Update Network Permissions At Runtime (#1528)

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Add a runtime API to update a sandbox’s network permissions without
restart. Supports blocking all egress or setting an allowlist; exposed
ports remain accessible.

- **New Features**
- PodService: SandboxUpdateNetworkPermissions (gRPC + HTTP POST
/pods/{containerId}/network/update).
- Worker: ContainerSandboxUpdateNetworkPermissions applies new
iptables/IPv6 rules in place.
- Python SDK: sandbox.update_network_permissions(block_network,
allow_list).
  - Updated OpenAPI, protos, gateway, and container client.

<sup>Written for commit 8ab7e1f.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

Author: cooper-grc

docs/openapi/pod.swagger.json

@@ -535,6 +535,44 @@
         ]
       }
     },
+    "/pods/{containerId}/network/update": {
+      "post": {
+        "operationId": "PodService_SandboxUpdateNetworkPermissions",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/podPodSandboxUpdateNetworkPermissionsResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/rpcStatus"
+            }
+          }
+        },
+        "parameters": [
+          {
+            "name": "containerId",
+            "in": "path",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/PodServiceSandboxUpdateNetworkPermissionsBody"
+            }
+          }
+        ],
+        "tags": [
+          "PodService"
+        ]
+      }
+    },
     "/pods/{containerId}/ports/expose": {
       "post": {
         "operationId": "PodService_SandboxExposePort",
@@ -916,6 +954,23 @@
         }
       }
     },
+    "PodServiceSandboxUpdateNetworkPermissionsBody": {
+      "type": "object",
+      "properties": {
+        "stubId": {
+          "type": "string"
+        },
+        "blockNetwork": {
+          "type": "boolean"
+        },
+        "allowList": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      }
+    },
     "PodServiceSandboxUpdateTTLBody": {
       "type": "object",
       "properties": {
@@ -1277,6 +1332,17 @@
         }
       }
     },
+    "podPodSandboxUpdateNetworkPermissionsResponse": {
+      "type": "object",
+      "properties": {
+        "ok": {
+          "type": "boolean"
+        },
+        "errorMsg": {
+          "type": "string"
+        }
+      }
+    },
     "podPodSandboxUpdateTTLResponse": {
       "type": "object",
       "properties": {

pkg/abstractions/pod/pod.proto

@@ -101,6 +101,13 @@ service PodService {
       body : "*"
     };
   }
+  rpc SandboxUpdateNetworkPermissions(PodSandboxUpdateNetworkPermissionsRequest)
+      returns (PodSandboxUpdateNetworkPermissionsResponse) {
+    option (google.api.http) = {
+      post : "/pods/{container_id}/network/update"
+      body : "*"
+    };
+  }
   rpc SandboxReplaceInFiles(PodSandboxReplaceInFilesRequest)
       returns (PodSandboxReplaceInFilesResponse) {
     option (google.api.http) = {
@@ -333,6 +340,18 @@ message PodSandboxExposePortResponse {
   string error_msg = 3;
 }
 
+message PodSandboxUpdateNetworkPermissionsRequest {
+  string container_id = 1;
+  string stub_id = 2;
+  bool block_network = 3;
+  repeated string allow_list = 4;
+}
+
+message PodSandboxUpdateNetworkPermissionsResponse {
+  bool ok = 1;
+  string error_msg = 2;
+}
+
 message PodSandboxFindInFilesRequest {
   string container_id = 1;
   string container_path = 2;

pkg/abstractions/pod/sandbox.go

@@ -346,6 +346,31 @@ func (s *GenericPodService) SandboxExposePort(ctx context.Context, in *pb.PodSan
 	}, nil
 }
 
+func (s *GenericPodService) SandboxUpdateNetworkPermissions(ctx context.Context, in *pb.PodSandboxUpdateNetworkPermissionsRequest) (*pb.PodSandboxUpdateNetworkPermissionsResponse, error) {
+	authInfo, _ := auth.AuthInfoFromContext(ctx)
+
+	client, _, err := s.getClient(ctx, in.ContainerId, authInfo.Token.Key, authInfo.Workspace.ExternalId)
+	if err != nil {
+		return &pb.PodSandboxUpdateNetworkPermissionsResponse{
+			Ok:       false,
+			ErrorMsg: "Failed to connect to sandbox",
+		}, nil
+	}
+
+	resp, err := client.SandboxUpdateNetworkPermissions(in.ContainerId, in.BlockNetwork, in.AllowList)
+	if err != nil {
+		return &pb.PodSandboxUpdateNetworkPermissionsResponse{
+			Ok:       false,
+			ErrorMsg: "Failed to update network permissions",
+		}, nil
+	}
+
+	return &pb.PodSandboxUpdateNetworkPermissionsResponse{
+		Ok:       resp.Ok,
+		ErrorMsg: resp.ErrorMsg,
+	}, nil
+}
+
 func (s *GenericPodService) SandboxStatFile(ctx context.Context, in *pb.PodSandboxStatFileRequest) (*pb.PodSandboxStatFileResponse, error) {
 	authInfo, _ := auth.AuthInfoFromContext(ctx)
 

pkg/common/container_client.go

@@ -233,6 +233,18 @@ func (c *ContainerClient) SandboxExposePort(containerId string, port int32) (*pb
 	return resp, nil
 }
 
+func (c *ContainerClient) SandboxUpdateNetworkPermissions(containerId string, blockNetwork bool, allowList []string) (*pb.ContainerSandboxUpdateNetworkPermissionsResponse, error) {
+	resp, err := c.client.ContainerSandboxUpdateNetworkPermissions(context.TODO(), &pb.ContainerSandboxUpdateNetworkPermissionsRequest{
+		ContainerId:  containerId,
+		BlockNetwork: blockNetwork,
+		AllowList:    allowList,
+	})
+	if err != nil {
+		return resp, err
+	}
+	return resp, nil
+}
+
 func (c *ContainerClient) Kill(containerId string) (*pb.ContainerKillResponse, error) {
 	resp, err := c.client.ContainerKill(context.TODO(), &pb.ContainerKillRequest{ContainerId: containerId})
 	if err != nil {

pkg/worker/container_server.go

@@ -1022,6 +1022,35 @@ func (s *ContainerRuntimeServer) ContainerSandboxExposePort(ctx context.Context,
 	return &pb.ContainerSandboxExposePortResponse{Ok: setAddressMapResponse.Ok}, err
 }
 
+func (s *ContainerRuntimeServer) ContainerSandboxUpdateNetworkPermissions(ctx context.Context, in *pb.ContainerSandboxUpdateNetworkPermissionsRequest) (*pb.ContainerSandboxUpdateNetworkPermissionsResponse, error) {
+	_, exists := s.containerInstances.Get(in.ContainerId)
+	if !exists {
+		return &pb.ContainerSandboxUpdateNetworkPermissionsResponse{Ok: false, ErrorMsg: "Container not found"}, nil
+	}
+
+	err := s.waitForContainer(ctx, in.ContainerId)
+	if err != nil {
+		return &pb.ContainerSandboxUpdateNetworkPermissionsResponse{Ok: false, ErrorMsg: err.Error()}, nil
+	}
+
+	// Create a container request with the new network permissions
+	request := &types.ContainerRequest{
+		BlockNetwork: in.BlockNetwork,
+		AllowList:    in.AllowList,
+	}
+
+	// Update network permissions via the network manager
+	err = s.containerNetworkManager.UpdateNetworkPermissions(in.ContainerId, request)
+	if err != nil {
+		log.Error().Str("container_id", in.ContainerId).Msgf("failed to update network permissions: %v", err)
+		return &pb.ContainerSandboxUpdateNetworkPermissionsResponse{Ok: false, ErrorMsg: err.Error()}, nil
+	}
+
+	log.Info().Str("container_id", in.ContainerId).Msgf("updated network permissions: block_network=%v, allow_list=%v", in.BlockNetwork, in.AllowList)
+
+	return &pb.ContainerSandboxUpdateNetworkPermissionsResponse{Ok: true}, nil
+}
+
 func (s *ContainerRuntimeServer) ContainerSandboxReplaceInFiles(ctx context.Context, in *pb.ContainerSandboxReplaceInFilesRequest) (*pb.ContainerSandboxReplaceInFilesResponse, error) {
 	instance, exists := s.containerInstances.Get(in.ContainerId)
 	if !exists {

pkg/worker/network.go

@@ -806,6 +806,75 @@ func (m *ContainerNetworkManager) ExposePort(containerId string, hostPort, conta
 	return nil
 }
 
+func (m *ContainerNetworkManager) UpdateNetworkPermissions(containerId string, request *types.ContainerRequest) error {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	info, err := getContainerNetworkInfo(m.ctx, m.workerRepoClient, m.networkPrefix, containerId, m.ipt6 != nil)
+	if err != nil {
+		return err
+	}
+
+	// Remove existing restriction rules (search by comment tag)
+	if err := m.removeNetworkRestrictionRules(info.ContainerIp, m.ipt); err != nil {
+		return err
+	}
+
+	if m.ipt6 != nil && info.ContainerIpv6 != "" {
+		if err := m.removeNetworkRestrictionRules(info.ContainerIpv6, m.ipt6); err != nil {
+			return err
+		}
+	}
+
+	// Apply new rules
+	if len(request.AllowList) > 0 {
+		if err := m.setupAllowList(containerId, request, request.AllowList); err != nil {
+			return err
+		}
+	} else if request.BlockNetwork {
+		if err := m.setupBlockNetwork(containerId, request); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ContainerNetworkManager) removeNetworkRestrictionRules(ip string, ipt *iptables.IPTables) error {
+	// Similar to removeIPTablesRules but only remove DROP/ACCEPT rules
+	// Preserve DNAT rules (exposed ports) and other infrastructure rules
+	tables := []string{"filter"}
+	for _, table := range tables {
+		chains := []string{"PREROUTING", "FORWARD"}
+
+		for _, chain := range chains {
+			// List rules in the chain
+			rules, err := ipt.List(table, chain)
+			if err != nil {
+				continue
+			}
+
+			for _, rule := range rules {
+				if strings.Contains(rule, ip) {
+					if strings.Contains(rule, "DROP") || strings.Contains(rule, "ACCEPT") {
+						parts := strings.Fields(rule)
+
+						// Remove any double quotes
+						for i, part := range parts {
+							parts[i] = strings.ReplaceAll(part, `"`, "")
+						}
+
+						if err := ipt.Delete(table, chain, parts[2:]...); err != nil {
+							return err
+						}
+					}
+				}
+			}
+		}
+	}
+	return nil
+}
+
 // getRandomFreePort chooses a random free port
 func getRandomFreePort() (int, error) {
 	addr, err := net.ResolveTCPAddr("tcp", "localhost:0")

pkg/worker/worker.proto

@@ -42,6 +42,8 @@ service ContainerService {
       returns (ContainerSandboxDeleteDirectoryResponse) {}
   rpc ContainerSandboxExposePort(ContainerSandboxExposePortRequest)
       returns (ContainerSandboxExposePortResponse) {}
+  rpc ContainerSandboxUpdateNetworkPermissions(ContainerSandboxUpdateNetworkPermissionsRequest)
+      returns (ContainerSandboxUpdateNetworkPermissionsResponse) {}
   rpc ContainerSandboxReplaceInFiles(ContainerSandboxReplaceInFilesRequest)
       returns (ContainerSandboxReplaceInFilesResponse) {}
   rpc ContainerSandboxFindInFiles(ContainerSandboxFindInFilesRequest)
@@ -278,3 +280,14 @@ message ContainerSandboxListProcessesResponse {
   string error_msg = 2;
   repeated types.ProcessInfo processes = 3;
 }
+
+message ContainerSandboxUpdateNetworkPermissionsRequest {
+  string container_id = 1;
+  bool block_network = 2;
+  repeated string allow_list = 3;
+}
+
+message ContainerSandboxUpdateNetworkPermissionsResponse {
+  bool ok = 1;
+  string error_msg = 2;
+}