On Fri, 22 Aug 2025 at 08:53, Thorsten Glaser <[email protected]> wrote: > I acquired the image quay.io/ansible-community/test-image:debian-13-trixie > which is basically a trixie with some things preinstalled so it can be used > for testing Ansible collections. > > When I run the latter… > > $ ansible-test integration --docker > quay.io/ansible-community/test-image:debian-13-trixie --python 3.13 > --docker-privileged -v $mytestname > > … I get messages from the systemd running inside the image (!) in my host > kernel log (dmesg) (!), and it switches X11 off temporarily (!!!!). > > I probably need to explain the latter. I normally log in on the emulated > text console, then do things like start the network (select the WLAN to > use), then run “exec startx”. This makes it so that when I press Ctrl-Alt-F2 > it switches to the second text console, and Ctrl-Alt-F1 switches back to > the first one which X11 is now overlaying (used to be that startx runs the > X server on Ctrl-Alt-F7 instead and Ctrl-Alt-F1 showed the X server’s output). > > When I start these tests, the text console “below” the X server is shown. > I switch to Ctrl-Alt-F2 and back to Ctrl-Alt-F1 and get my X session back, > but this is… majorly confusing. > > If I run… > > $ docker run --privileged --rm -it > quay.io/ansible-community/test-image:debian-13-trixie > > … I get more systemd logs in my host syslog, even about things like it > changing sysctls like kernel.core_pattern. > > I’m not sure what the exact amount of bleed-through (isolation failure) is, > as I’m not normally a Docker user and no kernel or container expert, but > this is definitely something someone ought to look into. If it’s not an > exploitable issue (other than syslog/klog spoofing), feel free to downgrade > severity. > > FWIW, without --privileged I just get… > > | Failed to set RLIMIT_CORE: Operation not permitted > | Failed to mount tmpfs (type tmpfs) on /run > (MS_NOSUID|MS_NODEV|MS_STRICTATIME "mode=0755,size=20%,nr_inodes=800k"): > Operation not permitted > | [!!!!!!] Failed to mount API filesystems. > | Exiting PID 1... > > … but in my (admittedly limited) exposure to Docker on buster/bullseye > I’ve never seen things like that happen even with it.
While unfortunate, this is definitely "working as designed" -- the way I'd describe the "--privileged" flag you're using in this context is "please, Docker, remove ALL security/isolation" and as such it's not only expected that the container can muck with the host, but a core feature / the core purpose of the flag. See also https://docs.docker.com/engine/containers/run/#runtime-privilege-and-linux-capabilities: > The --privileged flag gives all capabilities to the container. When the > operator executes docker run --privileged, Docker enables access to all > devices on the host, and reconfigures AppArmor or SELinux to allow the > container nearly all the same access to the host as processes running outside > containers on the host. Use this flag with caution. You very, very certainly want a more specific set of "--cap-add" and "--device" flags if you want even a semblance of security in your deployment. ♥, - Tianon 4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
