luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-nomad/client
History
Seth Hoenig 51a2212d3d
client: sandbox go-getter subprocess with landlock (#15328) 
* client: sandbox go-getter subprocess with landlock

This PR re-implements the getter package for artifact downloads as a subprocess.

Key changes include

On all platforms, run getter as a child process of the Nomad agent.
On Linux platforms running as root, run the child process as the nobody user.
On supporting Linux kernels, uses landlock for filesystem isolation (via go-landlock).
On all platforms, restrict environment variables of the child process to a static set.
notably TMP/TEMP now points within the allocation's task directory
kernel.landlock attribute is fingerprinted (version number or unavailable)
These changes make Nomad client more resilient against a faulty go-getter implementation that may panic, and more secure against bad actors attempting to use artifact downloads as a privilege escalation vector.

Adds new e2e/artifact suite for ensuring artifact downloading works.

TODO: Windows git test (need to modify the image, etc... followup PR)

* landlock: fixup items from cr

* cr: fixup tests and go.mod file
 		2022-12-07 16:02:25 -06:00
..
allocdir helpers: lockfree lookup of nobody user on unix systems (#14866) 2022-10-11 08:38:05 -05:00
allochealth 2 small data race fixes in logmon and check tests (#14538) 2022-09-13 12:54:06 -07:00
allocrunner client: sandbox go-getter subprocess with landlock (#15328) 2022-12-07 16:02:25 -06:00
allocwatcher test: use `T.TempDir` to create temporary test directory (#12853) 2022-05-12 11:42:40 -04:00
config client: sandbox go-getter subprocess with landlock (#15328) 2022-12-07 16:02:25 -06:00
consul Merge branch 'main' into f-1.3-boogie-nights 2022-03-23 09:41:25 +01:00
devicemanager cleanup: replace TypeToPtr helper methods with pointer.Of (#14151) 2022-08-17 18:26:34 +02:00
dynamicplugins build: run gofmt on all go source files 2022-08-16 11:14:11 -05:00
fingerprint client: sandbox go-getter subprocess with landlock (#15328) 2022-12-07 16:02:25 -06:00
interfaces client: sandbox go-getter subprocess with landlock (#15328) 2022-12-07 16:02:25 -06:00
lib client: ensure minimal cgroup controllers enabled (#15027) 2022-10-24 16:08:54 -05:00
logmon 2 small data race fixes in logmon and check tests (#14538) 2022-09-13 12:54:06 -07:00
pluginmanager cleanup more helper updates (#14638) 2022-09-21 14:53:25 -05:00
servers feat: remove dependency to consul/lib 2022-04-09 13:22:44 +02:00
serviceregistration Fix missing host header in http check (#15337) 2022-11-23 08:58:13 -05:00
state cleanup more helper updates (#14638) 2022-09-21 14:53:25 -05:00
stats ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
structs client: add support for checks in nomad services 2022-07-12 17:09:50 -05:00
taskenv connect: interpolate task env in config values (#14445) 2022-09-02 15:00:28 -04:00
testutil client: cgroups v2 code review followup 2022-03-24 13:40:42 -05:00
vaultclient ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
acl.go acl: correctly resolve ACL roles within client cache. (#14922) 2022-10-20 09:37:32 +02:00
acl_test.go acl: correctly resolve ACL roles within client cache. (#14922) 2022-10-20 09:37:32 +02:00
agent_endpoint.go client: fix data races in config handling (#14139) 2022-08-18 16:32:04 -07:00
agent_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
alloc_endpoint.go Task lifecycle restart (#14127) 2022-08-24 17:43:07 -04:00
alloc_endpoint_test.go Task lifecycle restart (#14127) 2022-08-24 17:43:07 -04:00
alloc_watcher_e2e_test.go job_hooks: add implicit constraint when using Consul for services. (#12602) 2022-04-20 14:09:13 +02:00
client.go client: sandbox go-getter subprocess with landlock (#15328) 2022-12-07 16:02:25 -06:00
client_stats_endpoint.go Server side impl + touch ups 2018-02-15 13:59:02 -08:00
client_stats_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
client_test.go api: remove `mapstructure` tags from`Port` struct (#12916) 2022-11-08 11:26:28 +01:00
csi_endpoint.go CSI: allow updates to volumes on re-registration (#12167) 2022-03-07 11:06:59 -05:00
csi_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
driver_manager_test.go client: fix data races in config handling (#14139) 2022-08-18 16:32:04 -07:00
enterprise_client_oss.go gofmt all the files 2021-10-01 10:14:28 -04:00
fingerprint_manager.go fingerprint: lengthen Vault check after seen (#14693) 2022-09-26 12:14:19 -07:00
fingerprint_manager_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
fs_endpoint.go cleanup: replace TypeToPtr helper methods with pointer.Of (#14151) 2022-08-17 18:26:34 +02:00
fs_endpoint_test.go raw_exec: make raw exec driver work with cgroups v2 2022-04-04 16:11:38 -05:00
gc.go chore: fix incorrect docstring formatting. 2021-08-30 11:08:12 +02:00
gc_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
heartbeatstop.go client: fix race in heartbeat tracker (#14119) 2022-08-16 09:41:08 -07:00
heartbeatstop_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
node_updater.go fix: batchFirstFingerprints does not update device on node after v1.3.5 (#15125) 2022-11-03 16:31:39 -05:00
rpc.go client: retry RPC call when no server is available (#15140) 2022-11-04 14:09:39 -04:00
rpc_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
testing.go client: fix data races in config handling (#14139) 2022-08-18 16:32:04 -07:00
util.go Revert "client: defensive against getting stale alloc updates" 2020-06-19 15:39:44 -04:00