fix(podman): harden sandbox callbacks#2111
Conversation
|
/ok to test 74eb820 |
| const VOLUME_PREFIX: &str = "openshell-sandbox-"; | ||
|
|
||
| /// Secret name prefix for per-sandbox gateway JWTs. | ||
| const TOKEN_SECRET_PREFIX: &str = "openshell-token-"; |
There was a problem hiding this comment.
Do secret names allow "namespacing"? (i.e. would something like token.openshell/ be valid)?
| pub gateway_tls_enabled: bool, | ||
| /// Whether gateway callbacks are protected by an auth mechanism. | ||
| #[serde(skip)] | ||
| pub gateway_callback_auth_enabled: bool, |
There was a problem hiding this comment.
nit: I would assume that these gateway-specific properties are shared across other drivers. Does it make sense to embed them in a struct?
| uid: 0, | ||
| gid: 0, |
There was a problem hiding this comment.
UID=0 and GID=0 are the defaults. Also, does this need to be readable by any other users? (we only specified ro when this was handled as a mount).
|
@maxamillion, is the use of Podman secrets separate from the callback changes? If so, could we pull the secret changes into a separate PR? They independently fix the containerized gateway token-path problem, while the callback changes affect broader behavior—for example, automatically selecting a host interface and exposing the full gateway service on the additional listener. Separating them would make both changes easier to review and test. |
|
@elezar yes, but that change is also related to fixes for issue ticket I referenced so I wasn't sure if I should break it out or leave them combined. I'm happy to split them if preferred. |
I definitely have some thoughts on the callback changes, but don't want to block the secret changes on those, so splitting them out may be cleaner. |
Pass gateway bind, TLS, and client certificate auth context into the Podman driver so rootless pasta callbacks use only bindability-checked listener addresses. Require TLS client certificate authentication before enabling the automatic non-loopback callback listener. Gateway JWT and OIDC alone do not protect the full listener surface exposed on host interfaces. Update callback listener tests and documentation to reflect the tightened protection boundary. Signed-off-by: Adam Miller <admiller@redhat.com>
74eb820 to
411fc1f
Compare
Summary
Fix Podman sandbox callbacks for containerized and rootless pasta deployments. Sandbox JWTs now use Podman secrets instead of host bind-mounted token files, and loopback-bound host gateways can add a protected callback listener for rootless pasta without binding the primary listener to every interface.
Related Issue
Fixes #1909
Changes
Testing
mise run pre-commitpassescargo test -p openshell-driver-podman --lib gateway_bind_address -- --nocapturecargo test -p openshell-server --lib rpm_default_config_parses_and_has_podman_defaultscargo test -p openshell-server podman_auto_callback_listener -- --nocapturecargo test -p openshell-server driver_config -- --nocapturepackit srpmandmock -r fedora-44-x86_64ttl.sh/openshell-gateway:devandttl.sh/openshell-supervisor:devChecklist