Module polkadot_node_core_pvf_common::worker::security
source · Expand description
Functionality for securing workers.
This is needed because workers are used to compile and execute untrusted code (PVFs).
We currently employ the following security measures:
- Restrict filesystem
- Use Landlock to remove all unnecessary FS access rights.
- Unshare the user and mount namespaces.
- Change the root directory to a worker-specific temporary directory.
- Restrict networking by blocking socket creation and io_uring.
- Remove env vars
Modules§
- Functionality for securing workers by unsharing some namespaces from other processes and changing the root.
- Functionality for securing the job processes spawned by the workers using
clone
. If unsupported, falls back tofork
. - The landlock docs say it best:
- Functionality for sandboxing workers by restricting their capabilities by blocking certain syscalls with seccomp.
Functions§
- Require env vars to have been removed when spawning the process, to prevent malicious code from accessing them.