use unshare to enforce networkAccess: false when not running in a container

[tom-tan]

I guess users expect that networkAccess: false can restrict tools to access network but cwltool does not.

Currently I am not sure it is really the issue because the spec only says:

If networkAccess is false or not specified, tools must not assume network access, except for localhost (the loopback device).

That is,

• this behavior is valid because the spec only requests tools not to assume network access but does not request platforms to restrict network access for tools
• users expect that networkAccess: false can restrict tools to access network, I guess
• I am not sure there is a reasonable way to restrict network access if the tool is not in a container

What do you think about it?

How to reproduce

$ cwltool curl.cwl

Expected Behavior

It fails because curl needs network but networkAccess: false is specified.

Actual Behavior

It does not fail.

$ cwltool curl.cwl
INFO /opt/homebrew/bin/cwltool 3.1.20220830195442
INFO Resolved 'curl.cwl' to 'file:///Users/tanjo/tmp/net/curl.cwl'
INFO [job curl.cwl] /private/tmp/docker_tmpz4hne9ck$ curl \
    -fsS \
    https://www.commonwl.org/v1.2/index.html > /private/tmp/docker_tmpz4hne9ck/index.html
INFO [job curl.cwl] completed success
{
    "out": {
        "location": "file:///Users/tanjo/tmp/net/index.html",
        "basename": "index.html",
        "class": "File",
        "checksum": "sha1$4a7d4583b995e2fb27980ddc4ce4a9e1b4ed3952",
        "size": 6525,
        "path": "/Users/tanjo/tmp/net/index.html"
    }
}
INFO Final process status is success

Workflow Code

#!/usr/bin/env cwl-runner

requirements:
  NetworkAccess:
    networkAccess: false

class: CommandLineTool
cwlVersion: v1.2
baseCommand: curl
arguments:
  - -fsS
  - $(inputs.fsS)
inputs:
  - id: fsS
    type: string
    default: https://www.commonwl.org/v1.2/index.html
outputs:
  - id: out
    type: stdout
stdout: index.html

Full Traceback

No exceptions.

Your Environment

• cwltool version:

$ cwltool --version
/opt/homebrew/bin/cwltool 3.1.20220830195442

[kinow]

I think the networkAccess is just a flag that tools or job steps can use to handle when the workflow is executed in a restricted environment, but doesn't mean the network connectivity will be disabled.

I guess the specification could be improved to be more clear, and say something like “networkAccess does not prevent tools from accessing network, it is merely an indication ...”

[mr-c]

https://man7.org/linux/man-pages/man1/unshare.1.html can be an option on some Linux systems ( from https://unix.stackexchange.com/a/83348 ; may require root access or setuid binary)

Another option can be to set HTTP_PROXY to a valid but non functional value. But using that is optional and won't catch non-http(s) network usage

We could also use https://firejail.wordpress.com/ if it is already installed

But perhaps the best solution is to issue a warning if there is no container and this hint/requirement is present

[kinow]

We could also use https://firejail.wordpress.com/ if it is already installed

Ah didn't think about that, but I'm using it for Zoom and other apps I don't trust but have no choice but to use it.

But perhaps the best solution is to issue a warning if there is no container and this hint/requirement is present

+1

[mr-c]

unshare --user --net wget https://www.google.com/ works on my system without needing sudo. On Debian systems, unshare is part of the util-linux package which is marked Essential (so it is guaranteed to always be installed)

So I recommend that we add support for unshare to cwltool when networkAccess: false and there is no container specified (or --no-container is used), and a fallback warning if it is unavailable.

[kinow]

No objections from me, sounds like an interesting feature to test in the reference runner. 👍

[jmfernandez]

If you want to support more than one alternative, you can also have a look at bwrap. As it is a bit more complicated than unshare, you can find some common use cases => https://wiki.archlinux.org/title/Bubblewrap

[tetron]

It doesn't use unshare because I wasn't familiar with it when I wrote that part of cwltool. I was mainly thinking about how you can enable/disable network access for Docker containers. I have no objections to using unshare, it sounds like a good idea.

Bubblewrap is also interesting, I glanced at it and it looks like you can basically create ad-hoc isolated environments where you get to decide what is shared and what isn't?

[kinow]

Tested both bwrap and unshare, successfully failed to execute ping with both tools 😅

With bwrap:

kinow@ranma:~/Development/python/workspace/lukasa$ bwrap --ro-bind / / --unshare-net ping google.com
kinow@ranma:~/Development/python/workspace/lukasa$ echo $?
2

And unshare:

kinow@ranma:~/Development/python/workspace/lukasa$ unshare -r -n ping google.com
ping: google.com: Temporary failure in name resolution
kinow@ranma:~/Development/python/workspace/lukasa$ echo $?
2