106 landlock

[mzihlmann]

Description

Experimental branch to play around with landlock, at the moment it is working as expected but not really usable as it breaks in most real world dockerfiles.

The goal is to restrict malicious RUN statements from accessing /kaniko directory, where we currently store registry-credentials and other secrets.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

• Includes unit tests
• Adds integration tests if needed.

See the contribution guide for more details.

Reviewer Notes

• The code flow looks good.
• Unit tests and or integration tests added.

Release Notes

Describe any changes here so maintainer can include it in the release notes, or delete this block.

Examples of user facing changes:
- kaniko adds a new flag `--registry-repo` to override registry

[mzihlmann]

The problem is that landlock doesn't like rename and I can't teach apt to not use it:

INFO[0003] Running: [/kaniko/runner /bin/sh -c apt-get update     && mkdir -p /var/lib/apt/lists/     && apt-get install -y curl     && rm -rf /var/lib/apt/lists/*] 
time="2025-09-09T20:58:49Z" level=warning msg="landlocked paths: [/boot /busybox /dev /etc /home /media /mnt /opt /proc /root /run /srv /sys /tmp /usr /var /workspace]"
Get:1 http://archive.ubuntu.com/ubuntu noble InRelease [256 kB]
Get:2 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]
Get:3 http://archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
Get:4 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Packages [23.0 kB]
Get:5 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Packages [1135 kB]
Get:6 http://archive.ubuntu.com/ubuntu noble-backports InRelease [126 kB]
Get:7 http://archive.ubuntu.com/ubuntu noble/multiverse amd64 Packages [331 kB]
Get:8 http://archive.ubuntu.com/ubuntu noble/restricted amd64 Packages [117 kB]
Get:9 http://archive.ubuntu.com/ubuntu noble/universe amd64 Packages [19.3 MB]
Get:10 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages [1408 kB]
Get:11 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Packages [2159 kB]
Get:12 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages [1808 kB]
Get:13 http://archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 Packages [45.2 kB]
Get:14 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages [1918 kB]
Get:15 http://archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Packages [2269 kB]
Get:16 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages [1761 kB]
Get:17 http://archive.ubuntu.com/ubuntu noble-backports/main amd64 Packages [48.8 kB]
Get:18 http://archive.ubuntu.com/ubuntu noble-backports/universe amd64 Packages [35.6 kB]
Fetched 33.0 MB in 3s (10.1 MB/s)
Reading package lists...
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/noble/InRelease  rename failed, Invalid cross-device link (/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_noble_InRelease -> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble_InRelease).
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/noble-updates/InRelease  rename failed, Invalid cross-device link (/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_noble-updates_InRelease -> /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble-updates_InRelease).

[mzihlmann]

looks like blacklisting is already in their pipeline landlock-lsm/linux#28

[mzihlmann]

hmmm looks like creating a wrapper thread is actually enough landlock-lsm/linux#2