The container runs a local host server for use in a browser and is untrusted for development reasons. It needs to be treated as an advanced black hat. Its primary goal is recon and sending critical information via advanced connectionless protocols of unknown type. While extremely unlikely, it should be assumed to have access to proprietary systems and keys such as Intel ME and a UEFI shim of some sort. It may also use an otherwise trusted connection such as common git host, CDN, or DNS to communicate. It tries to access everything possible, key logger, desktop GUI, kernel logs, everything.
What is the Occam’s Razor of solutions that best fit the constraints in your opinion? Other than the current solution of air gap.
You must log in or # to comment.
Put it in a VM and firewall it off? Including the hypervisor, if you think it’d be capable of a VM escape.
Distrobox is design to be the opposite of confined. Its goal is integration. The container is stripped away as much as possible to allow for sharing host resources.
As it says on the Distrobox website:
Security implications
Isolation and sandboxing are not the main aims of the project, on the contrary it aims to tightly integrate the container with the host. The container will have complete access to your home, pen drive, and so on, so do not expect it to be highly sandboxed like a plain docker/podman container or a Flatpak.
I would also argue calling “plain docker/podman container or a Flatpak” being “highly sandboxed” is also quite wrong and a misuse of those technology.
It uses Docker/Podman which is not a security sandbox. The purpose is app containers, not a security boundary. It shares the sane kernel as the host, which makes kernel vulnerabilities a source of container escapes. Docker (the default) runs as root and could be a source of privilege escalation. Best case is use gVisor or SELinux. Still not a secure sandbox.
Similar problems with Flatpak. Not a secure sandbox. Doesn’t filter syscalls, barely reduces attack surface, granting frequently required permissions often significantly reduces the strength of the sandbox, shares a kernel with the host (and no application kernel like gVisor or sydbox), weak use MAC (like SELinux). Most of this can also be said of the previous 2 container software (and also LXC/LXD/Incus).
Also, don’t use browsers with Flatpak, they have a significantly weaker sandbox because it is missing a layer of sandboxing (namespaces). This makes attack exponential more likely by reducing the need chain another major vulnerability to execute a successful sandbox break.
What you want is a VM. It is designed to be a secure sandbox but needs some configuring.
Flatpak sandboxing uses bubblewrap, which uses seccomp and can filter syscalls.
LXD/Incus can run qemu-kvm virtual machines in addition to containers. In fact, I like the security posture of LXD/Incus better here because they use cgroups, namespaces, seccomp, to sandbox the qemu process, which libvirt also does but proxmox does not.
Yes, I understand Flatpak does some seccomp syscall filtering. It still isn’t enough to consider a secure sandbox where the threat model is that the app is untrusted. Bubblewrap is generally considered a weak sandbox and isn’t “secure by default”, allowing for easy footguns.
LXC/Incus does support proper VMs but it isnt as common.
Neither are really designed to run untrusted apps.
Thanks for your reply. The point here is not about the merits of distrobox for security. This is a constraint that is not easily changed. It is only an element present, not an implementation of sandboxing.
I am looking for the best method that is hopefully less complicated than a systemwide SELinux policy plus Pam and Groups.
If anything, the distrobox is an added issue due to the nobody user.
I guess I just don’t understand your question. Explain in more detail.
- Who is the threat actor? (State, APT, Hackivist, etc)
- What is their goal (what do they want)? (Money, data, persistent access, blackmail)
- What tools do they have?
Really think about the Ws (who, what, where, when, how).
If you want to protect against an “advanced” threat actor, you can not do that without multiple layers of isolation, including but not limited to virtualization, MAC (SELinux), namespaces, seccomp.
All protections are meaningless without a clear understanding of what assets you are protecting, the threat you face, and they want from you.
