Configuring Seccomp profiles for the Anjuna Nitro Launcher

The Anjuna Nitro Runtime relies on vsock (VM sockets) to communicate with enclaves. In restricted environments, vsock operations might be blocked by policies, such as the default Kubernetes Seccomp profile.

In this type of scenario, the default Seccomp profile is not compatible with the Anjuna Nitro Runtime. You must either disable Seccomp or use a custom profile.

You can configure Seccomp profiles for the Anjuna Kubernetes Toolset for AWS EKS via the Helm chart parameter launcherPodSecurityContext, which takes a standard v1.PodSecurityContext Kubernetes field.

This setting will not affect Pods that do not run with Anjuna. Existing Anjuna Confidential Pods need to be restarted for the changes to take effect.

The Seccomp profile applies to the Anjuna Nitro Launcher component, not to the application running inside of the enclave. The enclave is a restricted environment, and the Anjuna Nitro Runtime provides mechanisms to ensure its behavior is correct.

Using a custom Seccomp profile

To use a custom Seccomp profile, you need to first deploy the profile to all worker Nodes that run Anjuna Confidential Pods, as described below.

Deploying a Seccomp profile

This section assumes that you are a Cluster Administrator and have the following:

  • SSH access to the worker Nodes

  • Permissions to install the Anjuna Kubernetes Toolset for AWS EKS to the cluster

To deploy a Seccomp profile to the worker Nodes, you need to SSH into each Node and place the custom profile under /var/lib/kubelet/seccomp/profiles. This operation can be automated via projects such as the Security Profiles Operator.

Currently, the default Seccomp profile that ships with Docker and containers excludes vsock operations. This profile can be changed to allow vsock operations while still enforcing all the other restrictions, as illustrated in the diff below:

       "names": [
               "socket"
       ],
<      "action": "SCMP_ACT_ALLOW",
<      "args": [
<              {
<                      "index": 0,
<                      "value": 40,
<                      "op": "SCMP_CMP_NE"
<              }
<      ]
---
       "names": [
               "socket"
       ],
>      "action": "SCMP_ACT_ALLOW"

The full updated example is available here, and can be added to your worker Nodes as /var/lib/kubelet/seccomp/profiles/anjuna.json.

You can also take this example as a starting point and write a fine-grained profile that matches your use case.

Using a custom Seccomp profile

Once the custom profile is deployed to your worker Nodes, you can set it as the default for the Anjuna Nitro Launcher Pod, by setting the parameter in your Helm chart values.yaml file. The example below assumes that the profile was added to /var/lib/kubelet/seccomp/profiles/anjuna.json:

# values.yaml
launcherPodSecurityContext:
  seccompProfile:
    type: Localhost
    localhostProfile: profiles/anjuna.json

This will ensure that all new Anjuna Nitro Launcher Pods use the custom Seccomp profile that you installed to worker Nodes under /var/lib/kubelet/seccomp/profiles/anjuna.json.

This is the recommended way of configuring a custom Seccomp profile for the Anjuna Nitro Launcher Pod.

Alternatively, if you cannot configure the Anjuna Kubernetes Toolset for AWS EKS or the cluster Nodes, you can configure the Seccomp profile directly from each Pod specification. Configure the Seccomp profile by setting the nitro.k8s.anjuna.io/launcherPodSecurityContext annotation to a JSON string that contains a valid Launcher PodSecurityContext field:

kind: Pod
spec:
  name: my-application
  metadata:
    labels:
      nitro.k8s.anjuna.io/managed: "yes"
    annotations:
      nitro.k8s.anjuna.io/launcherPodSecurityContext: '{"seccompProfile": {"type": "Localhost", "localhostProfile": "profiles/anjuna.json"}}'

If an invalid security context is provided via the annotation, the Pod creation will fail.

Disabling Seccomp

Disabling Seccomp might not be allowed or recommended by your organization.

To disable Seccomp for the Anjuna Nitro Launcher, set the parameter in your Helm chart values.yaml file:

# values.yaml
launcherPodSecurityContext:
  seccompProfile:
    type: Unconfined

This is the recommended way of disabling Seccomp for the Anjuna Nitro Launcher Pod.

Alternatively, if you cannot configure the Anjuna Kubernetes Toolset for AWS EKS or the cluster Nodes, you can configure the Seccomp profile directly from each Pod specification. Configure the Seccomp profile by setting the nitro.k8s.anjuna.io/launcherPodSecurityContext annotation to a JSON string that contains a valid Launcher PodSecurityContext field:

kind: Pod
spec:
  name: my-application
  metadata:
    labels:
      nitro.k8s.anjuna.io/managed: "yes"
    annotations:
      nitro.k8s.anjuna.io/launcherPodSecurityContext: '{"seccompProfile": {"type": "Unconfined"}}'

If an invalid security context is provided via the annotation, the Pod creation will fail.