Your message dated Fri, 22 Aug 2025 14:00:53 -0700
with message-id
<CAHnKnK0LpEyOtRnTFcVK3Z1+Efsn6Tt_cqLd=9sutlmy4rx...@mail.gmail.com>
and subject line Re: Bug#1111831: docker.io: running some containers changes
the host system (isolation failure)
has caused the Debian Bug report #1111831,
regarding docker.io: running some containers changes the host system (isolation
failure)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111831: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111831
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: docker.io
Version: 26.1.5+dfsg1-9+b9
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
I acquired the image quay.io/ansible-community/test-image:debian-13-trixie
which is basically a trixie with some things preinstalled so it can be used
for testing Ansible collections.
When I run the latter…
$ ansible-test integration --docker
quay.io/ansible-community/test-image:debian-13-trixie --python 3.13
--docker-privileged -v $mytestname
… I get messages from the systemd running inside the image (!) in my host
kernel log (dmesg) (!), and it switches X11 off temporarily (!!!!).
I probably need to explain the latter. I normally log in on the emulated
text console, then do things like start the network (select the WLAN to
use), then run “exec startx”. This makes it so that when I press Ctrl-Alt-F2
it switches to the second text console, and Ctrl-Alt-F1 switches back to
the first one which X11 is now overlaying (used to be that startx runs the
X server on Ctrl-Alt-F7 instead and Ctrl-Alt-F1 showed the X server’s output).
When I start these tests, the text console “below” the X server is shown.
I switch to Ctrl-Alt-F2 and back to Ctrl-Alt-F1 and get my X session back,
but this is… majorly confusing.
If I run…
$ docker run --privileged --rm -it
quay.io/ansible-community/test-image:debian-13-trixie
… I get more systemd logs in my host syslog, even about things like it
changing sysctls like kernel.core_pattern.
I’m not sure what the exact amount of bleed-through (isolation failure) is,
as I’m not normally a Docker user and no kernel or container expert, but
this is definitely something someone ought to look into. If it’s not an
exploitable issue (other than syslog/klog spoofing), feel free to downgrade
severity.
FWIW, without --privileged I just get…
| Failed to set RLIMIT_CORE: Operation not permitted
| Failed to mount tmpfs (type tmpfs) on /run (MS_NOSUID|MS_NODEV|MS_STRICTATIME
"mode=0755,size=20%,nr_inodes=800k"): Operation not permitted
| [!!!!!!] Failed to mount API filesystems.
| Exiting PID 1...
… but in my (admittedly limited) exposure to Docker on buster/bullseye
I’ve never seen things like that happen even with it.
-- System Information:
Debian Release: 13.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.41+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages docker.io depends on:
ii adduser 3.152
ii containerd 1.7.24~ds1-6+b4
ii init-system-helpers 1.68
ii iptables 1.8.11-2
ii libc6 2.41-12
ii libsystemd0 257.7-1
ii runc 1.1.15+ds1-2+b4
ii sysvinit-utils 3.14-4
ii tini 0.19.0-3+b3
Versions of packages docker.io recommends:
pn apparmor <none>
ii ca-bundle [ca-certificates] 20190604
pn dbus-user-session <none>
ii docker-cli 26.1.5+dfsg1-9+b9
ii git 1:2.47.2-0.2
ii needrestart 3.11-1
ii xz-utils 5.8.1-1
Versions of packages docker.io suggests:
pn aufs-tools <none>
pn btrfs-progs <none>
pn cgroupfs-mount <none>
pn debootstrap <none>
pn docker-doc <none>
ii e2fsprogs 1.47.2-3+b3
pn rinse <none>
pn rootlesskit <none>
pn xfsprogs <none>
pn zfs-fuse | zfsutils-linux <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
On Fri, 22 Aug 2025 at 08:53, Thorsten Glaser <[email protected]> wrote:
> I acquired the image quay.io/ansible-community/test-image:debian-13-trixie
> which is basically a trixie with some things preinstalled so it can be used
> for testing Ansible collections.
>
> When I run the latter…
>
> $ ansible-test integration --docker
> quay.io/ansible-community/test-image:debian-13-trixie --python 3.13
> --docker-privileged -v $mytestname
>
> … I get messages from the systemd running inside the image (!) in my host
> kernel log (dmesg) (!), and it switches X11 off temporarily (!!!!).
>
> I probably need to explain the latter. I normally log in on the emulated
> text console, then do things like start the network (select the WLAN to
> use), then run “exec startx”. This makes it so that when I press Ctrl-Alt-F2
> it switches to the second text console, and Ctrl-Alt-F1 switches back to
> the first one which X11 is now overlaying (used to be that startx runs the
> X server on Ctrl-Alt-F7 instead and Ctrl-Alt-F1 showed the X server’s output).
>
> When I start these tests, the text console “below” the X server is shown.
> I switch to Ctrl-Alt-F2 and back to Ctrl-Alt-F1 and get my X session back,
> but this is… majorly confusing.
>
> If I run…
>
> $ docker run --privileged --rm -it
> quay.io/ansible-community/test-image:debian-13-trixie
>
> … I get more systemd logs in my host syslog, even about things like it
> changing sysctls like kernel.core_pattern.
>
> I’m not sure what the exact amount of bleed-through (isolation failure) is,
> as I’m not normally a Docker user and no kernel or container expert, but
> this is definitely something someone ought to look into. If it’s not an
> exploitable issue (other than syslog/klog spoofing), feel free to downgrade
> severity.
>
> FWIW, without --privileged I just get…
>
> | Failed to set RLIMIT_CORE: Operation not permitted
> | Failed to mount tmpfs (type tmpfs) on /run
> (MS_NOSUID|MS_NODEV|MS_STRICTATIME "mode=0755,size=20%,nr_inodes=800k"):
> Operation not permitted
> | [!!!!!!] Failed to mount API filesystems.
> | Exiting PID 1...
>
> … but in my (admittedly limited) exposure to Docker on buster/bullseye
> I’ve never seen things like that happen even with it.
While unfortunate, this is definitely "working as designed" -- the way
I'd describe the "--privileged" flag you're using in this context is
"please, Docker, remove ALL security/isolation" and as such it's not
only expected that the container can muck with the host, but a core
feature / the core purpose of the flag.
See also
https://docs.docker.com/engine/containers/run/#runtime-privilege-and-linux-capabilities:
> The --privileged flag gives all capabilities to the container. When the
> operator executes docker run --privileged, Docker enables access to all
> devices on the host, and reconfigures AppArmor or SELinux to allow the
> container nearly all the same access to the host as processes running outside
> containers on the host. Use this flag with caution.
You very, very certainly want a more specific set of "--cap-add" and
"--device" flags if you want even a semblance of security in your
deployment.
♥,
- Tianon
4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
--- End Message ---
