Running with bypass4netns on kubernetes docker in docker

[dcarrion87]

I've been having a read of https://pibvt.net/IPSJ-OS22156009.pdf and trying to understand how we can implement bypass4netns into our existing Kubernetes based docker in docker implementation.

I'm not entirely sure where this would need to run. We currently launch rootless docker in docker host using: https://github.com/harrison-ai/cobalt-docker-rootless-nvidia-dind/blob/main/entrypoint.sh.

Would we run bypass4net inside that container or on the underlying host itself, presenting the socket all the way through?

Ideally we could run it in the container and pass through a seccomp profile and keep it all. but I fear that bypass4net needs to actually listen on the host itself?

[dcarrion87]

@AkihiroSuda would be great to get your thoughts on this one.

[AkihiroSuda]

Didn't try your script but it should work in a container

[dcarrion87]

@AkihiroSuda thanks for the response.

All good I absolutely do not expect you to run it. At the moment just trying to get an understanding of what may / may not work.

At the moment we run it like this:

[ kubernetes host ] -> [ dind host container ] -> [ docker in docker containers kicked off by users]

Is it possible to run the bypass4net seccomp agent in the "dind host container" such that when users kick off those docker in docker containers with the appropriate seccomp profile the syscalls are intercepted by bypass4net listening in the host container under those constraints.

Or does bypass4net need to run on the kubernetes host and the socket presented all the way through to the dind container.

I am attempting to run in container at the moment and the calls don't seem to be coming through and it hangs on load if I have a notify rule in the seccomp profile.

[dcarrion87]

@AkihiroSuda any more thoughts with more info provided in #37 (comment) ?

[dcarrion87]

Hi @AkihiroSuda just checking if you have any more thoughts. We cannot get this feature to work.

[AkihiroSuda]

Is it possible to run the bypass4net seccomp agent in the "dind host container" such that when users kick off those docker in docker containers with the appropriate seccomp profile the syscalls are intercepted by bypass4net listening in the host container under those constraints.

Probably yes, but didn't try by myself