
and
then
we
have
to
reference
the
container
name
and
the
profile
ref,
and
this
profile
ref
can
be
run
time
default.
It
can
be
also
localhost
profile,
name
like
we
do
in
seccomp,
and
then
we
can
also
set
it
to
unconfined,
which
disables
the
feature
at
all.
A
Delete
my
second
workload
and
app
armor
works
a
little
bit
different
than
zaccom,
so
app
armor
profiles
are
usually
stored
in
memory
and
to
I
created
a
profile
called
container
engine
x
and
etc,
app
rmod
and
every
profile
in
etc.
App
on
modi
will
be
automatically
loaded
if
I
boot
up
the
system
because
app
only
starts
automatically
so
this
profile
looks
like
this
and
we
can't
or
we
don't
only
have
to
can
limit
network
restrictions
to
the
to
the
actual
workload.
A
A
A
A
And
if
we
look,
we
take
another
look
at
the
profile,
then
we
can
see
that
we
can't
access
yeah,
slash
spin
there,
so
I'm
just
rooting
to
that
in
that
container.
So
I
can,
I
usually
have
root
level
access.
I
can
create
directories
like
test
and
I
can't
go
into
bin
and
create
their
directories
like
test
yeah
and
it
says
permission
delight
and
usually
the
audit
log
and
do
it
does
give
us
an
indicator.
A
Audit
log
give
us
an
indicator
about
what
actually
happened
on
the
system
and
we
can
there
we
can
see.
For
example,
there
is
an
audit
log
for
nginx
and
we
try
to
create
yeah
our
root
level
directory
test
and
this
actually
works
all
right.
So
that's
it
from
my
demo
for
app
armor
and
now
I
would
like
to
hand
over
to
dan
who
speaks
about
capabilities.
B
B
So
the
the
interesting
thing
about
containers-
and
this
this
was
sort
of
developed
by
docker
a
long
time
ago.
Is
they
figured
out
that
you
could
run
almost
all
workloads
by
default
with
you
know,
just
a
small
group
of
the
capabilities,
so
the
power
route
was
broken
into
37
different
capabilities,
but
actually
docker
sort
of
standardized
on
14
capabilities
that
it
ran
for
containers,
and
we
sort
of
you
know
latched
into
that,
and
most
container
engines
now
have
settled
on
those
14
capabilities.
B
The
the
problem
with
those
14
capabilities
is
nobody
knows
what
they
are
right.
So
it's
sort
of
you
know
you
you,
even
even
I
who
deal
with
this
a
lot.
I
couldn't
probably
answer
tests
and
get
all
14
right.
So
what
what
I
have
done
is
I've
actually
looked
and
so
here
that
here
are
the
14
capabilities
that
are
allowed
by
default
in
most
container
engines.
But
when
I
sit
down
look
at
these,
I
look,
you
know
what
is
the
history
of
some
of
these?
B
You
know
why
why
these
on
so,
for
instance,
this
one
is
audit
right
and
audit
right
his
ability
to
write
to
the
auditing
subsystem.
So
sasha
showed
you,
you
know
looking
at
app
armor
errors
in
an
audit
log.
So
this
the
auto
right
allows
you
to
modify
parts
of
the
auditing
system
to
be
able
to
manipulate
the
auditing
system.
B
B
The
next
one
I
want
to
look
at
is
make
node
so
make
node
is
a
capability
that
allows
you
to
create
device
nodes
inside
of
containers.
So
you
know,
but
again
you
know
when
we
look
at
cryo
and
kubernetes
we're
looking
at
running
containers
in
production,
and
you
really
don't
want
to
allow
containers
to
create
random
device
nodes.
B
What
we
want
is
the
container
engine
to
create
the
device
nodes
and
not
allow
them
to
just
create
random
device
nodes
on
their
own,
but
we
allow
this
by
default
and
the
reason
we
did
that
is
because
originally
people
were
doing
lots
of
installs
and
builds
and
and
certain
packages,
I
believe
from
ubuntu.
You
know
actually
created
device
nodes
during
the
installation
procedure,
and
so
really
you
know
when
we're
running
containers
of
production,
we're
not
building
container
images,
we're
not
installing
rpms
we're
you
know.
So
why
do
we
need
make
node
on
by
default?
B
The
next
one
I
want
to
talk
about
is
net
raw
and
that
rar
is
a
capability
that
allows
you
to
create
any
type
of
ip
packet,
so
tcp
icmp,
any
type
of
ip
packet
can
be
created
and
then
put
out
on
the
on
the
vpn
and
the
problem
with
this.
Is
it
really
gives
an
incredible
amount
of
power
and
and
has
led
to
some
escapes
where
people
were
able
to
break
out
of
the
virtual
private
network
by
forming
packets
in
certain
way
and
and
the
real
reason
for
net
raw
being
on
by
default?
B
Is
that
so
people
could
actually
execute
the
ping
command?
So
when
I
execute
a
ping
command,
I
created
an
icmp
packet
and
and
put
it
over.
So
when
I
went
into
a
container
I'd
want
to
create
that.
So
again,
it's
it's
an
incredibly
powerful
capability
that
really
we
don't
need
on
by
default,
especially
for
containers
in
production
and
and
the
linux
kernel
has
other
ways
of
running,
allowing
you
to
create
icmp
packets.
B
So
you
can
continue
to
ping,
so
we
actually,
you
know,
enable
that
by
default
in
cryo,
instead
of
net
raw
and
then
the
last
one
is
sister
root
and
systrood
is
a
capability
that
allows
you
to
create
a
route
inside
of
a
container.
But
you
know
a
container
is
really
kind
of
a
super
powerful
to
root.
So
why
you
know
most
people
aren't
creating
roots
inside
of
containers.
So
why
do
we
allow
that
by
default?
B
So
so
when
in
cryo,
what
we've
done
is
we've
looked
at
this
original
list
and
we
basically
said:
let's,
let's
get
rid
of
some
of
these
ones
that
are
less
less
necessary
and
and
we're
able
to
run
almost
all
of
our
containers
without
these
four
capabilities.
So
we
can
drop
down
to
you
know
just
basically
nine
or
ten
capabilities
that
we
run
by
default
for
our
containers
when
you're
running
it
as
root
the
next
thing
and
obviously-
and
you
know
if
capabilities
are
fully
available
inside
of
kubernetes.
B
So
if
you
do
find
a
container
that
needs
additional
capabilities
or
something
that's
not
allowed
by
default,
then
you
can,
you
know,
add
those
capabilities
through
your
your
kubernetes
yaml
file.
So
you
know
we
can
override
those.
If,
if
you
need
them,
but
really
you
know
at
base
level,
we
want
to
run
everything
as
as
tightly
as
possible
from
a
container
point
of
view.
B
The
external
part
of
the
container,
but
the
really
great
thing
about
sc
linux
is
that
just
about
every
type
of
file
system
breakout
when
the
process
is
able
to
break
out
of
the
container
and
get
to
the
host
or
attack.
Other
containers
has
been
blocked
by
sc
linux
out
of
the
box,
so
quickly
people,
you
know,
tend
not
to
really
understand
what
sc
linux
is
and
a
few
years
ago
I
wrote
a
coloring
book
on
that
and
I'll
just
go
through
it
real,
quick
and
try
to
sort
of
explain.
B
B
So
every
object
every
you
know,
directory
file
system.
Everything
on
the
system
is,
is
labeled,
you
know
with
you
know,
a
label,
and
basically
we
have
label
is
cat
food
and
we
label
it.
One
is
dog
food
and
then
we
write
rules
into
the
lace
kernel
that
basically
says
allow
a
cat
process
to
eat
cat
food
and
allow
a
dog
process
to
eat
dog
food,
and
the
basic
idea
here
is
that
everything
that
isn't
allowed
is
denied,
and
this
is
really
exactly
what
an
esee
linux
rule
looks
like
when
ridden
to
the
container.
B
If
that
content
is
labeled
as
container
content
or
container
files,
then
it
will
be
blocked
by
default
and
that's
how
essie
linux
is
blocking.
All
the
you
know,
potential
escapes
of
file
system
escapes
and
in
containers,
so
those
are
sort
of
the
hard-coded
built-in
tools
that
we
talked
about
your
setcomp
capabilities,
se,
linux
and
app
armor,
and
some
of
the
other
features
that
sasha
talked
well.
B
So
what
happens?
If
you
need
root
inside
of
a
container,
you
know
and
what
happens
if
you
need
more
than
one
uid
and
some
use
cases
where
this
becomes
important?
Is
things
like
building
container
images,
so
most
people
that
do
builds
inside
of
kubernetes
right
now
need
to
have
root
or
need
to
have
multiple
uids
inside
of
the
container,
so
they
end
up
having
to
run
privileged
containers
or
they
end
up
having
to
do
things
like
leak,
the
docker
socket
or
some
other
container
engine
socket
in
and
basically
break
break
out
of
confinement.
B
B
Pull
request
is
to
allow
us
to
basically
run
different
containers,
different
workloads
that
require
root
or
multiple
uids,
to
be
able
to
run
as
root
inside
of
the
container,
but
if
they
break
out
they're
treated
as
like
non-root
on
the
rest
of
the
system,
and
we've
enabled
that
from
the
top
you
know
from
the
highest
level
you
know
in
in
cryo
all
the
way
down
to
container
storage
and
with
handling
some
of
the
re-labels
and
images.
So
this
is
a
really
cool
feature.
That's
going
to
be
coming
very
soon
to
cryosystems.
A
B
So
one
of
the
questions
earlier
was
talking
about
basically
talking
about
an
exploit
loud
because
of
cape
cap.
Make
node-
and
I
you
know
said
in
the
talk
cap-
make
node
should
really
be
turned
off
by
default.
Is
there's
almost
no
reason
for
that
to
be
on,
and
if
you
need
additional
capabilities
for
your
containers,
then
you
can
specify
that
in
the
kubernetes
gmo
file.
B
B
B
B
A
One
question
is:
what
is
the
relationship
between
docker
and
cryo?
So
does
it
work
as
the
same
as
an
as
it
does
in
potmen,
yeah,
cryo
and
potman
share
common
source
code
and
dedicated
libraries,
so
all
security
patterns
which
apply
to
potman
should
also
apply
to
cryo,
and
there
is
not
that
big
relationship
to
docker
anymore,
but,
for
example,
if
we
look
at
a
default
second
profile,
then
we
can
just
say
that
historically,
it
has
been
inherited
by
docker.
Yes,
that's
it's
a
historical
relationship.
B
Yeah,
the
main
comparison
between
docker
and
and
cryo
is
around
container
engine
container
images,
so
grio
and
darker
both
support,
what's
called
oci
images,
and
so,
if
the
input
so
anything
that
exists
at
any
container
registry,
you
know
dr
io
quay
dot.
Io
auto
factory
is
supported
because
there's
a
standard
around
one
of
the
container
images
and
also
the
way
we
launch
containers.
We
also
use
a
standard
called
the
oci
runtime
specification.
B
I
am
both
using
right
now
run
c
for
launching
containers.
So
the
way
you
the
containers
on
the
input
and
the
containers
on
you
know
when
you
execute
them,
are
both
run
the
same
exact
way
between
docker
and
cryo.
So
therefore
they
can
support
all
of
the
same
content
and
podman
as
well.
We've
just
been
notified
that
we're
running
out
of
time.
Now
we
will
be
available
on
the
slack
channel
to
answer
any
other
questions
that
people
have
or
if
we
didn't
get
to
a
question
here,
just
ask
it
on
the
slack
channel.