diff --git a/containers/agent/seccomp-profile.json b/containers/agent/seccomp-profile.json index b6a35e7..4c3cda6 100644 --- a/containers/agent/seccomp-profile.json +++ b/containers/agent/seccomp-profile.json @@ -6,6 +6,16 @@ "SCMP_ARCH_AARCH64" ], "syscalls": [ + { + "names": [ + "ptrace", + "process_vm_readv", + "process_vm_writev" + ], + "action": "SCMP_ACT_ERRNO", + "errnoRet": 1, + "comment": "Block process inspection/modification" + }, { "names": [ "kexec_load", diff --git a/src/docker-manager.test.ts b/src/docker-manager.test.ts index 9ba81e5..f8ba9e4 100644 --- a/src/docker-manager.test.ts +++ b/src/docker-manager.test.ts @@ -189,6 +189,9 @@ describe('docker-manager', () => { // Verify seccomp profile is configured expect(agent.security_opt).toContain('seccomp=/tmp/awf-test/seccomp-profile.json'); + // Verify no-new-privileges is enabled to prevent privilege escalation + expect(agent.security_opt).toContain('no-new-privileges:true'); + // Verify resource limits expect(agent.mem_limit).toBe('4g'); expect(agent.memswap_limit).toBe('4g'); diff --git a/src/docker-manager.ts b/src/docker-manager.ts index 31b1e00..b427587 100644 --- a/src/docker-manager.ts +++ b/src/docker-manager.ts @@ -313,8 +313,11 @@ export function generateDockerCompose( 'SYS_RAWIO', // Prevents raw I/O access 'MKNOD', // Prevents device node creation ], - // Apply seccomp profile to restrict dangerous syscalls - security_opt: [`seccomp=${config.workDir}/seccomp-profile.json`], + // Apply seccomp profile and no-new-privileges to restrict dangerous syscalls and prevent privilege escalation + security_opt: [ + 'no-new-privileges:true', + `seccomp=${config.workDir}/seccomp-profile.json`, + ], // Resource limits to prevent DoS attacks (conservative defaults) mem_limit: '4g', // 4GB memory limit memswap_limit: '4g', // No swap (same as mem_limit)